View and handle Linux software vulnerabilities - Precautions| Alibaba Cloud Documentation Center

Security Center allows you to detect and fix Linux software vulnerabilities with a few clicks. This topic describes how to view and handle Linux software vulnerabilities.

Limits

The Basic and Anti-virus editions of Security Center only detect vulnerabilities, but do not fix them. To use Security Center to fix vulnerabilities with a few clicks, you must activate the Advanced, Enterprise, or Ultimate edition. For more information about the features supported by different Security Center editions, see Feature.

View the basic information about a vulnerability

Log on to the Security Center console.
In the left-side navigation pane, choose Precaution > Vulnerabilities.
On the Linux Software tab, view the vulnerabilities detected by Security Center. In most cases, the name of a Linux software vulnerability starts with USN, RHSA, or CVE.
- View vulnerabilities
- View the priorities of vulnerabilities and the number of affected assets
  The priorities of vulnerabilities are displayed in different colors in the Affected Assets column. The number in each row of this column indicates the total number of the assets affected by a vulnerability. The following list describes the relationship between colors and priorities:
  - Red: High
  - Orange: Medium
  - Gray: Low
  Note We recommend that you fix vulnerabilities with the High priority at the earliest opportunity.
- Add vulnerabilities to the whitelist
  On the Linux Software tab, select one or more vulnerabilities that you want to add to the whitelist and click Add to Whitelist. After you add the vulnerabilities to the whitelist, Security Center no longer generates alerts on these vulnerabilities.
  Vulnerabilities that are added to the whitelist are removed from the vulnerability list on the Linux Software tab. You can click Settings in the upper-right corner of the page to view the vulnerabilities in the Vul Whitelist section.
  
  If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.
- Fix multiple vulnerabilities at a time
  If you fix multiple vulnerabilities at a time, Security Center automatically identifies affected assets and fixes the vulnerabilities on these assets. On the Linux Software tab, you can select the vulnerabilities that you want to fix and click Batch Repair. In the Batch Repair dialog box, view the affected assets, select Create snapshots automatically and fix or Skip snapshot backup and fix directly, and then click Fix Now.
  Note
  
  You can select the vulnerabilities only on the current page. A total of 10, 20, or 50 vulnerabilities can be displayed on each page. Therefore, you can fix a maximum of 50 vulnerabilities at a time.
  
  For outdated or commercial operating systems, you must manually upgrade the operating systems to fix vulnerabilities. Security Center cannot fix multiple vulnerabilities detected on these operating systems at a time. After you use the Batch Repair feature to fix these vulnerabilities, Security Center ignores them. If you use one of the following operating systems, you must upgrade your operating system to fix multiple vulnerabilities at a time:
  
  Red Hat 5, Red Hat 6, Red Hat 7, and Red Hat 8
  
  CentOS 5
  
  Ubuntu 12
  
  The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system before you click Fix Now. For more information about snapshots, see Snapshot overview.
  
  You are charged based on the billing methods of the snapshot service.For example, if the size of the system disk is 40 GB, the fees for snapshot storage are USD 0.005 per day. For more information, see Snapshots.
- Search for vulnerabilities
  On the Linux Software tab, filter vulnerabilities by priority, vulnerability status, asset group, virtual private cloud (VPC) name, or vulnerability name. The priority can be high, medium, or low. The status can be handled or unhandled.
  
  Note Fuzzy match is supported for vulnerability search by name.
- Export vulnerabilities
  On the Linux Software tab, you can click the icon to export and save all detected vulnerabilities to your computer. The vulnerabilities are exported to an Excel file.
  
  Note The time to export the vulnerabilities varies based on the size of vulnerability data.

View vulnerability details and handle vulnerabilities

Log on to the Security Center console.
In the left-side navigation pane, choose Precaution > Vulnerabilities.
On the Linux Software tab, find the vulnerability that you want to view. Click the vulnerability name in the Vulnerability column or Fix in the Actions column. The panel that shows the vulnerability details appears.
In the panel, view and handle the vulnerability.
You can perform the following operations:
- View vulnerability details
  The panel displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze all vulnerabilities and handle multiple vulnerabilities at a time. You can view the following information:
  - On the Detail tab, view all vulnerabilities associated with the vulnerability, vulnerability descriptions, and vulnerability priorities.
  - On the Pending vulnerability tab, view the assets that are affected by the vulnerability.
    You can view all the assets affected by the vulnerabilities and the status of the vulnerability. You can fix a vulnerability, ignore a vulnerability, or add a vulnerability to a whitelist. You can also verify or undo a vulnerability fix.
  On the Detail tab, click an asset in the Affected Assets column to go to the Vulnerabilities tab of the Assets page. On this tab, you can view the information about all Linux software vulnerabilities associated with this asset.
- View the details about the Alibaba Cloud vulnerability library
  On the Detail tab, click the ID of a vulnerability that you want to fix in the CVE ID column to go to the Alibaba Cloud vulnerability library.
  
  This library displays detailed information about the vulnerability, including the vulnerability description, basic information, and solution.
- View vulnerability priorities
  Vulnerability priorities are marked in different colors:
  - Red: High
  - Orange: Medium
  - Gray: Low
  Note We recommend that you fix vulnerabilities with the High priority at the earliest opportunity.
- View the processes related to vulnerability fixes
  On the Pending vulnerability tab, click the icon in the Related process column to view the processes related to the vulnerability. In the panel that appears, you can view the processes or business systems that may be affected by the vulnerability fix.
- View the vulnerability status
  The status of a vulnerability can be Handled or Unhandled.
  - Handled
    - Handled: The vulnerability is fixed.
    - Ignored: The vulnerability is ignored. Security Center no longer generates alerts on this vulnerability.
    Note For a Handled vulnerability, you can click Rollback in the Actions column. After you undo a vulnerability fix, the vulnerability status changes to Unhandled.
  - Unhandled
    - Unfixed: The vulnerability is to be fixed.
    - Fixing: The vulnerability is being fixed.
    - Fix Failed: Security Center failed to fix the vulnerability. The file that contains the vulnerability data may have been modified or does not exist.
    - Handled (To Be Restarted): The vulnerability has been fixed, and you must restart the system for the fix to take effect.
    - Verifying: The vulnerability has been fixed. If a system restart is required, you can verify the fix after you restart the system.
- Handle the vulnerabilities of the affected assets
  On the Pending vulnerability tab, you can fix a vulnerability, ignore a vulnerability, or add a vulnerability to the whitelist. You can also verify or undo a vulnerability fix.
  You can perform the following operations based on your requirements:
  - Fix vulnerabilities
    Fix vulnerabilities based on the following scenarios:
    
    The Fix button is available
    Select one or more associated vulnerabilities and click Fix. Security Center automatically creates snapshots and fixes vulnerabilities. You can select Create snapshots automatically and fix or Skip snapshot backup and fix directly based on your requirements.
    
    Note
    
    The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system before you click Fix Now. For more information about snapshots, see Snapshot overview.
    
    You are charged based on the billing methods of the snapshot service.For example, if the size of the system disk is 40 GB, the fees for snapshot storage are USD 0.005 per day. For more information, see Snapshots.
    
    The Fix button is dimmed
    The button is dimmed in the following scenarios:
    
    For outdated or commercial operating systems, you must manually upgrade the operating systems to fix vulnerabilities.
    
    Note If you use one of the following operating systems, you must upgrade your operating system to fix vulnerabilities:
    
    Red Hat 5, Red Hat 6, Red Hat 7, and Red Hat 8
    
    CentOS 5
    
    Ubuntu 12
    
    Linux software vulnerabilities may fail to be fixed due to issues, such as insufficient disk space on your server or unauthorized access to files. Before you fix Linux software vulnerabilities in the Security Center console, you must manually handle the issues on the server. The following list describes these issues and solutions:
    
    The disk space is smaller than 3 GB.
    Solution:
    
    Solution: Resize or clear the disk. Then, try to fix the vulnerabilities again in the Security Center console.
    
    The apt-get or APT/YUM process is running.
    Solution: Wait until the process is complete, or manually stop the process. Then, fix the vulnerability again in the Security Center console.
    
    Insufficient permissions to run the APT, YUM, or RPM command.
    Solution: Check and manage access permissions on the files. We recommend that you set file permissions to 755, and make sure that the file owner is the root user. Then, fix the vulnerability again in the Security Center console.
    
    Note After you set file permissions to 755, the file owner has the read, write, and execute permissions on the file. Other users and the user group to which the file owner belongs have read and execute permissions on the file.
    
    To view server issues, move the pointer over the Fix button. The suggestions are provided by Security Center.
  - Restart the system
    After you fix Linux kernel vulnerabilities, you must restart the system. You can use one of the following methods to restart the system:
    
    (Recommended) Click Restart on the Detail tab.
    
    Note If the system has vulnerabilities in the fixing or verifying state, you cannot restart the system. In this case, if you click Restart, an error message appears, which indicates that the system restart fails. Before you restart a system, make sure that the system has no vulnerabilities in the fixing or verifying state.
    
    Run the required command in the Linux system.
  - Verify a vulnerability fix
    Select a vulnerability or multiple associated vulnerabilities and click Verify to check whether the vulnerabilities are fixed.
    
    After you click Verify, the Status of the vulnerability changes to Verifying. It requires several seconds to verify the fix.
  - Add a vulnerability to the whitelist
    In the upper-right corner of the panel that shows the vulnerability details, click Add to Whitelist to add a vulnerability to the whitelist. After you add the vulnerability to the whitelist, Security Center no longer generates alerts on this vulnerability.
    
    Vulnerabilities that are added to the whitelist are removed from the vulnerability list on the Linux Software tab. You can click Settings in the upper-right corner of the page to view the vulnerabilities in the Vul Whitelist section.
    
    If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.
  - Ignore a vulnerability
    Find the vulnerability that you want to ignore, click the icon in the Actions column, and then select Ignore. In the dialog box that appears, enter the description for the ignore operation and click OK. After a vulnerability is ignored, Security Center no longer generates alerts on this vulnerability.
    
    Search for Handled vulnerabilities, find the vulnerability that is ignored, and then click the vulnerability to go to the panel that shows the vulnerability details. In the panel, move the pointer over the icon in the Status column to view the description of the ignore operation.
    
    Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find the vulnerability in the Handled vulnerability list and click Unignore in the panel.
  - Undo a vulnerability fix
    In the panel, find the vulnerability for which you want to undo the fix, click the icon in the Actions column, and then select Rollback. In the Undo Fix dialog box, select the snapshot based on which you want to undo the fix and click OK.
- Search for affected assets
  On the Pending vulnerability tab, you can search for affected assets by vulnerability priority, VPC name, asset group, vulnerability status, server IP address, or server name. The vulnerability priority can be high, medium, or low. The vulnerability status can be handled or unhandled.
  
  Note Fuzzy match is supported for the affected assets search by server IP address or name.
- Export affected assets
  On the Pending vulnerability tab, click the icon above the asset list to export and save all affected assets to your computer. The assets are exported to an Excel file.
  
  Note The time to export the vulnerabilities varies based on the size of asset data.

Description of the panel that shows the vulnerability details


Parameter	Description
CVE ID	The Common Vulnerabilities and Exposures (CVE) ID of the vulnerability. The CVE system provides a reference method for publicly known information-security vulnerabilities and exposures. You can use CVE IDs, such as CVE-2018-1123, to query relevant information about vulnerability fixes in CVE-compatible databases to resolve security issues.
Impact	The value of the Impact parameter is a Common Vulnerability Scoring System (CVSS) score. The CVSS score follows the widely accepted industry standard and is calculated based on the formula that depends on several attributes of the vulnerability. This score is used to determine the severity of the vulnerability. The following list describes the severity rating scale in CVSS v3.0: 0: none 0.1 to 3.9: low Vulnerabilities that cause local DDoS attacks Vulnerabilities that have minor impacts 4.0 to 6.9: medium Vulnerabilities that affect users only when the system and user interacts Vulnerabilities that attackers can exploit to perform unauthorized operations Vulnerabilities that can be exploited after attackers change local configurations or obtain the required information 7.0 to 8.9: high Vulnerabilities that can be exploited to indirectly obtain permissions on your server and application systems Vulnerabilities that attackers can exploit to read, write, download, or delete files Vulnerabilities that cause sensitive data leaks Vulnerabilities that cause service interruptions or remote DDoS attacks 9.0 to 10.0: critical Vulnerabilities that can be exploited to directly obtain permissions on your server Vulnerabilities that can be exploited to directly obtain sensitive data and cause data leaks Vulnerabilities that cause unauthorized access to sensitive data Vulnerabilities that cause large-scale impacts
Affected Assets	The details of assets that are affected by the vulnerability, including the public and private IP addresses of the assets.
Priority	The following list describes the vulnerability priorities: High We recommend that you fix high-priority vulnerabilities at the earliest opportunity. Medium You can fix medium-priority vulnerabilities based on your business requirements. Low You can fix or ignore low-priority vulnerabilities based on your business requirements.
Details	In the panel, find a vulnerability and click Details in the Actions column to view the details about this vulnerability. Fix Command: the command that you can run to fix the vulnerability. Impact description: Software: the version of the software on the current server. Cause: the reason why the software has the vulnerability. In most cases, the vulnerability is detected because the current version of the software is outdated. Path: the path of the software on the server. Caution: important notes, prevention tips, and references for the vulnerability.

References

Scan cycles

What are the differences between baselines and vulnerabilities?

What can I do if I cannot enable the vulnerability detection feature for a server on the Assets page?