miércoles, 31 de agosto de 2022

Ver parches instalados en un SUSE Linux



Cómo ver el historial de todos los parches instalados en SLES (SUSE Linux Enterprise Server).



En una auditoría de seguridad me pidieron que presentara un listado que mostrara todos los parches instalados en un sistema SUSE Linux Enterprise Server durante el año en curso. Tras investigar un poco, di con las siguientes maneras de encontrar dicha información.


Histórico


SLES guarda un histórico de actualizaciones en /var/log/zypp/history:

HOST # cat /var/log/zypp/history 2022-08-31 12:08:56 | install | hwinfo | 21.82-150300.3.3.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|4cb0aad9e2148b3290877e3903a9792bfb31bfc7b9cb883a5088b6e04387d682| 2022-08-31 12:08:57 | install | glibc-locale-base | 2.31-150300.37.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|e13d47fd5e6a0cc73f5c469d16360b40c7c77ae560425c34c96e5fd67e8edae6| 2022-08-31 12:08:57 | install | glibc-lang | 2.31-150300.37.1 | noarch ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|17185b24afb65caf58422923d28942ea7dc08efba88fde4608fca106f1b84879| 2022-08-31 12:08:57 | install | Mesa-libglapi0 | 20.2.4-150300.59.3.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|6170c01d46ec4b79feab1a1d5381e4328ca325f9134f73b4d80b01729c32446b| 2022-08-31 12:08:57 | install | libz1-32bit | 1.2.11-150000.3.33.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|fd6f29c14574b6daa8c8af6a17949ac9d9d68c71b7ac143a714eaa4815fee937| 2022-08-31 12:08:57 | install | libudev1-32bit |246.16-150300.7.51.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|39993ba30db3639e359662c4a70333b5f54718622309984e0c6e9a43bd08be00| 2022-08-31 12:08:57 | install | libsystemd0-32bit |246.16-150300.7.51.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|19aef524977d87bf6c4ba27e810c6e0ad849d68389cdbda5469a778895d01095| 2022-08-31 12:08:57 | install | libpcre1-32bit |8.45-150000.20.13.1 | x86_64 ||Basesystem_Module_15_SP3_x86_64:SLE-Module-Basesystem15-SP3-Updates|75a6cf6909f11a956935c6612cbac7509f33e7dca1dee6165c2698122a0be1ca| ...

Usando grep, podemos filtrar los resultados por año:

HOST # cat /var/log/zypp/history | grep 2022 | grep -E 'patch|install'


Listado


Por otro lado, podemos ver una lista con todos los parches instalados usando el siguiente comando:

HOST # zypper search --type patch --installed-only Loading repository data... Reading installed packages... S | Name | Summary | Type --+---------------------------------------------+-----------------------------+------ i | SUSE-SLE-Module-Basesystem-15-SP3-2021-1474 | Security update for ceph | patch i | SUSE-SLE-Module-Basesystem-15-SP3-2021-1481 | Recommended update for lvm2 | patch i | SUSE-SLE-Module-Basesystem-15-SP3-2021-1491 | Security update for p7zip | patch i | SUSE-SLE-Module-Basesystem-15-SP3-2021-1493 | Security update for avahi | patch i | SUSE-SLE-Module-Basesystem-15-SP3-2021-1523 | Security update for libxml2 | patch ...

Si queremos listar los parches por el CVE al que hacen referencia:

HOST # zypper list-patches --cve The following matches in issue numbers have been found: Issue | No. | Patch | Category | Severity | Status ------+---------------+-------------------+-------------+-----------+---------- cve | CVE-2015-0287 | SUSE-SLE-Module.. | recommended | moderate | needed cve | CVE-2014-3566 | SUSE-SLE-SERVER.. | recommended | moderate | not needed ...


Fuentes:

https://documentation.suse.com/sles/15-SP3/pdf/book-sle-admin_color_en.pdf
0

0 comentarios:

Publicar un comentario