Why Is an Alert Still Reported After I Fixed a Vulnerability?
If you fix a vulnerability on the SecMaster console and a message is displayed indicating that the vulnerability fails to be fixed, possible causes are as follows:
Linux Servers
- No Yum sources have been configured.
In this case, configure a Yum source suitable for your Linux OS. Then, fix the vulnerability again.
- The Yum source does not have the latest software upgrade package.
Switch to the Yum source that has the corresponding software package, configure the Yum source, and then fix the vulnerability.
- The intranet cannot connect to the Internet.
To fix vulnerabilities online, you need to connect to the Internet and use external Yum sources. If your server cannot access the Internet, or the external yum sources cannot provide stable services, you can use a Huawei Cloud image source.
- The old kernel version remains.
Old kernel versions often remain on servers after an upgrade. You can run a fix command to check whether the kernel version in use meets the vulnerability requirements. After confirming that the kernel version is correct, you can ignore the vulnerability alert on the page on the console. For details, see Ignoring a Vulnerability. You are not advised to delete the old kernel versions.
Table 1 Commands for verifying fixes OS
Fix Command
CentOS/Fedora /Euler/Red Hat/Oracle
rpm -qa | grep Software_name
Debian/Ubuntu
dpkg -l | grep Software_name
Gentoo
emerge --search Software_name
- The server is not restarted after the kernel vulnerability is fixed.
After the kernel vulnerability is fixed, you need to restart the server, or the vulnerability alert will still be reported.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot