ProHoster > Blog > nkhani zapaintaneti > Rocky Linux idakhazikitsa malo osungiramo zinthu okhala ndi ma phukusi kuti awonjezere chitetezo

Rocky Linux idakhazikitsa malo osungiramo zinthu okhala ndi ma phukusi kuti awonjezere chitetezo

Opanga magawidwe Rocky Linux, cholinga chake ndikupanga kapangidwe kaulere ka RHEL komwe kangatenge malo a kalembedwe kakale CentOS, yalengeza kukhazikitsidwa kwa Gulu Latsopano la Chitetezo (SIG), lomwe lidzasunga ma phukusi okhudzana ndi kupereka chitetezo chapamwamba komanso kupereka zida zina zachitetezo. Gululi lidzasindikizanso mitundu ina ya ma phukusi omwe alipo omwe adapangidwa kuti aphatikize njira zosiyanasiyana zowonjezerera chitetezo kapena kuthana ndi zovuta zomwe sizikufotokozedwa mu RHEL ndi CentOS Mtsinje.

Ntchito yokonza idzasindikizidwa m'malo ena osungiramo zinthu, omwe angagwiritsidwenso ntchito m'magawo ena ogwirizana ndi Red Hat Enterprise. LinuxKuti mulumikize malo osungiramo zinthu mu Rocky Linux Tsopano mutha kugwiritsa ntchito lamulo lakuti "dnf install rocky-release-security." Ma phukusi otsatirawa akupezeka pano mu repository:

  • LKRG kernel module (Linux Kernel Runtime Guard (Kernel Runtime Guard) yapangidwa kuti izindikire ndikuletsa kuukira ndi kuphwanya umphumphu wa kapangidwe ka kernel (mwachitsanzo, gawoli limatha kuteteza ku kusintha kosaloledwa kwa kernel yomwe ikuyenda ndikuyesera kusintha mwayi wa njira zogwiritsira ntchito). Phukusili lapangidwira RHEL8 ndi RHEL9.
  • Chida cha passwdqc chowunika mawu achinsinsi ndi mawu achinsinsi chimaphatikizapo gawo la pam_passwdqc, pwqcheck, pwqfilter, ndi pwqgen, ndi laibulale ya libpasswdqc. Phukusili limapangidwira RHEL9.
  • Phukusi la Glibc lomwe lili ndi zosintha zachitetezo zomwe zapangidwa ndi pulojekiti ya Owl ndipo zimagwiritsidwa ntchito mu ALT LinuxPhukusili lilinso ndi zokonza ziwiri za zofooka: kufooka mu ld.so (CVE-2023-4911), komwe kumalola wogwiritsa ntchito wakomweko kukulitsa mwayi wawo posankha deta yopangidwa mwapadera mu GLIBC_TUNABLES environment variable, ndi kufooka (CVE-2023-4527) mu ntchito ya getaddrinfo, zomwe zingayambitse kutayikira kwa stack kapena kugwa. Phukusili lapangidwira nthambi ya RHEL9.
  • Phukusi la OpenSSH momwe sshd imalumikizidwa ndi manambala ochepa omwe amagawana nawo. Phukusili limapangidwira nthambi ya RHEL9.
  • Phukusi logwirizana: pam_ssh_agent_auth, libnsl, nscd, nss_db, nss_hesiod.

    Source: opennet.ru
Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster