On Mon, 14 Mar 2022 at 10:33, Nick Howitt via Fail2ban-users < fail2ban-users@lists.sourceforge.net> wrote:
> > > On 14/03/2022 07:36, Shamim Shahriar wrote: > > Hello > > > > I am using fail2ban on production servers running Alma Linux 8. Our > > network security scanner is constantly flagging that system complaining > > about outdated/vulnerable python on them. However, if I try to remove > > that python (with a view to install a newer version), it removes > > fail2ban as well and reinstalling fail2ban re-introduces the removed > > version of python. > > //snip > > Thank you for your thoughts and input in this matter. > > > > Best regards > > SS > Time to change your network scanner or abandon any o/s based on RHEL. > You need to understand the RHEL philosophy for stability and security. > They freeze an app version then back-port any security updates necessary > into the "older" software, so, if your version of RHEL/Alma/Rocky/Oracle > is current, you should be secure. You can investigate particular apps > for security patches with commands line (for apache) "rpm -q --changelog > httpd | grep -i CVE" and so on. > > It is the same thing with the kernel which appears to be old but > contains all the backported security fixes and stability fixes from > upstream. > > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users Thank you Nick, that makes sense. Hopefully the security team will accept the response as well. The fun part is, they are the ones advocating RHEL or RHEL based distros! Best regards SS
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
