On 04/12/2018 04:05 PM, Andreas Turriff wrote:
We are using Check_MK as internal monitoring solution in a PCI-DSS
compliant environment. The Check_MK package for RHEL7 has a dependency
on PHP; on RHEL7, PHP is at version 5.4, with several vulnerabilities
marked as 'wontfix' and being reported in our periodical vulnerability
scans. Is there a way to run Check_MK against a PHP version from the Red
Hat Software Collections that is more up to date than 5.4?
Alternatively, is there a way to get rid of the PHP dependency entirely?
I think the php things are all of things that integrate with check_mk,
which in many ways, makes it nice.
With regards to "wontfix", I'm guessing those are Red Hat statements?
Vulnerability checkers often times assume product version and not a
product version under support (with security mods being "backported" or
fixed, as the case with Red Hat).
checkmk-en mailing list