Fixing Lite Server Vulnerabilities
Scenario
O&M teams often face security issues like kernel or OpenSSH vulnerabilities after updating operating systems. These problems threaten system stability and safety. Fixing them usually requires rebuilding the OS image, which takes too much time and effort. To solve this, Lite Server offers a quick fix tool. It allows users to scan and resolve multiple security vulnerabilities with just one click. This helps O&M staff manage system security easily, quickly fixing vulnerabilities to keep services running smoothly and safely.
Constraints
The constraints on creating a custom script task on the O&M plane are as follows:
- Only Snt9b nodes and Snt9b23 supernodes are supported.
- Only vulnerabilities in the Huawei Cloud EulerOS 2.0 can be fixed.
- The NodeTaskHub plugin is required for the node where the task is to be created. Ensure that the plugin is installed before task creation. For details, see Managing Lite Server AI Plug-ins.
- Only one task can be executed on a node at the same time. The task cannot be interrupted once started. Plan the task priority.
- Ensure that no services are running on the target node. Services may be interrupted or abnormal during task execution.
- Install the MCU, driver, and firmware for Ascend HDK 23.0.0 or later before starting the diagnosis. A preconfigured OS is already installed. If you use a custom OS, ensure that the software has been installed correctly.
- The diagnosis requires the Ascend-docker-runtime development kit. This software is pre-installed on the default OS. If you use a custom OS, ensure the software has been installed correctly.
Procedure
- Log in to the ModelArts console.
- In the navigation pane on the left, choose Resource Management > Lite Servers. On the displayed page, click the Task Center tab.
Figure 1 Task center
- Click Create Task in the upper left corner. On the displayed Job Templates page, locate Ascend System Configuration, and click Create Task.
Figure 2 Task template
- On the Ascend System Configuration page, set Name, Description, Server Model, and Configuration Item, agree to the terms of use, and click Create now.
Table 1 Parameters for creating a task Parameter
Description
Name
The system automatically enters the name of the system configuration task. You can change the task name.
Description
Enter the task description for quick search.
Server Model
Select a server model and select nodes in the node list. You can search for node information using keywords.
Snt9b nodes and Snt9b23 supernodes are supported.
Configuration Item
System Bug Fixes identifies and fixes Huawei Cloud EulerOS 2.0 system security vulnerabilities.
- View the task execution status in the Task Center tab.
- Click the task name to access its details page, where you can view the task details.
- On the task details page, locate the target node and click View Logs in the Operation column. In the displayed window on the right, view the detailed log about task execution. All check results are displayed in the task logs, and basic log analysis is provided.
Vulnerability Check Items
The table below describes how to fix system vulnerabilities in an Ascend system configuration task.
|
Vulnerability |
OS |
Solution |
|---|---|---|
|
ipvs_fnat |
HCE2.0 |
Checks whether the vulnerability exists. If yes, the system automatically fixes the vulnerability. |
|
openssh |
HCE2.0 |
Checks whether the vulnerability exists. If yes, the system automatically fixes the vulnerability. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
