I have an issue with some servers at work where I have been unable to determine the best course of action to address it based on pre-existing knowledge within my team or web searches. Does anyone have suggestions for the best place to ask RHEL-specific questions? I don’t want to presume that it’s OK to post such nitty-gritty technical questions here.

  • BoofStroke@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    You might want to check the errata for the packages your scanning tools complained about. Rhel will keep stable versions at the same release version, but backport security fixes in.

    Many security scanners are stupid about this.

    Since it is rhel, you have a support contract, right? What do they say?

    • xapr@lemmy.sdf.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      >You might want to check the errata for the packages your scanning tools complained about. Rhel will keep stable versions at the same release version, but backport security fixes in.

      Thanks. I had verified that there is an errata before posting here. I presume that it hasn’t been installed due to that repository being disabled, but maybe I’m mistaken?

      >Many security scanners are stupid about this.

      Indeed. In the process of researching this I found a related KB article from Red Hat that basically said that the security scanner is not supposed to flag this.

      >Since it is rhel, you have a support contract, right? What do they say?

      I’m positive we have a support contract, but I’ve never had to use it, so I’m not familiar with the process. I’m not one of the main linux admins here. If I can’t find the answer either here or from my own research, I’ll look into the process to open a case.

      Thanks again.