Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated, how to best resolve this

0

As part of the System Penetration results, customer was advised that the versions of Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated and need to be updated to the latest version as they are vulnerable to several security vulnerabilities that might lead to system compromise according to penetration test outcomes. However, customer's Managed Service Partner advised that these versions that come with RedHat package updates are the latest ones that are compatible with the version of RedHat Kernel, and it would not be a good idea to manually upgrade these to the mainstream versions.

The customer would like to know the best way to resolve this issue?

Tópicos
ComputaçãoSegurança, identidade e conformidadeAWS Well-Architected Framework
Tags
Provisionamento do LinuxSegurança, identidade e conformidadeAmazon EC2Segurança
Idioma
English
AWS
AWS-User-5177782
feita há 2 anos272 visualizações
1 Resposta
0

I would snapshot the existing instance, spin up a new instance with that snapshot, and then upgrade the packages. Then test.

If you are behind a ALB, you could create a canary with the updated package and use weighted target groups to send a small amount of traffic to the canary.

profile pictureAWS
ESPECIALISTA
kentrad
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante