Security Center can detect and quickly fix Linux software vulnerabilities. This topic describes how to check information about Linux software vulnerabilities and how to manage them.

Background information

The Basic edition of Security Center only scans for vulnerabilities, but does not fix vulnerabilities. To use Security Center to quickly fix vulnerabilities, you must use the Advanced or Enterprise edition. For more information about features supported by each edition, see Features.

Check the information about vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Precaution > Vulnerabilities.
  3. On the Linux Software page, you can view the vulnerabilities detected in Linux software. The name of a vulnerability typically starts with USN, RHSA, or CVE.
    • View vulnerability updatesView vulnerability updates
    • View the severity of vulnerabilities
      The severity of vulnerabilities is displayed in different colors. The severity number represents the priority in which a vulnerability is fixed.
      • Red represents High severity.
      • Orange represents Medium severity.
      • Gray represents Low severity.
      View vulnerability severity
      Note We recommend that you fix high severity vulnerabilities immediately.
    • Add vulnerabilities to the whitelist

      On the Linux Software tab, you can select one or more vulnerabilities and click Add to Whitelist to add the selected vulnerabilities to the whitelist. After a vulnerability is added to the whitelist, Security Center no longer generates alerts when this vulnerability is detected.

      Add vulnerabilities to the whitelist

      Vulnerabilities added to the whitelist are removed from the vulnerability list on the Linux Software tab. You can click Settings in the upper-right corner to view these vulnerabilities in the Vul Whitelist list.

      If you want Security Center to detect and generate alerts upon a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and then click Remove to remove the vulnerability from the whitelist.

      The Settings page
    • Search for vulnerabilities

      On the Linux Software tab, you can search for vulnerabilities by vulnerability severity level (high, medium, and low), vulnerability status (handled, unhandled), asset group, or vulnerability name.

      Search for vulnerabilities
      Note Fuzzy match of vulnerability names is supported.
    • Export vulnerabilities
      On the Linux Software tab, you can click the Export icon (Export vulnerabilities) to export records of all Linux software vulnerabilities to your local computer. The vulnerabilities are exported to an Excel file.
      Note It may take a long time to export the vulnerabilities, depending on the file size.
      Export vulnerabilities

View vulnerability details and fix vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Precaution > Vulnerabilities.
  3. On the Linux Software tab, find the target vulnerability. Click the Vulnerability Name or Fix in the Actions column to open the details page.
    On the details page, you can view the vulnerability details, the number of pending vulnerabilities, and the assets that are exposed to the pending vulnerabilities.Linux software vulnerabilities
  4. You can view vulnerability details and manage vulnerabilities on the vulnerability details page, as described in the following steps.
    • View vulnerability details

      The vulnerability details page displays information about related vulnerabilities and assets that are exposed to these vulnerabilities. You can analyze and manage multiple vulnerabilities simultaneously.

      • The Detail tab displays the related vulnerabilities, vulnerability descriptions, and severity of each vulnerability.
      • The Pending Vulnerability tab displays the assets that are exposed to the vulnerabilities.

        You can view all the assets exposed to the vulnerabilities and the vulnerability status. You can also verify, fix, and ignore vulnerabilities, undo fixes of vulnerabilities, and add vulnerabilities to the whitelist.

      Manage vulnerabilities
      On the Pending Vulnerability tab, you can click an asset in the Affected Assets column to go to the Assets > Vulnerabilities page. This page displays all vulnerabilities related to this asset.Vulnerability information
    • View vulnerability details in the Alibaba Cloud vulnerability library
      On the Detail tab, find the target vulnerability and click the CVE ID to go to the Alibaba Cloud vulnerability library.CVE ID

      This library displays detailed information about the vulnerability, including the vulnerability description, basic information, and solutions to fix the vulnerability.

    • View vulnerability severity

      The severity of vulnerabilities is displayed in different colors. Red represents High severity. Orange represents Medium severity. Grey represents Low severity.

      Note We recommend that you fix high severity vulnerabilities immediately.
    • View processes related to vulnerability fixing
      On the Pending Vulnerability tab, you can click the icon in the Related process column to view processes related to the vulnerability. This helps you learn about the processes and service systems that may be affected by fixing the vulnerability.Related processes
    • View vulnerability status
      • Handled
        • Fixed: The vulnerability has been fixed.
        • Ignored: The vulnerability is Ignored. Security Center no longer generates alerts upon this vulnerability.
        Note For Handled vulnerabilities, you can choose to Undo Fix. After a fix is undone, the vulnerability status is changed to Unhandled.
      • Unhandled
        • Unfixed: The vulnerability has not been fixed.
        • Fixing: The vulnerability is being fixed.
        • Fix Failed: Security Center failed to fix the vulnerability. The file of the vulnerability has been modified or does not exist.
        • Handled (To Be Restarted): The vulnerability has been fixed, and a system restart is required for the fix to take effect.
        • Verifying: The vulnerability has been fixed. If the system needs to be restarted, verify the fix after the restart.
    • Manage vulnerabilities on affected assets

      On the Pending Vulnerability tab, you can fix, verify, and ignore vulnerabilities, undo fixes of vulnerabilities, and add vulnerabilities to the whitelist.

      Fix wulnerabilities
      • Fix vulnerabilities

        You can click Fix in the Actions column to fix one or more related vulnerabilities simultaneously. Security Center can automatically create snapshots and fix vulnerabilities. You can select Create snapshots automatically and fix or Skip snapshot backup and fix directly as needed.

        Create snapshots and fix vulnerabilities
        Note
        • The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system. For more information about snapshots, see Snapshot overview.
        • Snapshots incur fees. Fees are calculated based on the service of the snapshot. For example, if the size of the system disk is 40 GB, the fees are USD 0.005 per day. For more information, see Snapshot billing methods.
      • Verify vulnerabilities

        You can click Verify to verify one or more related vulnerabilities simultaneously.

        After you click Verify, the Status of the vulnerability is changed to Verifying. It takes several seconds to verify a vulnerability.

      • Add vulnerabilities to the whitelist

        In the upper-right corner of the Detail tab, click Add to Whitelist to add the vulnerability to the whitelist. After a vulnerability is added to the whitelist, Security Center no longer generates alerts upon this vulnerability.

        Vulnerabilities added to the whitelist are removed from the vulnerability list on the Linux Software tab. You can click Settings in the upper-right corner to view these vulnerabilities in the Vul Whitelist list.

        If you want Security Center to detect and generate alerts upon a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and then click Remove to remove the vulnerability from the whitelist.

      • Ignore vulnerabilities

        Select the target vulnerability, click Ignore/Undo Fix and then select Ignore. Security Center no longer alerts you of this vulnerability.

        Note After you Ignore a vulnerability, the status of the vulnerability is changed to Ignored. If you want Security Center to alert you of an ignored vulnerability again, select the vulnerability in the Handled vulnerability list and click Cancel ignore.
      • Undo fixes of vulnerabilities

        Select the target vulnerability, click Ignore/Undo Fix and then select Undo Fix. Select the snapshot to which you want to roll back, and click OK.

        Undo fixes of vulnerabilities
    • Search for assets exposed to a vulnerability

      On the Pending Vulnerability tab, you can search for affected assets by vulnerability severity (high, medium, and low), asset group, vulnerability status (handled and unhandled), server IP address, or server name.

      Search for assets exposed to a vulnerability
      Note Server IP addresses and names support fuzzy match.
    • Export affected assets
      In the upper-right corner of the Pending Vulnerability tab, click the Export icon (Export affected assets) to export assets exposed to a vulnerability to a local computer. The assets are exported to an Excel file.
      Note It may take a long time to export the assets, depending on the file size.
      Export affected assets
    • Save filtered vulnerabilities

      In the upper-right corner of the Pending Vulnerability tab, you can click The Save icon to save the filtered vulnerability as a group. This allows you to monitor the group of vulnerabilities.

      Save filtered vulnerabilities

Description of the details page of a Linux software vulnerability

Item Description
CVE ID The Common Vulnerabilities and Exposures (CVE) ID of the vulnerability. The CVE system provides a reference-method for publicly known information-security vulnerabilities and exposures. You can use CVE IDs, such as CVE-2018-1123, to quickly search for information about vulnerability fixes in any CVE-compatible databases to resolve security issues.
Impact (CVSS score) The CVSS score follows the widely accepted industry standard, Common Vulnerability Scoring System, and is calculated based on multiple attributes of the vulnerability. This score is used to quantify the severity of vulnerabilities.
In the CVSS v3.0 rating system, the severity level indicated by each score is as follows:
  • 0.0: None.
  • 0.1-3.9: Low
    • Vulnerabilities that can cause denial of service.
    • Vulnerabilities that have minor impacts.
  • 4.0-6.9: Medium
    • Vulnerabilities that can impact users during system and user interactions.
    • Vulnerabilities that can be exploited to perform unauthorized activities.
    • Vulnerabilities that can be exploited after attackers change local configurations or obtain important information.
  • 7.0-8.9: High
    • Vulnerabilities that can be exploited to indirectly obtain user permissions to your server and application systems.
    • Vulnerabilities that can be exploited to read, download, write, or delete arbitrary files.
    • Vulnerabilities that can cause sensitive data leaks.
    • Vulnerabilities that can cause business disruption or remote denial of service.
  • 9.0-10.0: Critical
    • Vulnerabilities that can be exploited to directly obtain permissions to the operating system of your server.
    • Vulnerabilities that can be exploited to directly obtain sensitive data and cause data leaks.
    • Vulnerabilities that can cause unauthorized access to sensitive information.
    • Vulnerabilities that can cause large-scale impacts.
Affected assets The server assets that are exposed to this vulnerability, including the public and internal IP addresses of the servers.
Priority The severity of the vulnerability, including
  • High:

    We recommend that you fix high severity vulnerabilities as soon as possible.

  • Medium:

    You can fix medium severity vulnerabilities based on your workload needs.

  • Low:

    You may fix low severity vulnerabilities based on your workload needs.

Details On the Detail tab, you can select a vulnerability and click Details in the Actions column to view details of this vulnerability.
  • Fix Command: The command that can be used to fix this vulnerability.
  • Impact description:
    • Software: The version of the software on the current server.
    • Cause: The reason why the software is exposed to this vulnerability. Typically, the reason is that the current version is outdated.
    • Path: The path of the software on the server.
  • Caution: Important notes, prevention tips, and links to reference documents about this vulnerability.