No see packages informations

Support for security such as Firewalls and securing linux
liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

No see packages informations

Post by liberodark » 2019/10/02 09:46:48

Hi,

On CentOS 7 have possibility to see package informations from updates with CVE or not.
And on CentOS 8 no see informations.
That is a bug or is normal ?

Best Regards

User avatar
TrevorH
Forum Moderator
Posts: 26923
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2019/10/02 14:43:27

On CentOS 7 have possibility to see package informations from updates with CVE or not.
How?
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

KernelOops
Posts: 71
Joined: 2013/12/18 15:04:03

Re: No see packages informations

Post by KernelOops » 2019/10/02 15:39:27

I think he is using the "rpm -q --changelog <package>" command, and then grepping for CVE.

I've seen this being used for PCI certification when asked to provide information about a particular CVE patch.

User avatar
TrevorH
Forum Moderator
Posts: 26923
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2019/10/02 15:45:21

Yeah, the problem with "think" is that you don't know which is why I asked the direct question.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/03 07:36:10

Yes have more possibility but one exemple is cockpit.
But im not use that and have try cockpit too and other project same result dont see any informations for update packages.
And on CentOS 7 that work all updates have informations changelog etc...
My ask is just : This is a bug ? or Is a not implemented now ?


Exemple screen on CentOS 8 :

Image

Best Regards

User avatar
jlehtone
Posts: 2380
Joined: 2007/12/11 08:17:33
Location: Finland

Re: No see packages informations

Post by jlehtone » 2019/10/03 15:32:23

liberodark wrote:
2019/10/03 07:36:10
dont see any informations
Trevor did ask "How?"

We don't see any answer from you.

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/04 07:53:45

Hi,

Sorry but then I do not understand what you said.
I think I have answered the best.
Cockpit for example exploits packagekit that uses pkcon to update the bone but also display the package info.
I can not tell you much more about the "how"
But I can tell you that for now it does not work.

Exemple screens on CentOS 7 :

Image
Image

For install or try cockpit :

Code: Select all

yum install -y cockpit cockpit-packagekit sos
systemctl enable --now cockpit.socket
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --reload
Exemple Terminal with pkcon on Centos 7 :

Code: Select all

pkcon get-update-detail curl
Résolution                   [=========================]         
Obtention des détails de la mise à jour[=========================]         
Obtention d'informations      [=========================]         
Terminé                      [=========================]         
Informations complémentaires à propos de la mise à jour :
 Paquets: curl-7.29.0-54.el7.x86_64
 Mises à jour: curl;7.29.0-51.el7;x86_64;installed:anaconda
 Informations de mise à jour: 
 Changements: **2019-06-03** Kamil Dudka <kdudka@redhat.com> - 7.29.0-54
- make `curl --tlsv1` backward compatible (#1672639)

**2019-05-27** Kamil Dudka <kdudka@redhat.com> - 7.29.0-53
- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)

**2019-03-01** Kamil Dudka <kdudka@redhat.com> - 7.29.0-52
- prevent curl --rate-limit from hanging on file URLs (#1281969)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- fix bad arithmetic when outputting warnings to stderr (CVE-2018-16842)
- backport options to force TLS 1.3 in curl and libcurl (#1672639)
- prevent curl --rate-limit from crashing on https URLs (#1683292)


 Publié: 
 Mis à jour: 
Exemple Terminal with pkcon on Centos 8 :

Code: Select all

pkcon get-update-detail curl
Résolution                   [=========================]         Il y a plusieurs paquets correspondants :
Obtention des détails de la mise à jour[=========================]         
Démarrage                    [=========================]         
Terminé                      [=========================]

Other Exemple Terminal with pkcon on Centos 8 :

Code: Select all

pkcon get-update-detail systemd
Résolution                   [=========================]         Il y a plusieurs paquets correspondants :
1. systemd-239-13.el8.i686 [BaseOS]
2. systemd-239-13.el8.x86_64 [BaseOS]
3. systemd-239-13.el8_0.3.i686 [BaseOS]
4. systemd-239-13.el8_0.3.x86_64 [BaseOS]
5. systemd-239-13.el8_0.5.i686 [BaseOS]
6. systemd-239-13.el8_0.5.x86_64 [BaseOS]
Veuillez choisir le paquet correct : 6
                             [=========================]         
Obtention des détails de la mise à jour[=========================]         
Démarrage                    [=========================]         
Terminé                      [=========================]  
But have update of systemd :

Image

My question is just that is normal or is a bug ?
Probably not implemented yet ?

cordially

User avatar
jlehtone
Posts: 2380
Joined: 2007/12/11 08:17:33
Location: Finland

Re: No see packages informations

Post by jlehtone » 2019/10/04 16:21:37

Okay, you mention "get basic package info":

Code: Select all

rpm -qi foo
yum info foo
pkcon get-details foo
and "read changelog from package":

Code: Select all

rpm -q --changelog foo
repoquery --changelog foo
pkcon get-update-detail foo
With that information the websearch picks up stuff like:
https://bugzilla.redhat.com/show_bug.cgi?id=1483458

Now we know that some version of 'dnf' was lacking and later version has fixed that issue. Alas, that bug report was about Fedora, the "upstream".

What you should do, is to verify that 'dnf repoquery' in CentOS 8 has the issue and that RHEL 8.1 beta has the issue, and then open a bug against RHEL-8 (and hope that it gets a fix by RHEL-8.2).

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/07 09:04:44

Ok but that is not true on redhat that work !
Im work on project of suppervision.
And My project work great on CentOS 7 / Redhat 7 & 8.


Other Exemple Terminal with pkcon on Redhat 8 :

Code: Select all

pkcon get-update-detail systemd
Résolution                   [=========================]         Il y a plusieurs paquets correspondants :
1. systemd-239-13.el8.x86_64 [rhel-8-for-x86_64-baseos-rpms]
2. systemd-239-13.el8_0.3.i686 [rhel-8-for-x86_64-baseos-rpms]
3. systemd-239-13.el8_0.5.i686 [rhel-8-for-x86_64-baseos-rpms]
4. systemd-239-13.el8.i686 [rhel-8-for-x86_64-baseos-rpms]
5. systemd-239-13.el8_0.3.x86_64 [rhel-8-for-x86_64-baseos-rpms]
6. systemd-239-13.el8_0.5.x86_64 [rhel-8-for-x86_64-baseos-rpms]
7. systemd-239-13.el8_0.5.src [rhel-8-for-x86_64-baseos-source-rpms]
8. systemd-239-13.el8_0.3.src [rhel-8-for-x86_64-baseos-source-rpms]
9. systemd-239-13.el8.src [rhel-8-for-x86_64-baseos-source-rpms]
Veuillez choisir le paquet correct : 6
                             [=========================]         
Obtention des détails de la mise à jour[=========================]         
Chargement du cache           [=========================]         
Terminé                      [=========================]         
Informations complémentaires à propos de la mise à jour :
 Package: systemd-239-13.el8_0.5.x86_64
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1705379
 Informations de mise à jour: The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.

Bug Fix:
* scopes using Delegate=yes aren't getting terminated gracefully (BZ#1705379)

Users of systemd are advised to upgrade to these updated packages.
 Changements: 
 État: stable
 Publié: 
 Mis à jour: 
We see here that it works very well, on redhat 8.
So it's a bug of CentOS 8

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/07 15:13:52

Other exemples and have open issue on my redhat account but im not sure that is a redhat issue :


Other Exemple Terminal with check_update on CentOS 7 :

Code: Select all

./check_updates
The following packages are security updates:
apr-1.4.8-5.el7.x86_64 (SECURITY)
bind-libs-lite-32:9.11.4-9.P2.el7.x86_64 (SECURITY)
bind-libs-32:9.11.4-9.P2.el7.x86_64 (SECURITY)
bind-license-32:9.11.4-9.P2.el7.noarch (SECURITY)
bind-utils-32:9.11.4-9.P2.el7.x86_64 (SECURITY)
curl-7.29.0-54.el7.x86_64 (SECURITY)
elfutils-default-yama-scope-0.176-2.el7.noarch (SECURITY)
elfutils-libelf-0.176-2.el7.x86_64 (SECURITY)
elfutils-libs-0.176-2.el7.x86_64 (SECURITY)
ghostscript-9.25-2.el7_7.2.x86_64 (SECURITY)
kernel-headers-3.10.0-1062.1.2.el7.x86_64 (SECURITY)
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64 (SECURITY)
kernel-tools-3.10.0-1062.1.2.el7.x86_64 (SECURITY)
kernel-3.10.0-1062.1.2.el7.x86_64 (SECURITY)
libarchive-3.1.2-12.el7.x86_64 (SECURITY)
libcurl-7.29.0-54.el7.x86_64 (SECURITY)
libjpeg-turbo-1.2.90-8.el7.x86_64 (SECURITY)
libmspack-0.5-0.7.alpha.el7.x86_64 (SECURITY)
libsmbclient-4.9.1-6.el7.x86_64 (SECURITY)
libssh2-1.8.0-3.el7.x86_64 (SECURITY)
libtiff-4.0.3-32.el7.x86_64 (SECURITY)
libtirpc-0.2.4-0.16.el7.x86_64 (SECURITY)
libwbclient-4.9.1-6.el7.x86_64 (SECURITY)
mariadb-libs-1:5.5.64-1.el7.x86_64 (SECURITY)
mariadb-server-1:5.5.64-1.el7.x86_64 (SECURITY)
mariadb-1:5.5.64-1.el7.x86_64 (SECURITY)
nagios-common-4.4.3-1.el7.x86_64 (SECURITY)
nagios-4.4.3-1.el7.x86_64 (SECURITY)
ntp-4.2.6p5-29.el7.centos.x86_64 (SECURITY)
ntpdate-4.2.6p5-29.el7.centos.x86_64 (SECURITY)
pango-1.42.4-4.el7_7.x86_64 (SECURITY)
patch-2.7.1-11.el7.x86_64 (SECURITY)
polkit-0.112-22.el7_7.1.x86_64 (SECURITY)
python-libs-2.7.5-86.el7.x86_64 (SECURITY)
python-perf-3.10.0-1062.1.2.el7.x86_64 (SECURITY)
python-2.7.5-86.el7.x86_64 (SECURITY)
rsyslog-mysql-8.24.0-41.el7_7.x86_64 (SECURITY)
rsyslog-8.24.0-41.el7_7.x86_64 (SECURITY)
samba-client-libs-4.9.1-6.el7.x86_64 (SECURITY)
samba-client-4.9.1-6.el7.x86_64 (SECURITY)
samba-common-libs-4.9.1-6.el7.x86_64 (SECURITY)
samba-common-4.9.1-6.el7.noarch (SECURITY)
systemd-libs-219-67.el7_7.1.x86_64 (SECURITY)
systemd-sysv-219-67.el7_7.1.x86_64 (SECURITY)
systemd-219-67.el7_7.1.x86_64 (SECURITY)
unzip-6.0-20.el7.x86_64 (SECURITY)
vim-common-2:7.4.629-6.el7.x86_64 (SECURITY)
vim-enhanced-2:7.4.629-6.el7.x86_64 (SECURITY)
vim-filesystem-2:7.4.629-6.el7.x86_64 (SECURITY)
vim-minimal-2:7.4.629-6.el7.x86_64 (SECURITY)
UPDATE OK - Security-Update = 50 | 'Total Update' = 276
Work

Other Exemple Terminal with check_update on Redhat 8 :

Code: Select all

./check_updates
The following packages are security updates:
bind-export-libs-32:9.11.4-17.P2.el8_0.1.x86_64 (SECURITY)
kernel-core-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
kernel-modules-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
kernel-tools-libs-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
kernel-tools-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
kernel-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
libnghttp2-1.33.0-1.el8_0.1.x86_64 (SECURITY)
python3-perf-4.18.0-80.11.2.el8_0.x86_64 (SECURITY)
vim-minimal-2:8.0.1763-11.el8_0.x86_64 (SECURITY)
UPDATE OK - Security-Update = 9 | 'Total Update' = 70
Work

Other Exemple Terminal with check_update on CentOS 8 :

Code: Select all

./check_updates
The following packages are security updates:
WARN: Missing update detail for package bind-export-libs-32:9.11.4-17.P2.el8_0.1.x86_64
WARN: Missing update detail for package iptables-ebtables-1.8.2-9.el8_0.1.x86_64
WARN: Missing update detail for package iptables-libs-1.8.2-9.el8_0.1.x86_64
WARN: Missing update detail for package iptables-1.8.2-9.el8_0.1.x86_64
WARN: Missing update detail for package kernel-core-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package kernel-modules-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package kernel-tools-libs-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package kernel-tools-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package kernel-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package kmod-libs-25-11.el8_0.2.x86_64
WARN: Missing update detail for package kmod-25-11.el8_0.2.x86_64
WARN: Missing update detail for package libdnf-0.22.5-5.el8_0.x86_64
WARN: Missing update detail for package libnfsidmap-1:2.3.3-14.el8_0.x86_64
WARN: Missing update detail for package libsss_autofs-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package libsss_certmap-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package libsss_idmap-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package libsss_nss_idmap-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package libsss_sudo-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package microcode_ctl-4:20180807a-2.20190618.1.el8_0.x86_64
WARN: Missing update detail for package p11-kit-trust-0.23.14-5.el8_0.x86_64
WARN: Missing update detail for package p11-kit-0.23.14-5.el8_0.x86_64
WARN: Missing update detail for package platform-python-3.6.8-2.el8_0.0.1.x86_64
WARN: Missing update detail for package python3-hawkey-0.22.5-5.el8_0.x86_64
WARN: Missing update detail for package python3-libdnf-0.22.5-5.el8_0.x86_64
WARN: Missing update detail for package python3-libs-3.6.8-2.el8_0.0.1.x86_64
WARN: Missing update detail for package python3-perf-4.18.0-80.7.1.el8_0.x86_64
WARN: Missing update detail for package selinux-policy-targeted-3.14.1-61.el8_0.1.noarch
WARN: Missing update detail for package selinux-policy-3.14.1-61.el8_0.1.noarch
WARN: Missing update detail for package setup-2.12.2-2.el8.noarch
WARN: Missing update detail for package sssd-client-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package sssd-common-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package sssd-kcm-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package sssd-nfs-idmap-2.0.0-43.el8_0.3.x86_64
WARN: Missing update detail for package systemd-libs-239-13.el8_0.5.x86_64
WARN: Missing update detail for package systemd-pam-239-13.el8_0.5.x86_64
WARN: Missing update detail for package systemd-udev-239-13.el8_0.5.x86_64
WARN: Missing update detail for package systemd-239-13.el8_0.5.x86_64
(none)
UPDATE OK - Security-Update = 0 | 'Total Update' = 37
Not Work (check_update says that there are no security updates but it's wrong it's only that there is no information about packages.)

Source of check_update : https://github.com/liberodark/nrpe-inst ... ck_updates

Post Reply

Return to “CentOS 8 - Security Support”