As a system administrator, one of your most critical tasks is keeping your system secure. In today’s digital age, cyberattacks are rampant, and vulnerabilities can be exploited in minutes.
So one of the best ways to ensure your system’s security is by being aware of vulnerabilities and taking appropriate measures to fix them.
This guide will show you how to check if an RHEL system is vulnerable to a CVE and what steps to take to mitigate the risk.
What is CVE ?
Before we dig in, let’s explain what is a CVE.
CVE stands for ( Common Vulnerabilities and Exposure ), is a publicly known vulnerability that is assigned a unique identifier. You can find its details on NVD (National Vulnerability Database).
Step-by-Step Guide
Here are the steps to check if your RHEL system is vulnerable to a CVE:
Step1: Identification
Before checking if your system is vulnerable, you need to identify the CVE. Like I said previously, you can find its details on the NVD website.
Step2: Check the version of RHEL
Once you have identified the vulnerability ID, you need to check if your RHEL system is using the affected version. You can do this by running the following command if the terminal:
# cat /etc/redhat-release
This command will display the version of RHEL that your system is running.
Step3: check for the vulnerability
After identifying the CVE and checking the RHEL version, you need to check if your system is vulnerable.
It can be done via the rpm command by checking the identifier number against a specific package.
Syntax:
# rpm -q --changelog [package-name] | grep [CVE-NUMBER]
For exemple, I want to see if CVE-2022-22720 has been applied to Apache package or not, run the following command :
[root@RHEL ~]# rpm -q --changelog httpd | grep CVE-2022-22720 - Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
If you see anything in the output, it means Apache has been patched against that vulnerability. Because each rpm package stores information about patches including date, description and CVE number.
On the other hand, if you don’t see anything in the output, it means Apache has not been patched and you should upgrade immediately.
nmap : les 12 commandes que vous devez connaître
Apache : Apprendre à créer des virtual Hosts
Trois commandes pour vérifier si un port est ouvert sur un système Linux distant
Virsh : La gestion des Vm en ligne de commande
Fail2Ban : How to protect Linux services