By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated, how to best resolve this

0

As part of the System Penetration results, customer was advised that the versions of Apache and OpenSSL running on its EC2 instances bundled with RedHat Linux 8 are outdated and need to be updated to the latest version as they are vulnerable to several security vulnerabilities that might lead to system compromise according to penetration test outcomes. However, customer's Managed Service Partner advised that these versions that come with RedHat package updates are the latest ones that are compatible with the version of RedHat Kernel, and it would not be a good idea to manually upgrade these to the mainstream versions.

The customer would like to know the best way to resolve this issue?

Topics
ComputeSecurity, Identity, & ComplianceAWS Well-Architected Framework
Tags
Linux ProvisioningSecurity, Identity, & ComplianceAmazon EC2Security
Language
English
AWS
AWS-User-5177782
asked 2 years ago267 views
1 Answer
0

I would snapshot the existing instance, spin up a new instance with that snapshot, and then upgrade the packages. Then test.

If you are behind a ALB, you could create a canary with the updated package and use weighted target groups to send a small amount of traffic to the canary.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content