Why Is an Alert Still Reported After I Fixed a Vulnerability?

Linux Servers

• No Yum sources have been configured.

  In this case, configure a Yum source suitable for your Linux OS. Then, fix the vulnerability again.

• The Yum source does not have the latest software upgrade package.

  Switch to the Yum source that has the corresponding software package, configure the Yum source, and then fix the vulnerability.

• The intranet cannot connect to the Internet.

  To fix vulnerabilities online, you need to connect to the Internet and use external Yum sources. If your server cannot access the Internet, or the external yum sources cannot provide stable services, you can use a Huawei Cloud image source.

• The old kernel version remains.
  Old kernel versions often remain on servers after an upgrade. You can run a fix command to check whether the kernel version in use meets the vulnerability requirements. After confirming that the kernel version is correct, you can ignore the vulnerability alert on the Risk Prevention > Vulnerabilities page on the console. For details, see Ignoring a Vulnerability. You are not advised to delete the old kernel versions.

  Table 1 Commands for verifying fixes

  OS	Fix Command
  CentOS/Fedora /Euler/Red Hat/Oracle	rpm -qa | grep Software_name
  Debian/Ubuntu	dpkg -l | grep Software_name
  Gentoo	emerge --search Software_name

• The server is not restarted after the kernel vulnerability is fixed.

  After the kernel vulnerability is fixed, you need to restart the server, or the vulnerability alert will still be reported.