By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AL2023 Security notices: how to see?

0

When logging-in to my AL2023 instance, I see this message:

Updates Information Summary: available
    6 Security notice(s)
        2 Important Security notice(s)
        4 Medium Security notice(s)

But I can't find any documentation on where to see these notices! Both dnf check-update and dnf updateinfo show nothing (i.e. everything is up-to-date).

How can I read these notices?

Topics
ComputeAWS Well-Architected Framework
Tags
Amazon EC2SecurityAmazon Linux 2023
Language
English
RisioMurman
asked a year ago1.3K views
3 Answers
0

To access and read these security notices, you can use the yum command with the security plugin. Here are the steps you can follow:

Install the yum-plugin-security:    sudo dnf install yum-plugin-security
Update the Security Information Database:   sudo yum --security check-update
List Available Security Notices: sudo yum updateinfo list security all
This command will display a list of available security notices, including their IDs and severity levels
Display Details for Specific Notice ID: - sudo yum updateinfo info --sec-severity=Important --sec-severity=Medium <security_notice_id>

Replace <security_notice_id> with the specific notice ID you want to read. This command will provide detailed information about that security notice.

Please note that the security plugin for yum provides access to Red Hat security data, and the commands above assume that the AL2023 instance follows similar conventions. If you are using a different distribution or there are specific configurations for AL2023, you may need to refer to the documentation provided by the distribution or contact support for guidance (https://docs.aws.amazon.com/linux/al2023/ug/security-features.html)

Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)

profile picture
EXPERT
Adeleke Adebowale Julius
answered a year ago
0

If you look at the Managing packages and operating system updates section of the AL2023 User Guide you can see how to move what version of the repositories you are pinned to. This is part of our Deterministic Updates through Versioned Repositories feature, making it significantly easier to incorporate OS updates into your CI/CD system.

Stewart Smith
answered a year ago
0

Same question here. Thanks for A_J for some answers, however there are several issues:

  • Why do we see notices for packages that we are not using? In my case I see notices for nginx 1.24. Yes it is part of AL2023 packages, but I did not install it since it is EOL anyway (another issue by itself). I installed nginx from the main nginx repo (Stable = 1.26 on 6/10/2024). These notices are just noise at this point.

  • Once we look at the details, the notices do not disappear. How can we clear them from showing at each login?

  • Minor: 'sudo dnf install yum-plugin-security' does not work for me on AL2023. But it is not needed. The other commands work just fine.

  • Minor: To display the details of one notice, the command is simply: 'sudo yum updateinfo info ALAS2023-2023-393' (or use whatever notice id).

Cheers

thelliez
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content