On 04/12/2018 04:12 PM, Christopher Cox wrote:
On 04/12/2018 04:05 PM, Andreas Turriff wrote:
We are using Check_MK as internal monitoring solution in a PCI-DSS
compliant environment. The Check_MK package for RHEL7 has a dependency
on PHP; on RHEL7, PHP is at version 5.4, with several vulnerabilities
marked as 'wontfix' and being reported in our periodical vulnerability
scans. Is there a way to run Check_MK against a PHP version from the
Red Hat Software Collections that is more up to date than 5.4?
Alternatively, is there a way to get rid of the PHP dependency entirely?
I think the php things are all of things that integrate with check_mk,
which in many ways, makes it nice.
With regards to "wontfix", I'm guessing those are Red Hat statements?
Vulnerability checkers often times assume product version and not a
product version under support (with security mods being "backported" or
fixed, as the case with Red Hat).
Vulnerability checkers often times call things out by "name" (e.g. CVE
identifier). You can always check those things via (I include php
keyboard, but you can search by CVE):
checkmk-en mailing list