Page 1 of 1
Copying/Backing Up Packages in Closed Network
Posted: 2019/10/09 21:07:03
by iTninjasaki
Without disclosing too much information, one Server I have shows vulnerable for Oracle Java. We are a closed network so we run our own repo for security purposes. I believe removing the srvadmin-jre-* package will remediate this vulnerability, however, I am new here and am the primary person for Linux. I'm not sure if the custom software we run is using this package (I am 99% sure it isn't) but if it is, I need a way to re-instate the package. Is there a way I can copy the packages to another location before uninstall them?
Re: Copying/Backing Up Packages in Closed Network
Posted: 2019/10/09 21:55:11
by TrevorH
That's a package from Dell, part of their OMSA server management software. The latest versions of those are 9.3.0-3465.14818.el6.x86_64 and ship a jre package which reports:
Code: Select all
$ /opt/dell/srvadmin/lib64/openmanage/jre/bin/java -version
java version "10.0.1" 2018-04-17
Java(TM) SE Runtime Environment 18.3 (build 10.0.1+10)
Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.1+10, mixed mode)
If you yum remove that, it will take the OMSA webserver out with it. If you don't connect to the https server that runs on port 1311 then you probably won't care.
You can download the Dell packages from dell.com and your server may well have shipped with a copy on optical media. If you do need to reinstall it (along with srvadmin-tomcat and srvmin-webserver) then you'll need to match the version of the other installed srvadmin packages - so either all old or all new, no mix and match.