CentOS

Running CentOS release 5.7 (Final) and getting a fail for PCI due to CVE-2012-0053 (RHSA-2012:0128). I see this is patched into CentOS6. Any ideas about CentOS 5?

Thanks in advance!

Thanks Phil, what you say makes sense and it is going to cause ongoing pain. The main point of my original post was to see if other CentOS 5 users had some thoughts on addressing the problems I see. It sounds like CentOS 6 may help a reasonable amount as baseline version of apache is substantially n...

A PCI scan must be completed by an ASV (Approved Scanning Vendor). From https://www.pcisecuritystandards.org: [quote]Whenever possible, ASVs must use two tools to categorize and rank vulnerabilities, and determine scan compliance: 1. The Common Vulnerability Scoring System (CVSS) version 2.0, which ...

Right, I read those. My point is that while RedHat doesn't think CVE-2007-6203 is a vulnerability, our credit card processor's PCI scanner does and hence will not certify unless there is a compensating control. CVE-2008-0455/6 could be addressed by disabling mod_negotiation. CVE-2007-1741/3 could be...

I've been finding that there are a number of vulnerabilities appearing on PCI scans which RedHat has decided not to backport with respect to Apache httpd-2.2.3-45.el5.centos.1: e.g. CVE-2007-6203 CVE-2008-0455 CVE-2008-0456 CVE-2007-1741 CVE-2007-1743 Quite the hassle. I'm wondering if others have t...

UPDATE For some reason syslog-ng is essentially hardcoded to read in /opt/syslog-ng/etc/syslog-ng.conf. So part one of the problem was that it wasn't looking in /etc as per the syslog-ng doc. PS changing CONFFILE in the init script doesn't actually do anything. Problem two is that the structure of t...

I installed syslog-ng-3.0.3-1.rhel5.i386.rpm and at first blush it appears to be working fine to /var/log/messages. However it doesn't seem to be doing any other ancillary logging as defined in syslog-ng.conf (I've had to mod /etc/init.d/syslog-ng to look in /etc). e.g. destination d_auth { file("/v...