diff --git a/awx/ui/client/src/inventories/insights/insights.controller.js b/awx/ui/client/src/inventories/insights/insights.controller.js index 786df445a1..b050866277 100644 --- a/awx/ui/client/src/inventories/insights/insights.controller.js +++ b/awx/ui/client/src/inventories/insights/insights.controller.js @@ -4,70 +4,45 @@ * All Rights Reserved *************************************************/ -export default [ 'InsightsData', '$scope', 'moment', '$state', 'resourceData', -function (data, $scope, moment, $state, resourceData) { +export default [ 'InsightsData', '$scope', 'moment', '$state', 'InventoryData', + 'InsightsService', +function (data, $scope, moment, $state, InventoryData, InsightsService) { function init() { - $scope.reports = data.reports; $scope.reports_dataset = data; $scope.currentFilter = "total"; - $scope.solvable_count = _.filter($scope.reports_dataset.reports, (report) => {return report.maintenance_actions.length > 0;}).length; - $scope.not_solvable_count = _.filter($scope.reports_dataset.reports, (report) => {return report.maintenance_actions.length === 0; }).length; - $scope.critical_count = 0 || _.filter($scope.reports_dataset.reports, (report) => {return report.rule.severity === "CRITICAL"; }).length; - $scope.high_count = _.filter($scope.reports_dataset.reports, (report) => {return report.rule.severity === "ERROR"; }).length; - $scope.med_count = _.filter($scope.reports_dataset.reports, (report) => {return report.rule.severity === "WARN"; }).length; - $scope.low_count = _.filter($scope.reports_dataset.reports, (report) => {return report.rule.severity === "INFO"; }).length; + $scope.solvable_count = filter('solvable').length; + $scope.not_solvable_count = filter('not_solvable').length; + $scope.critical_count = filter('critical').length; + $scope.high_count = filter('high').length; + $scope.med_count = filter('medium').length; + $scope.low_count =filter('low').length; let a = moment(), b = moment($scope.reports_dataset.last_check_in); $scope.last_check_in = a.diff(b, 'hours'); - $scope.inventory = resourceData.data; - $scope.insights_credential = resourceData.data.summary_fields.insights_credential.id; + $scope.inventory = InventoryData; + $scope.insights_credential = InventoryData.summary_fields.insights_credential.id; + } + + function filter(str){ + return InsightsService.filter(str, $scope.reports_dataset.reports); } init(); - $scope.filter = function(filter){ - $scope.currentFilter = filter; - if(filter === "total"){ - $scope.reports = $scope.reports_dataset.reports; - } - if(filter === "solvable"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.maintenance_actions.length > 0); - }); - } - if(filter === "not_solvable"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.maintenance_actions.length === 0); - }); - } - if(filter === "critical"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.rule.severity === 'CRITICAL'); - }); - } - if(filter === "high"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.rule.severity === 'ERROR'); - }); - } - if(filter === "medium"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.rule.severity === 'WARN'); - }); - } - if(filter === "low"){ - $scope.reports = _.filter($scope.reports_dataset.reports, function(report){ - return (report.rule.severity === 'INFO'); - }); - } + $scope.filterReports = function(str){ + $scope.currentFilter = str; + $scope.reports = filter(str); }; + $scope.viewDataInInsights = function(){ window.open(`https://access.redhat.com/insights/inventory?machine=${$scope.$parent.host.insights_system_id}`, '_blank'); }; + $scope.remediateInventory = function(inv_id, inv_name, insights_credential){ $state.go('templates.addJobTemplate', {inventory_id: inv_id, inventory_name:inv_name, credential_id: insights_credential}); }; + $scope.formCancel = function(){ $state.go('inventories', null, {reload: true}); }; diff --git a/awx/ui/client/src/inventories/insights/insights.partial.html b/awx/ui/client/src/inventories/insights/insights.partial.html index d0c98ae65e..e1f2ee91d3 100644 --- a/awx/ui/client/src/inventories/insights/insights.partial.html +++ b/awx/ui/client/src/inventories/insights/insights.partial.html @@ -5,31 +5,31 @@
-
Total Issues
{{reports_dataset.reports.length}}
-
Critical
{{critical_count}}
-
High
{{high_count}}
-
Medium
{{med_count}}
-
Low
@@ -38,13 +38,13 @@
-
Solvable With Playbook
{{solvable_count}}
-
Not Solvable With Playbook
diff --git a/awx/ui/client/src/inventories/insights/insights.route.js b/awx/ui/client/src/inventories/insights/insights.route.js index 3d7cf2c664..2fdb93c2e7 100644 --- a/awx/ui/client/src/inventories/insights/insights.route.js +++ b/awx/ui/client/src/inventories/insights/insights.route.js @@ -29,5 +29,26 @@ export default { }); } ], + InventoryData: ['Rest', '$stateParams', 'GetBasePath', 'ProcessErrors', 'resourceData', + (Rest, $stateParams, GetBasePath, ProcessErrors, resourceData) => { + if(resourceData.data.type === "host"){ + var path = `${GetBasePath('inventory')}${resourceData.data.inventory}`; + Rest.setUrl(path); + return Rest.get() + .then(function(data) { + return (data.data); + }).catch(function(response) { + ProcessErrors(null, response.data, response.status, null, { + hdr: 'Error!', + msg: 'Failed to get insights info. GET returned status: ' + + response.status + }); + }); + } + else if(resourceData.data.type === 'inventory'){ + return resourceData.data; + } + } + ] } }; diff --git a/awx/ui/client/src/inventories/insights/insights.service.js b/awx/ui/client/src/inventories/insights/insights.service.js new file mode 100644 index 0000000000..36082a71ed --- /dev/null +++ b/awx/ui/client/src/inventories/insights/insights.service.js @@ -0,0 +1,36 @@ +/************************************************* + * Copyright (c) 2017 Ansible, Inc. + * + * All Rights Reserved + *************************************************/ + +export default [ () => { + var val = { + filter: function(str, reports_dataset){ + let filteredSet; + if(str === "total"){ + filteredSet = reports_dataset; + } + if(str === "solvable"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.maintenance_actions.length > 0);}); + } + if(str === "not_solvable"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.maintenance_actions.length === 0);}); + } + if(str === "critical"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.rule.severity === 'CRITICAL');}); + } + if(str === "high"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.rule.severity === 'ERROR');}); + } + if(str === "medium"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.rule.severity === 'WARN');}); + } + if(str === "low"){ + filteredSet = _.filter(reports_dataset, (report)=>{return (report.rule.severity === 'INFO');}); + } + return filteredSet; + } + }; + return val; +}]; diff --git a/awx/ui/client/src/inventories/insights/main.js b/awx/ui/client/src/inventories/insights/main.js index 44573e6c9a..03fde02a8e 100644 --- a/awx/ui/client/src/inventories/insights/main.js +++ b/awx/ui/client/src/inventories/insights/main.js @@ -6,8 +6,10 @@ import controller from './insights.controller'; import planFilter from './plan-filter'; +import service from './insights.service'; export default angular.module('insightsDashboard', []) .filter('planFilter', planFilter) - .controller('InsightsController', controller); + .controller('InsightsController', controller) + .service('InsightsService', service); diff --git a/awx/ui/client/src/inventories/related-hosts/list/host-list.controller.js b/awx/ui/client/src/inventories/related-hosts/list/host-list.controller.js index f169faa6a8..83694dfee3 100644 --- a/awx/ui/client/src/inventories/related-hosts/list/host-list.controller.js +++ b/awx/ui/client/src/inventories/related-hosts/list/host-list.controller.js @@ -86,8 +86,8 @@ export default ['$scope', 'ListDefinition', '$rootScope', 'GetBasePath', $scope.editHost = function(host){ $state.go('inventories.edit.hosts.edit', {inventory_id: host.inventory_id, host_id: host.id}); }; - $scope.goToInsights = function(id){ - $state.go('inventories.edit.hosts.edit.insights', {host_id:id}); + $scope.goToInsights = function(host){ + $state.go('inventories.edit.hosts.edit.insights', {inventory_id: host.inventory_id, host_id:host.id}); }; $scope.deleteHost = function(id, name){ var body = '
Are you sure you want to permanently delete the host below from the inventory?
' + $filter('sanitize')(name) + '
'; diff --git a/awx/ui/client/src/inventories/related-hosts/related-host.list.js b/awx/ui/client/src/inventories/related-hosts/related-host.list.js index 57aea9577b..698d1cd853 100644 --- a/awx/ui/client/src/inventories/related-hosts/related-host.list.js +++ b/awx/ui/client/src/inventories/related-hosts/related-host.list.js @@ -51,7 +51,7 @@ export default { columnClass: 'col-lg-6 col-md-4 col-sm-4 col-xs-5 text-right', insights: { - ngClick: "goToInsights(host.id)", + ngClick: "goToInsights(host)", icon: 'fa-info', awToolTip: 'View Insights Data', dataPlacement: 'top', diff --git a/awx/ui/tests/spec/inventories/insights/data/high.insights-data.js b/awx/ui/tests/spec/inventories/insights/data/high.insights-data.js new file mode 100644 index 0000000000..bd0671cc8f --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/high.insights-data.js @@ -0,0 +1,149 @@ +export default [ + { + "details": { + "vulnerable_setting": "hosts: files dns", + "affected_package": "glibc-2.17-55.el7", + "error_key": "GLIBC_CVE_2015_7547" + }, + "id": 709784455, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A critical security flaw in the glibc library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.

\n", + "generic_html": "

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "error_key": "GLIBC_CVE_2015_7547", + "plugin": "CVE_2015_7547_glibc", + "description": "Remote code execution vulnerability in libresolv via crafted DNS response (CVE-2015-7547)", + "summary": "A critical security flaw in the `glibc` library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.", + "generic": "The `glibc` library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the `libresolv` part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when `libresolv` is called from the nss_dns NSS service module. This flaw is known as [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).", + "reason": "

This host is vulnerable because it has vulnerable package glibc-2.17-55.el7 installed and DNS is enabled in /etc/nsswitch.conf:

\n
hosts:      files dns\n

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2168451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:35.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating glibc and restarting the affected system:

\n
# yum update glibc\n# reboot\n

Alternatively, you can restart all affected services, but because this vulnerability affects a large amount of applications on the system, the best solution is to restart the system.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "mitigation_conf": "no", + "sysctl_live_ack_limit": "100", + "package_name": "kernel", + "sysctl_live_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit = 100", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "vulnerable_kernel": "3.10.0-123.el7", + "sysctl_conf_ack_limit": "100", + "sysctl_conf_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit=100", + "mitigation_live": "no" + }, + "id": 766342155, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n", + "generic_html": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "plugin": "CVE_2016_5696_kernel", + "description": "Kernel vulnerable to man-in-the-middle via payload injection", + "summary": "A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the [RFC 5961](https://tools.ietf.org/html/rfc5961) challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.", + "generic": "A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack ([RFC 5961](https://tools.ietf.org/html/rfc5961)) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

Your currently loaded kernel configuration contains this setting:

\n
net.ipv4.tcp_challenge_ack_limit = 100\n

Your currently stored kernel configuration is:

\n
net.ipv4.tcp_challenge_ack_limit=100\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5696](https://access.redhat.com/security/cve/CVE-2016-5696)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2438571", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying the following mitigations until the machine is restarted with the updated kernel package.

\n

Edit /etc/sysctl.conf file as root, add the mitigation configuration, and reload the kernel configuration:

\n
# echo "net.ipv4.tcp_challenge_ack_limit = 2147483647" >> /etc/sysctl.conf \n# sysctl -p\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 56045, + "maintenance_plan": { + "maintenance_id": 15875, + "name": "Payload Injection Fix", + "description": "", + "start": "2017-06-01T02:00:00.000Z", + "end": "2017-06-01T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61575, + "maintenance_plan": { + "maintenance_id": 16825, + "name": "Summit 2017 Plan 1", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66175, + "maintenance_plan": { + "maintenance_id": 19435, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71015, + "maintenance_plan": { + "maintenance_id": 19835, + "name": "Optum Payload", + "description": "", + "start": "2017-05-27T02:00:00.000Z", + "end": "2017-05-27T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + } +] diff --git a/awx/ui/tests/spec/inventories/insights/data/insights-data.js b/awx/ui/tests/spec/inventories/insights/data/insights-data.js new file mode 100644 index 0000000000..0d36f8af6a --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/insights-data.js @@ -0,0 +1,662 @@ +export default { + "toString": "ansible1.tronik-insights440.atl.redhat.com", + "isCheckingIn": true, + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "display_name": null, + "remote_branch": null, + "remote_leaf": null, + "account_number": "540155", + "hostname": "ansible1.tronik-insights440.atl.redhat.com", + "parent_id": null, + "system_type_id": 105, + "last_check_in": "2017-05-25T14:01:19.000Z", + "stale_ack": false, + "type": "machine", + "product": "rhel", + "created_at": "2016-07-26T23:31:13.000Z", + "updated_at": "2017-05-25T14:01:19.000Z", + "unregistered_at": null, + "reports": [{ + "details": { + "vulnerable_setting": "hosts: files dns", + "affected_package": "glibc-2.17-55.el7", + "error_key": "GLIBC_CVE_2015_7547" + }, + "id": 709784455, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A critical security flaw in the glibc library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.

\n", + "generic_html": "

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "error_key": "GLIBC_CVE_2015_7547", + "plugin": "CVE_2015_7547_glibc", + "description": "Remote code execution vulnerability in libresolv via crafted DNS response (CVE-2015-7547)", + "summary": "A critical security flaw in the `glibc` library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.", + "generic": "The `glibc` library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the `libresolv` part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when `libresolv` is called from the nss_dns NSS service module. This flaw is known as [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).", + "reason": "

This host is vulnerable because it has vulnerable package glibc-2.17-55.el7 installed and DNS is enabled in /etc/nsswitch.conf:

\n
hosts:      files dns\n

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2168451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:35.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating glibc and restarting the affected system:

\n
# yum update glibc\n# reboot\n

Alternatively, you can restart all affected services, but because this vulnerability affects a large amount of applications on the system, the best solution is to restart the system.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "affected_kernel": "3.10.0-123.el7", + "error_key": "KERNEL_CVE-2016-0728" + }, + "id": 709784465, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as CVE-2016-0728.

\n", + "generic_html": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

Red Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "error_key": "KERNEL_CVE-2016-0728", + "plugin": "CVE_2016_0728_kernel", + "description": "Kernel key management subsystem vulnerable to local privilege escalation (CVE-2016-0728)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).", + "generic": "A vulnerability in the Linux kernel rated **Important** was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n\nRed Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the [systemtap patch](https://bugzilla.redhat.com/attachment.cgi?id=1116284&action=edit) to update your running kernel.", + "reason": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

The host is vulnerable as it is running kernel-3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaws and versions of the package that are vulnerable see [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2130791", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:37.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update kernel and reboot. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n
# yum update kernel\n# reboot\n-or-\n# debuginfo-install kernel     (or equivalent)\n# stap -vgt -Gfix_p=1 -Gtrace_p=0 cve20160728e.stp\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "processes_listening_int": [], + "processes_listening_ext": [], + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "processes_listening": [], + "processes_names": [], + "vulnerable_package": "openssl-libs-1.0.1e-34.el7" + }, + "id": 709784475, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned CVE-2016-0800 and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.

\n", + "generic_html": "

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "plugin": "CVE_2016_0800_openssl_drown", + "description": "OpenSSL vulnerable to very efficient session decryption (CVE-2016-0800/Special DROWN)", + "summary": "A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800) and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.", + "generic": "A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.\n\nA more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see [CVE-2015-0293](https://access.redhat.com/security/cve/CVE-2015-0293)).", + "reason": "

This host is vulnerable because it has vulnerable package openssl-libs-1.0.1e-34.el7 installed.

\n

This package does not have a patch for CVE-2015-0293 applied, which makes the system especially vulnerable. This is known as Special DROWN. An attacker can use this flaw to perform active man-in-the-middle (MITM) attacks and impersonate a TLS server to connecting TLS client in a matter of minutes.

\n

Fortunately, it does not seem to run any processes that use OpenSSL libraries.

\n

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2174451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 3, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update openssl and restart the affected system:

\n
# yum update openssl\n# reboot\n

Alternatively, you can restart all affected services (that is, the ones linked to the openssl library), especially those listening on public IP addresses.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "vulnerable_kernel": "3.10.0-123.el7", + "package_name": "kernel", + "error_key": "KERNEL_CVE_2016_5195" + }, + "id": 709784485, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.

\n", + "generic_html": "

A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.

\n

A process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "error_key": "KERNEL_CVE_2016_5195", + "plugin": "CVE_2016_5195_kernel", + "description": "Kernel vulnerable to privilege escalation via permission bypass (CVE-2016-5195)", + "summary": "A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.", + "generic": "A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.\n\nA process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally have read-only access to and thus increase their privileges on the system.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5195](https://access.redhat.com/security/cve/CVE-2016-5195)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2706661", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying mitigations until the machine is restarted with the updated kernel package.

\n

Please refer to the Resolve Tab in the vulnerability article for information about the mitigation and the latest information.

\n" + }, + "maintenance_actions": [{ + "done": false, + "id": 29885, + "maintenance_plan": { + "maintenance_id": 12195, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-jnewton", + "silenced": false, + "hidden": true, + "suggestion": "proposed", + "remote_branch": null + } + }] + }, { + "details": { + "package": "bash-4.2.45-5.el7", + "error_key": "VULNERABLE_BASH_DETECTED" + }, + "id": 709784505, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.

\n", + "generic_html": "

Hosts running earlier versions of bash are affected by the code injection vulnerability known as Shellshock.

\n", + "more_info_html": "

For further information about this critical vulnerability, see:

\n\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": true, + "ansible_mitigation": false, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "error_key": "VULNERABLE_BASH_DETECTED", + "plugin": "bash_injection", + "description": "Bash locally vulnerable via environment variables (CVE-2014-6271, CVE-2014-7169/Shellshock)", + "summary": "In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.", + "generic": "Hosts running earlier versions of `bash` are affected by the code injection vulnerability known as **Shellshock**.", + "reason": "

This host is running a version of bash that is affected by the code injection vulnerability known as Shellshock.

\n

The package affected is bash-4.2.45-5.el7.

\n", + "type": null, + "more_info": "For further information about this **critical** vulnerability, see:\n* [Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)](https://access.redhat.com/articles/1200223)\n* [CVE-2014-6271](https://access.redhat.com/security/cve/CVE-2014-6271)\n* [CVE-2014-7169](https://access.redhat.com/security/cve/CVE-2014-7169)", + "active": true, + "node_id": "1200223", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you upgrade bash immediately:

\n
# yum update bash\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "detected_problem_log_perms": [{ + "log_perms_dirfilename": "/var/log/cron", + "log_perms_sensitive": true, + "log_perms_ls_line": "-rw-r--r--. 1 root root 15438 May 25 10:01 cron" + }], + "error_key": "HARDENING_LOGGING_3_LOG_PERMS" + }, + "id": 709784525, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.

\n", + "generic_html": "

Issues related to system logging and auditing were detected on your system.

\n

Red Hat recommends that the logging service rsyslog and the auditing service auditd are enabled and that log files in /var/log have secure permissions.

\n", + "more_info_html": "\n", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "error_key": "HARDENING_LOGGING_3_LOG_PERMS", + "plugin": "hardening_logging_log_perms", + "description": "Decreased security in system logging permissions", + "summary": "Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.\n", + "generic": "Issues related to system logging and auditing were detected on your system.\n\nRed Hat recommends that the logging service `rsyslog` and the auditing service `auditd` are enabled and that log files in `/var/log` have secure permissions.\n", + "reason": "

Log files have permission issues.

\n

The following files or directories in /var/log have file permissions that differ from the default RHEL configuration and are possibly non-secure. Red Hat recommends that the file permissions be adjusted to more secure settings.

\n\n \n \n \n \n \n\n\n\n\n\n\n\n
File or directory nameDetected problemOutput from ls -l
/var/log/cronUsers other than root can read or write.-rw-r--r--. 1 root root 15438 May 25 10:01 cron
\n\n\n\n", + "type": null, + "more_info": "* [Why is `/var/log/cron` world readable in RHEL7?](https://access.redhat.com/solutions/1491573)\n* [Using the chkconfig Utility](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-services-chkconfig.html) to configure services on RHEL 6\n* [Managing System Services](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html) to configure services on RHEL 7\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2017-05-16T04:08:34.000Z", + "rec_impact": 1, + "rec_likelihood": 1, + "resolution": "

Red Hat recommends that you perform the following adjustments:

\n

Fixing permission issues depends on whether there is a designated safe group on your system that has Read access to the log files. This situation might exist if you want to allow certain administrators to see the log files without becoming root. To prevent log tampering, no other user than root should have permissions to Write to the log files. (The btmp and wtmp files are owned by the utmp group but other users should still be unable to write to them.)

\n

Fix for a default RHEL configuration

\n

(No designated group for reading log files)

\n
chown root:root /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n

Fix for a configuration with a designated safe group for reading log files

\n

In the following lines, substitute the name of your designated safe group for the string safegroup:

\n
chown root:safegroup /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "filesystems": [{ + "usage": "99", + "mountpoint": "/" + }, { + "usage": "99", + "mountpoint": "/" + }], + "error_key": "FILESYSTEM_CAPACITY" + }, + "id": 709784535, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "generic_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "more_info_html": "

How to increase the filesystem size?\nHow do I find out what is using disk space?

\n", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "error_key": "FILESYSTEM_CAPACITY", + "plugin": "filesystem_capacity", + "description": "Decreased stability and/or performance due to filesystem over 95% capacity", + "summary": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "generic": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "reason": "

This host has the following file systems nearing or at capacity:

\n
    \n\n
  • Filesystem: / Usage: 99%
    • \n\n
  • Filesystem: / Usage: 99%
    • \n\n
", + "type": null, + "more_info": "[How to increase the filesystem size?](https://access.redhat.com/solutions/21820)\n[How do I find out what is using disk space?](https://access.redhat.com/solutions/1154683)\n", + "active": true, + "node_id": "1154683", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 3, + "resolution": "

To solve the issue, Red Hat recommends that you either add more storage capacity to the identified file systems, or remove unnecessary files to reduce the current usage.\nPlease refer to more_information part for more detailed steps.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "msg": "[ 0.000000] crashkernel=auto resulted in zero bytes of reserved memory.", + "auto_with_low_ram": true, + "rhel_ver": 7, + "error_key": "CRASHKERNEL_RESERVATION_FAILED" + }, + "id": 709784555, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.

\n", + "generic_html": "

Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "more_info_html": "", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "error_key": "CRASHKERNEL_RESERVATION_FAILED", + "plugin": "crashkernel_reservation_failed", + "description": "Kdump crashkernel reservation failed due to improper configuration of crashkernel parameter", + "summary": "The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.\n", + "generic": "Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.", + "reason": "

This host is unable to reserve memory for the kdump kernel:

\n
[    0.000000] crashkernel=auto resulted in zero bytes of reserved memory.\n

This means the kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "59432", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 1, + "rec_likelihood": 3, + "resolution": "

To fix this issue, Red Hat recommends that you change the crashkernel setting in the grub.conf file.

\n

This host failed to reserved memory with auto crashkernel parameter due to low physical memory. The memory must be reserved by explicitly requesting the reservation size, for example: crashkernel=128M.

\n

For details of crashkernel setting, please refer to the Knowledge article How should the crashkernel parameter be configured for using kdump on RHEL7? to pickup the setting specifically for your host.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION" + }, + "id": 709784565, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "generic_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "more_info_html": "", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "plugin": "tzdata_need_upgrade", + "description": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale", + "summary": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "generic": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "reason": "

This system running as a non-NTP system is following the UTC timescale. In this situation, manual correction is required to avoid system clock inaccuracy when a leap second event happens.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "1465713", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 1, + "resolution": "

The system clock of this system needs manual correction when a leap second event happens. For example:

\n
\n\n# date -s \"20170101 HH:MM:SS\"\n\n
\n\n

You need to replace "HH:MM:SS" with the accurate time after the leap second occurs.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "selinux_info": true, + "package_name": "kernel", + "selinux_enforcing": true, + "selinux_can_help": true, + "minimal_selinux_policy": "selinux-policy-3.13.1-81.el7", + "selinux_enabled": true, + "vulnerable_kernel": "3.10.0-123.el7", + "active_policy": "selinux-policy-3.12.1-153.el7", + "dccp_loading_disabled": null, + "error_key": "KERNEL_CVE_2017_6074", + "enough_policy": false, + "dccp_loaded": null, + "mitigation_info": false + }, + "id": 709784575, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.

\n

An attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.

\n

Red Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "error_key": "KERNEL_CVE_2017_6074", + "plugin": "CVE_2017_6074_kernel", + "description": "Kernel vulnerable to local privilege escalation via DCCP module (CVE-2017-6074)", + "summary": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074). An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.\n", + "generic": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. \n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.\n\nAn attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.\n\nRed Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.\n", + "reason": "

A use-after-free flaw was found within the Linux kernel IPv6 DCCP network protocol code.

\n

This host is affected because:

\n
  • It is running kernel 3.10.0-123.el7.
  • SELinux policy is outdated.
\n\n\n\n\n\n\n

Your installed SELinux policy is selinux-policy-3.12.1-153.el7; however, to mitigate the issue, the earliest required version is selinux-policy-3.13.1-81.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074).\n* To learn how to upgrade packages, see [What is yum and how do I use it?](https://access.redhat.com/solutions/9934).\n* For more information about SELinux, see [Benefits of running SELinux](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n

Alternatively, apply one of the following mitigations:

\n
Update SELinux policy
\n

Update your SELinux policy:

\n
# yum update selinux-policy\n

The system does not provide enough information for Insights about loaded kernel modules. It is not possible to recommend a mitigation based on kernel modules.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "mitigation_conf": "no", + "sysctl_live_ack_limit": "100", + "package_name": "kernel", + "sysctl_live_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit = 100", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "vulnerable_kernel": "3.10.0-123.el7", + "sysctl_conf_ack_limit": "100", + "sysctl_conf_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit=100", + "mitigation_live": "no" + }, + "id": 766342155, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n", + "generic_html": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "plugin": "CVE_2016_5696_kernel", + "description": "Kernel vulnerable to man-in-the-middle via payload injection", + "summary": "A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the [RFC 5961](https://tools.ietf.org/html/rfc5961) challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.", + "generic": "A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack ([RFC 5961](https://tools.ietf.org/html/rfc5961)) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

Your currently loaded kernel configuration contains this setting:

\n
net.ipv4.tcp_challenge_ack_limit = 100\n

Your currently stored kernel configuration is:

\n
net.ipv4.tcp_challenge_ack_limit=100\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5696](https://access.redhat.com/security/cve/CVE-2016-5696)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2438571", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying the following mitigations until the machine is restarted with the updated kernel package.

\n

Edit /etc/sysctl.conf file as root, add the mitigation configuration, and reload the kernel configuration:

\n
# echo "net.ipv4.tcp_challenge_ack_limit = 2147483647" >> /etc/sysctl.conf \n# sysctl -p\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 56045, + "maintenance_plan": { + "maintenance_id": 15875, + "name": "Payload Injection Fix", + "description": "", + "start": "2017-06-01T02:00:00.000Z", + "end": "2017-06-01T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61575, + "maintenance_plan": { + "maintenance_id": 16825, + "name": "Summit 2017 Plan 1", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66175, + "maintenance_plan": { + "maintenance_id": 19435, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71015, + "maintenance_plan": { + "maintenance_id": 19835, + "name": "Optum Payload", + "description": "", + "start": "2017-05-27T02:00:00.000Z", + "end": "2017-05-27T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + }, { + "details": { + "mod_loading_disabled": null, + "package_name": "kernel", + "error_key": "KERNEL_CVE_2017_2636", + "vulnerable_kernel": "3.10.0-123.el7", + "mod_loaded": null, + "mitigation_info": false + }, + "id": 766342165, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as CVE-2017-2636.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.

\n

An attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.

\n

Red Hat recommends that you use the proposed mitigation to disable the N_HDLC module.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "error_key": "KERNEL_CVE_2017_2636", + "plugin": "CVE_2017_2636_kernel", + "description": "Kernel vulnerable to local privilege escalation via n_hdlc module (CVE-2017-2636)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636).\n", + "generic": "A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.\n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.\n\nAn attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nRed Hat recommends that you use the proposed mitigation to disable the N_HDLC module.\n", + "reason": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636) and [CVE-2017-2636 article](https://access.redhat.com/security/vulnerabilities/CVE-2017-2636).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 58335, + "maintenance_plan": { + "maintenance_id": 16545, + "name": "Insights Summit 2017 - n_HDLC", + "description": "", + "start": "2017-05-06T02:00:00.000Z", + "end": "2017-05-06T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61895, + "maintenance_plan": { + "maintenance_id": 16835, + "name": "Summit 2017 N_HDLC", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66225, + "maintenance_plan": { + "maintenance_id": 19445, + "name": "Seattle's Best Plan", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71075, + "maintenance_plan": { + "maintenance_id": 19845, + "name": "Optum N_HDLC FIX", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + }] +} diff --git a/awx/ui/tests/spec/inventories/insights/data/low.insights-data.js b/awx/ui/tests/spec/inventories/insights/data/low.insights-data.js new file mode 100644 index 0000000000..568e1d76e4 --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/low.insights-data.js @@ -0,0 +1,84 @@ +export default [ + { + "details": { + "detected_problem_log_perms": [{ + "log_perms_dirfilename": "/var/log/cron", + "log_perms_sensitive": true, + "log_perms_ls_line": "-rw-r--r--. 1 root root 15438 May 25 10:01 cron" + }], + "error_key": "HARDENING_LOGGING_3_LOG_PERMS" + }, + "id": 709784525, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.

\n", + "generic_html": "

Issues related to system logging and auditing were detected on your system.

\n

Red Hat recommends that the logging service rsyslog and the auditing service auditd are enabled and that log files in /var/log have secure permissions.

\n", + "more_info_html": "\n", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "error_key": "HARDENING_LOGGING_3_LOG_PERMS", + "plugin": "hardening_logging_log_perms", + "description": "Decreased security in system logging permissions", + "summary": "Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.\n", + "generic": "Issues related to system logging and auditing were detected on your system.\n\nRed Hat recommends that the logging service `rsyslog` and the auditing service `auditd` are enabled and that log files in `/var/log` have secure permissions.\n", + "reason": "

Log files have permission issues.

\n

The following files or directories in /var/log have file permissions that differ from the default RHEL configuration and are possibly non-secure. Red Hat recommends that the file permissions be adjusted to more secure settings.

\n\n \n \n \n \n \n\n\n\n\n\n\n\n
File or directory nameDetected problemOutput from ls -l
/var/log/cronUsers other than root can read or write.-rw-r--r--. 1 root root 15438 May 25 10:01 cron
\n\n\n\n", + "type": null, + "more_info": "* [Why is `/var/log/cron` world readable in RHEL7?](https://access.redhat.com/solutions/1491573)\n* [Using the chkconfig Utility](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-services-chkconfig.html) to configure services on RHEL 6\n* [Managing System Services](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html) to configure services on RHEL 7\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2017-05-16T04:08:34.000Z", + "rec_impact": 1, + "rec_likelihood": 1, + "resolution": "

Red Hat recommends that you perform the following adjustments:

\n

Fixing permission issues depends on whether there is a designated safe group on your system that has Read access to the log files. This situation might exist if you want to allow certain administrators to see the log files without becoming root. To prevent log tampering, no other user than root should have permissions to Write to the log files. (The btmp and wtmp files are owned by the utmp group but other users should still be unable to write to them.)

\n

Fix for a default RHEL configuration

\n

(No designated group for reading log files)

\n
chown root:root /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n

Fix for a configuration with a designated safe group for reading log files

\n

In the following lines, substitute the name of your designated safe group for the string safegroup:

\n
chown root:safegroup /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION" + }, + "id": 709784565, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "generic_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "more_info_html": "", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "plugin": "tzdata_need_upgrade", + "description": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale", + "summary": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "generic": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "reason": "

This system running as a non-NTP system is following the UTC timescale. In this situation, manual correction is required to avoid system clock inaccuracy when a leap second event happens.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "1465713", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 1, + "resolution": "

The system clock of this system needs manual correction when a leap second event happens. For example:

\n
\n\n# date -s \"20170101 HH:MM:SS\"\n\n
\n\n

You need to replace "HH:MM:SS" with the accurate time after the leap second occurs.

\n" + }, + "maintenance_actions": [] + } +] diff --git a/awx/ui/tests/spec/inventories/insights/data/medium.insights-data.js b/awx/ui/tests/spec/inventories/insights/data/medium.insights-data.js new file mode 100644 index 0000000000..0e251f8d74 --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/medium.insights-data.js @@ -0,0 +1,418 @@ +export default [ + { + "details": { + "affected_kernel": "3.10.0-123.el7", + "error_key": "KERNEL_CVE-2016-0728" + }, + "id": 709784465, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as CVE-2016-0728.

\n", + "generic_html": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

Red Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "error_key": "KERNEL_CVE-2016-0728", + "plugin": "CVE_2016_0728_kernel", + "description": "Kernel key management subsystem vulnerable to local privilege escalation (CVE-2016-0728)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).", + "generic": "A vulnerability in the Linux kernel rated **Important** was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n\nRed Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the [systemtap patch](https://bugzilla.redhat.com/attachment.cgi?id=1116284&action=edit) to update your running kernel.", + "reason": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

The host is vulnerable as it is running kernel-3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaws and versions of the package that are vulnerable see [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2130791", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:37.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update kernel and reboot. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n
# yum update kernel\n# reboot\n-or-\n# debuginfo-install kernel     (or equivalent)\n# stap -vgt -Gfix_p=1 -Gtrace_p=0 cve20160728e.stp\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "processes_listening_int": [], + "processes_listening_ext": [], + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "processes_listening": [], + "processes_names": [], + "vulnerable_package": "openssl-libs-1.0.1e-34.el7" + }, + "id": 709784475, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned CVE-2016-0800 and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.

\n", + "generic_html": "

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "plugin": "CVE_2016_0800_openssl_drown", + "description": "OpenSSL vulnerable to very efficient session decryption (CVE-2016-0800/Special DROWN)", + "summary": "A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800) and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.", + "generic": "A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.\n\nA more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see [CVE-2015-0293](https://access.redhat.com/security/cve/CVE-2015-0293)).", + "reason": "

This host is vulnerable because it has vulnerable package openssl-libs-1.0.1e-34.el7 installed.

\n

This package does not have a patch for CVE-2015-0293 applied, which makes the system especially vulnerable. This is known as Special DROWN. An attacker can use this flaw to perform active man-in-the-middle (MITM) attacks and impersonate a TLS server to connecting TLS client in a matter of minutes.

\n

Fortunately, it does not seem to run any processes that use OpenSSL libraries.

\n

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2174451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 3, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update openssl and restart the affected system:

\n
# yum update openssl\n# reboot\n

Alternatively, you can restart all affected services (that is, the ones linked to the openssl library), especially those listening on public IP addresses.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "vulnerable_kernel": "3.10.0-123.el7", + "package_name": "kernel", + "error_key": "KERNEL_CVE_2016_5195" + }, + "id": 709784485, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.

\n", + "generic_html": "

A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.

\n

A process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "error_key": "KERNEL_CVE_2016_5195", + "plugin": "CVE_2016_5195_kernel", + "description": "Kernel vulnerable to privilege escalation via permission bypass (CVE-2016-5195)", + "summary": "A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.", + "generic": "A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.\n\nA process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally have read-only access to and thus increase their privileges on the system.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5195](https://access.redhat.com/security/cve/CVE-2016-5195)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2706661", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying mitigations until the machine is restarted with the updated kernel package.

\n

Please refer to the Resolve Tab in the vulnerability article for information about the mitigation and the latest information.

\n" + }, + "maintenance_actions": [{ + "done": false, + "id": 29885, + "maintenance_plan": { + "maintenance_id": 12195, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-jnewton", + "silenced": false, + "hidden": true, + "suggestion": "proposed", + "remote_branch": null + } + }] + }, { + "details": { + "package": "bash-4.2.45-5.el7", + "error_key": "VULNERABLE_BASH_DETECTED" + }, + "id": 709784505, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.

\n", + "generic_html": "

Hosts running earlier versions of bash are affected by the code injection vulnerability known as Shellshock.

\n", + "more_info_html": "

For further information about this critical vulnerability, see:

\n\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": true, + "ansible_mitigation": false, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "error_key": "VULNERABLE_BASH_DETECTED", + "plugin": "bash_injection", + "description": "Bash locally vulnerable via environment variables (CVE-2014-6271, CVE-2014-7169/Shellshock)", + "summary": "In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.", + "generic": "Hosts running earlier versions of `bash` are affected by the code injection vulnerability known as **Shellshock**.", + "reason": "

This host is running a version of bash that is affected by the code injection vulnerability known as Shellshock.

\n

The package affected is bash-4.2.45-5.el7.

\n", + "type": null, + "more_info": "For further information about this **critical** vulnerability, see:\n* [Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)](https://access.redhat.com/articles/1200223)\n* [CVE-2014-6271](https://access.redhat.com/security/cve/CVE-2014-6271)\n* [CVE-2014-7169](https://access.redhat.com/security/cve/CVE-2014-7169)", + "active": true, + "node_id": "1200223", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you upgrade bash immediately:

\n
# yum update bash\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "filesystems": [{ + "usage": "99", + "mountpoint": "/" + }, { + "usage": "99", + "mountpoint": "/" + }], + "error_key": "FILESYSTEM_CAPACITY" + }, + "id": 709784535, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "generic_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "more_info_html": "

How to increase the filesystem size?\nHow do I find out what is using disk space?

\n", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "error_key": "FILESYSTEM_CAPACITY", + "plugin": "filesystem_capacity", + "description": "Decreased stability and/or performance due to filesystem over 95% capacity", + "summary": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "generic": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "reason": "

This host has the following file systems nearing or at capacity:

\n
    \n\n
  • Filesystem: / Usage: 99%
    • \n\n
  • Filesystem: / Usage: 99%
    • \n\n
", + "type": null, + "more_info": "[How to increase the filesystem size?](https://access.redhat.com/solutions/21820)\n[How do I find out what is using disk space?](https://access.redhat.com/solutions/1154683)\n", + "active": true, + "node_id": "1154683", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 3, + "resolution": "

To solve the issue, Red Hat recommends that you either add more storage capacity to the identified file systems, or remove unnecessary files to reduce the current usage.\nPlease refer to more_information part for more detailed steps.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "msg": "[ 0.000000] crashkernel=auto resulted in zero bytes of reserved memory.", + "auto_with_low_ram": true, + "rhel_ver": 7, + "error_key": "CRASHKERNEL_RESERVATION_FAILED" + }, + "id": 709784555, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.

\n", + "generic_html": "

Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "more_info_html": "", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "error_key": "CRASHKERNEL_RESERVATION_FAILED", + "plugin": "crashkernel_reservation_failed", + "description": "Kdump crashkernel reservation failed due to improper configuration of crashkernel parameter", + "summary": "The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.\n", + "generic": "Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.", + "reason": "

This host is unable to reserve memory for the kdump kernel:

\n
[    0.000000] crashkernel=auto resulted in zero bytes of reserved memory.\n

This means the kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "59432", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 1, + "rec_likelihood": 3, + "resolution": "

To fix this issue, Red Hat recommends that you change the crashkernel setting in the grub.conf file.

\n

This host failed to reserved memory with auto crashkernel parameter due to low physical memory. The memory must be reserved by explicitly requesting the reservation size, for example: crashkernel=128M.

\n

For details of crashkernel setting, please refer to the Knowledge article How should the crashkernel parameter be configured for using kdump on RHEL7? to pickup the setting specifically for your host.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "selinux_info": true, + "package_name": "kernel", + "selinux_enforcing": true, + "selinux_can_help": true, + "minimal_selinux_policy": "selinux-policy-3.13.1-81.el7", + "selinux_enabled": true, + "vulnerable_kernel": "3.10.0-123.el7", + "active_policy": "selinux-policy-3.12.1-153.el7", + "dccp_loading_disabled": null, + "error_key": "KERNEL_CVE_2017_6074", + "enough_policy": false, + "dccp_loaded": null, + "mitigation_info": false + }, + "id": 709784575, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.

\n

An attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.

\n

Red Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "error_key": "KERNEL_CVE_2017_6074", + "plugin": "CVE_2017_6074_kernel", + "description": "Kernel vulnerable to local privilege escalation via DCCP module (CVE-2017-6074)", + "summary": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074). An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.\n", + "generic": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. \n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.\n\nAn attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.\n\nRed Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.\n", + "reason": "

A use-after-free flaw was found within the Linux kernel IPv6 DCCP network protocol code.

\n

This host is affected because:

\n
  • It is running kernel 3.10.0-123.el7.
  • SELinux policy is outdated.
\n\n\n\n\n\n\n

Your installed SELinux policy is selinux-policy-3.12.1-153.el7; however, to mitigate the issue, the earliest required version is selinux-policy-3.13.1-81.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074).\n* To learn how to upgrade packages, see [What is yum and how do I use it?](https://access.redhat.com/solutions/9934).\n* For more information about SELinux, see [Benefits of running SELinux](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n

Alternatively, apply one of the following mitigations:

\n
Update SELinux policy
\n

Update your SELinux policy:

\n
# yum update selinux-policy\n

The system does not provide enough information for Insights about loaded kernel modules. It is not possible to recommend a mitigation based on kernel modules.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "mod_loading_disabled": null, + "package_name": "kernel", + "error_key": "KERNEL_CVE_2017_2636", + "vulnerable_kernel": "3.10.0-123.el7", + "mod_loaded": null, + "mitigation_info": false + }, + "id": 766342165, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as CVE-2017-2636.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.

\n

An attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.

\n

Red Hat recommends that you use the proposed mitigation to disable the N_HDLC module.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "error_key": "KERNEL_CVE_2017_2636", + "plugin": "CVE_2017_2636_kernel", + "description": "Kernel vulnerable to local privilege escalation via n_hdlc module (CVE-2017-2636)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636).\n", + "generic": "A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.\n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.\n\nAn attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nRed Hat recommends that you use the proposed mitigation to disable the N_HDLC module.\n", + "reason": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636) and [CVE-2017-2636 article](https://access.redhat.com/security/vulnerabilities/CVE-2017-2636).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 58335, + "maintenance_plan": { + "maintenance_id": 16545, + "name": "Insights Summit 2017 - n_HDLC", + "description": "", + "start": "2017-05-06T02:00:00.000Z", + "end": "2017-05-06T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61895, + "maintenance_plan": { + "maintenance_id": 16835, + "name": "Summit 2017 N_HDLC", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66225, + "maintenance_plan": { + "maintenance_id": 19445, + "name": "Seattle's Best Plan", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71075, + "maintenance_plan": { + "maintenance_id": 19845, + "name": "Optum N_HDLC FIX", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + } +] diff --git a/awx/ui/tests/spec/inventories/insights/data/not_solvable.insights-data.js b/awx/ui/tests/spec/inventories/insights/data/not_solvable.insights-data.js new file mode 100644 index 0000000000..6646964585 --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/not_solvable.insights-data.js @@ -0,0 +1,381 @@ +export default [ + { + "details": { + "vulnerable_setting": "hosts: files dns", + "affected_package": "glibc-2.17-55.el7", + "error_key": "GLIBC_CVE_2015_7547" + }, + "id": 709784455, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A critical security flaw in the glibc library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.

\n", + "generic_html": "

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547", + "error_key": "GLIBC_CVE_2015_7547", + "plugin": "CVE_2015_7547_glibc", + "description": "Remote code execution vulnerability in libresolv via crafted DNS response (CVE-2015-7547)", + "summary": "A critical security flaw in the `glibc` library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.", + "generic": "The `glibc` library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the `libresolv` part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when `libresolv` is called from the nss_dns NSS service module. This flaw is known as [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).", + "reason": "

This host is vulnerable because it has vulnerable package glibc-2.17-55.el7 installed and DNS is enabled in /etc/nsswitch.conf:

\n
hosts:      files dns\n

The glibc library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the libresolv part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw is known as CVE-2015-7547.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2168451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:35.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating glibc and restarting the affected system:

\n
# yum update glibc\n# reboot\n

Alternatively, you can restart all affected services, but because this vulnerability affects a large amount of applications on the system, the best solution is to restart the system.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "affected_kernel": "3.10.0-123.el7", + "error_key": "KERNEL_CVE-2016-0728" + }, + "id": 709784465, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as CVE-2016-0728.

\n", + "generic_html": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

Red Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728", + "error_key": "KERNEL_CVE-2016-0728", + "plugin": "CVE_2016_0728_kernel", + "description": "Kernel key management subsystem vulnerable to local privilege escalation (CVE-2016-0728)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).", + "generic": "A vulnerability in the Linux kernel rated **Important** was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n\nRed Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the [systemtap patch](https://bugzilla.redhat.com/attachment.cgi?id=1116284&action=edit) to update your running kernel.", + "reason": "

A vulnerability in the Linux kernel rated Important was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as CVE-2016-0728.

\n

The host is vulnerable as it is running kernel-3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaws and versions of the package that are vulnerable see [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2130791", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:37.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update kernel and reboot. If you cannot reboot now, consider applying the systemtap patch to update your running kernel.

\n
# yum update kernel\n# reboot\n-or-\n# debuginfo-install kernel     (or equivalent)\n# stap -vgt -Gfix_p=1 -Gtrace_p=0 cve20160728e.stp\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "processes_listening_int": [], + "processes_listening_ext": [], + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "processes_listening": [], + "processes_names": [], + "vulnerable_package": "openssl-libs-1.0.1e-34.el7" + }, + "id": 709784475, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned CVE-2016-0800 and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.

\n", + "generic_html": "

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "error_key": "OPENSSL_CVE_2016_0800_SPECIAL_DROWN", + "plugin": "CVE_2016_0800_openssl_drown", + "description": "OpenSSL vulnerable to very efficient session decryption (CVE-2016-0800/Special DROWN)", + "summary": "A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800) and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.", + "generic": "A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.\n\nA more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see [CVE-2015-0293](https://access.redhat.com/security/cve/CVE-2015-0293)).", + "reason": "

This host is vulnerable because it has vulnerable package openssl-libs-1.0.1e-34.el7 installed.

\n

This package does not have a patch for CVE-2015-0293 applied, which makes the system especially vulnerable. This is known as Special DROWN. An attacker can use this flaw to perform active man-in-the-middle (MITM) attacks and impersonate a TLS server to connecting TLS client in a matter of minutes.

\n

Fortunately, it does not seem to run any processes that use OpenSSL libraries.

\n

A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.

\n

A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see CVE-2015-0293).

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2174451", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 3, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update openssl and restart the affected system:

\n
# yum update openssl\n# reboot\n

Alternatively, you can restart all affected services (that is, the ones linked to the openssl library), especially those listening on public IP addresses.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "package": "bash-4.2.45-5.el7", + "error_key": "VULNERABLE_BASH_DETECTED" + }, + "id": 709784505, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.

\n", + "generic_html": "

Hosts running earlier versions of bash are affected by the code injection vulnerability known as Shellshock.

\n", + "more_info_html": "

For further information about this critical vulnerability, see:

\n\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": true, + "ansible_mitigation": false, + "rule_id": "bash_injection|VULNERABLE_BASH_DETECTED", + "error_key": "VULNERABLE_BASH_DETECTED", + "plugin": "bash_injection", + "description": "Bash locally vulnerable via environment variables (CVE-2014-6271, CVE-2014-7169/Shellshock)", + "summary": "In September 2014, an exploitable bug known as Shellshock was discovered in commonly shipped versions of the bash shell.", + "generic": "Hosts running earlier versions of `bash` are affected by the code injection vulnerability known as **Shellshock**.", + "reason": "

This host is running a version of bash that is affected by the code injection vulnerability known as Shellshock.

\n

The package affected is bash-4.2.45-5.el7.

\n", + "type": null, + "more_info": "For further information about this **critical** vulnerability, see:\n* [Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)](https://access.redhat.com/articles/1200223)\n* [CVE-2014-6271](https://access.redhat.com/security/cve/CVE-2014-6271)\n* [CVE-2014-7169](https://access.redhat.com/security/cve/CVE-2014-7169)", + "active": true, + "node_id": "1200223", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you upgrade bash immediately:

\n
# yum update bash\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "detected_problem_log_perms": [{ + "log_perms_dirfilename": "/var/log/cron", + "log_perms_sensitive": true, + "log_perms_ls_line": "-rw-r--r--. 1 root root 15438 May 25 10:01 cron" + }], + "error_key": "HARDENING_LOGGING_3_LOG_PERMS" + }, + "id": 709784525, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.

\n", + "generic_html": "

Issues related to system logging and auditing were detected on your system.

\n

Red Hat recommends that the logging service rsyslog and the auditing service auditd are enabled and that log files in /var/log have secure permissions.

\n", + "more_info_html": "\n", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "hardening_logging_log_perms|HARDENING_LOGGING_3_LOG_PERMS", + "error_key": "HARDENING_LOGGING_3_LOG_PERMS", + "plugin": "hardening_logging_log_perms", + "description": "Decreased security in system logging permissions", + "summary": "Issues related to system logging and auditing were detected on your system. Important services are disabled or log file permissions are not secure.\n", + "generic": "Issues related to system logging and auditing were detected on your system.\n\nRed Hat recommends that the logging service `rsyslog` and the auditing service `auditd` are enabled and that log files in `/var/log` have secure permissions.\n", + "reason": "

Log files have permission issues.

\n

The following files or directories in /var/log have file permissions that differ from the default RHEL configuration and are possibly non-secure. Red Hat recommends that the file permissions be adjusted to more secure settings.

\n\n \n \n \n \n \n\n\n\n\n\n\n\n
File or directory nameDetected problemOutput from ls -l
/var/log/cronUsers other than root can read or write.-rw-r--r--. 1 root root 15438 May 25 10:01 cron
\n\n\n\n", + "type": null, + "more_info": "* [Why is `/var/log/cron` world readable in RHEL7?](https://access.redhat.com/solutions/1491573)\n* [Using the chkconfig Utility](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-services-chkconfig.html) to configure services on RHEL 6\n* [Managing System Services](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html) to configure services on RHEL 7\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2017-05-16T04:08:34.000Z", + "rec_impact": 1, + "rec_likelihood": 1, + "resolution": "

Red Hat recommends that you perform the following adjustments:

\n

Fixing permission issues depends on whether there is a designated safe group on your system that has Read access to the log files. This situation might exist if you want to allow certain administrators to see the log files without becoming root. To prevent log tampering, no other user than root should have permissions to Write to the log files. (The btmp and wtmp files are owned by the utmp group but other users should still be unable to write to them.)

\n

Fix for a default RHEL configuration

\n

(No designated group for reading log files)

\n
chown root:root /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n

Fix for a configuration with a designated safe group for reading log files

\n

In the following lines, substitute the name of your designated safe group for the string safegroup:

\n
chown root:safegroup /var/log/cron\nchmod u=rw,g-x,o-rwx /var/log/cron\n
" + }, + "maintenance_actions": [] + }, { + "details": { + "filesystems": [{ + "usage": "99", + "mountpoint": "/" + }, { + "usage": "99", + "mountpoint": "/" + }], + "error_key": "FILESYSTEM_CAPACITY" + }, + "id": 709784535, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "generic_html": "

File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.

\n", + "more_info_html": "

How to increase the filesystem size?\nHow do I find out what is using disk space?

\n", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "filesystem_capacity|FILESYSTEM_CAPACITY", + "error_key": "FILESYSTEM_CAPACITY", + "plugin": "filesystem_capacity", + "description": "Decreased stability and/or performance due to filesystem over 95% capacity", + "summary": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "generic": "File systems nearing full capacity can cause performance issues because blocks must be used from different block groups. \nBesides, file systems at or exceeding capacity will have stability issues because applications will no longer be able to write to the file system.\n", + "reason": "

This host has the following file systems nearing or at capacity:

\n
    \n\n
  • Filesystem: / Usage: 99%
    • \n\n
  • Filesystem: / Usage: 99%
    • \n\n
", + "type": null, + "more_info": "[How to increase the filesystem size?](https://access.redhat.com/solutions/21820)\n[How do I find out what is using disk space?](https://access.redhat.com/solutions/1154683)\n", + "active": true, + "node_id": "1154683", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:36.000Z", + "rec_impact": 2, + "rec_likelihood": 3, + "resolution": "

To solve the issue, Red Hat recommends that you either add more storage capacity to the identified file systems, or remove unnecessary files to reduce the current usage.\nPlease refer to more_information part for more detailed steps.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "msg": "[ 0.000000] crashkernel=auto resulted in zero bytes of reserved memory.", + "auto_with_low_ram": true, + "rhel_ver": 7, + "error_key": "CRASHKERNEL_RESERVATION_FAILED" + }, + "id": 709784555, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.

\n", + "generic_html": "

Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "more_info_html": "", + "severity": "WARN", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "crashkernel_reservation_failed|CRASHKERNEL_RESERVATION_FAILED", + "error_key": "CRASHKERNEL_RESERVATION_FAILED", + "plugin": "crashkernel_reservation_failed", + "description": "Kdump crashkernel reservation failed due to improper configuration of crashkernel parameter", + "summary": "The crashkernel configuration has failed to produce a working kdump environment. Configuration changes must be made to enable vmcore capture.\n", + "generic": "Kdump is unable to reserve memory for the kdump kernel. The kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.", + "reason": "

This host is unable to reserve memory for the kdump kernel:

\n
[    0.000000] crashkernel=auto resulted in zero bytes of reserved memory.\n

This means the kdump service has not started and a vmcore will not be captured if the host crashes, which will make it difficult for our support technicians to determine why the machine crashed.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "59432", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 1, + "rec_likelihood": 3, + "resolution": "

To fix this issue, Red Hat recommends that you change the crashkernel setting in the grub.conf file.

\n

This host failed to reserved memory with auto crashkernel parameter due to low physical memory. The memory must be reserved by explicitly requesting the reservation size, for example: crashkernel=128M.

\n

For details of crashkernel setting, please refer to the Knowledge article How should the crashkernel parameter be configured for using kdump on RHEL7? to pickup the setting specifically for your host.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION" + }, + "id": 709784565, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "generic_html": "

System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.

\n", + "more_info_html": "", + "severity": "INFO", + "ansible": false, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "tzdata_need_upgrade|TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "error_key": "TZDATA_NEED_UPGRADE_INFO_NEED_MANUAL_ACTION", + "plugin": "tzdata_need_upgrade", + "description": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale", + "summary": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "generic": "System clock inaccurate when a leap second event happens in a non-NTP system without following the TAI timescale.\n", + "reason": "

This system running as a non-NTP system is following the UTC timescale. In this situation, manual correction is required to avoid system clock inaccuracy when a leap second event happens.

\n", + "type": null, + "more_info": null, + "active": true, + "node_id": "1465713", + "category": "Stability", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 1, + "resolution": "

The system clock of this system needs manual correction when a leap second event happens. For example:

\n
\n\n# date -s \"20170101 HH:MM:SS\"\n\n
\n\n

You need to replace "HH:MM:SS" with the accurate time after the leap second occurs.

\n" + }, + "maintenance_actions": [] + }, { + "details": { + "selinux_info": true, + "package_name": "kernel", + "selinux_enforcing": true, + "selinux_can_help": true, + "minimal_selinux_policy": "selinux-policy-3.13.1-81.el7", + "selinux_enabled": true, + "vulnerable_kernel": "3.10.0-123.el7", + "active_policy": "selinux-policy-3.12.1-153.el7", + "dccp_loading_disabled": null, + "error_key": "KERNEL_CVE_2017_6074", + "enough_policy": false, + "dccp_loaded": null, + "mitigation_info": false + }, + "id": 709784575, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.

\n

An attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.

\n

Red Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_6074_kernel|KERNEL_CVE_2017_6074", + "error_key": "KERNEL_CVE_2017_6074", + "plugin": "CVE_2017_6074_kernel", + "description": "Kernel vulnerable to local privilege escalation via DCCP module (CVE-2017-6074)", + "summary": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074). An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system.\n", + "generic": "A use-after-free flaw was found in the Linux kernel IPv6 DCCP network protocol code. It has been assigned CVE-2017-6074. \n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. A local user could initiate a DCCP network connection on any local system network interface and then create specially-crafted memory allocations containing malicious instructions that can then either cause a crash or potentially escalate the user's privileges.\n\nAn attacker must have access to a local account on the system; this is not a remote attack and it requires IPv6 support to be enabled on the system.\n\nRed Hat recommends that you update the kernel when possible. Otherwise, you can use proposed mitigation to disable DCCP. SELinux in enforcing mode can also mitigate the issue under specific circumstances.\n", + "reason": "

A use-after-free flaw was found within the Linux kernel IPv6 DCCP network protocol code.

\n

This host is affected because:

\n
  • It is running kernel 3.10.0-123.el7.
  • SELinux policy is outdated.
\n\n\n\n\n\n\n

Your installed SELinux policy is selinux-policy-3.12.1-153.el7; however, to mitigate the issue, the earliest required version is selinux-policy-3.13.1-81.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-6074](https://access.redhat.com/security/cve/CVE-2017-6074).\n* To learn how to upgrade packages, see [What is yum and how do I use it?](https://access.redhat.com/solutions/9934).\n* For more information about SELinux, see [Benefits of running SELinux](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n

Alternatively, apply one of the following mitigations:

\n
Update SELinux policy
\n

Update your SELinux policy:

\n
# yum update selinux-policy\n

The system does not provide enough information for Insights about loaded kernel modules. It is not possible to recommend a mitigation based on kernel modules.

\n" + }, + "maintenance_actions": [] + } +] diff --git a/awx/ui/tests/spec/inventories/insights/data/solvable.insights-data.js b/awx/ui/tests/spec/inventories/insights/data/solvable.insights-data.js new file mode 100644 index 0000000000..5e563e9912 --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/data/solvable.insights-data.js @@ -0,0 +1,269 @@ +export default [ + { + "details": { + "vulnerable_kernel": "3.10.0-123.el7", + "package_name": "kernel", + "error_key": "KERNEL_CVE_2016_5195" + }, + "id": 709784485, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.

\n", + "generic_html": "

A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.

\n

A process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195", + "error_key": "KERNEL_CVE_2016_5195", + "plugin": "CVE_2016_5195_kernel", + "description": "Kernel vulnerable to privilege escalation via permission bypass (CVE-2016-5195)", + "summary": "A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.", + "generic": "A race condition was found in the way Linux kernel's memory subsystem handled breakage of the the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.\n\nA process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally have read-only access to and thus increase their privileges on the system.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5195](https://access.redhat.com/security/cve/CVE-2016-5195)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2706661", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:33.000Z", + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying mitigations until the machine is restarted with the updated kernel package.

\n

Please refer to the Resolve Tab in the vulnerability article for information about the mitigation and the latest information.

\n" + }, + "maintenance_actions": [{ + "done": false, + "id": 29885, + "maintenance_plan": { + "maintenance_id": 12195, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-jnewton", + "silenced": false, + "hidden": true, + "suggestion": "proposed", + "remote_branch": null + } + }] + }, + { + "details": { + "mitigation_conf": "no", + "sysctl_live_ack_limit": "100", + "package_name": "kernel", + "sysctl_live_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit = 100", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "vulnerable_kernel": "3.10.0-123.el7", + "sysctl_conf_ack_limit": "100", + "sysctl_conf_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit=100", + "mitigation_live": "no" + }, + "id": 766342155, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n", + "generic_html": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

Red Hat recommends that you update the kernel package or apply mitigations.

\n", + "more_info_html": "\n", + "severity": "ERROR", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT", + "error_key": "KERNEL_CVE_2016_5696_URGENT", + "plugin": "CVE_2016_5696_kernel", + "description": "Kernel vulnerable to man-in-the-middle via payload injection", + "summary": "A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the [RFC 5961](https://tools.ietf.org/html/rfc5961) challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.", + "generic": "A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack ([RFC 5961](https://tools.ietf.org/html/rfc5961)) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack. \n\nRed Hat recommends that you update the kernel package or apply mitigations.", + "reason": "

A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack (RFC 5961) where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n

Your currently loaded kernel configuration contains this setting:

\n
net.ipv4.tcp_challenge_ack_limit = 100\n

Your currently stored kernel configuration is:

\n
net.ipv4.tcp_challenge_ack_limit=100\n

There is currently no mitigation applied and your system is vulnerable.

\n", + "type": null, + "more_info": "* For more information about the flaw see [CVE-2016-5696](https://access.redhat.com/security/cve/CVE-2016-5696)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).", + "active": true, + "node_id": "2438571", + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": "2016-10-31T04:08:32.000Z", + "rec_impact": 4, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends that you update the kernel package and restart the system:

\n
# yum update kernel\n# reboot\n

or

\n

Alternatively, this issue can be addressed by applying the following mitigations until the machine is restarted with the updated kernel package.

\n

Edit /etc/sysctl.conf file as root, add the mitigation configuration, and reload the kernel configuration:

\n
# echo "net.ipv4.tcp_challenge_ack_limit = 2147483647" >> /etc/sysctl.conf \n# sysctl -p\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 56045, + "maintenance_plan": { + "maintenance_id": 15875, + "name": "Payload Injection Fix", + "description": "", + "start": "2017-06-01T02:00:00.000Z", + "end": "2017-06-01T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61575, + "maintenance_plan": { + "maintenance_id": 16825, + "name": "Summit 2017 Plan 1", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66175, + "maintenance_plan": { + "maintenance_id": 19435, + "name": null, + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71015, + "maintenance_plan": { + "maintenance_id": 19835, + "name": "Optum Payload", + "description": "", + "start": "2017-05-27T02:00:00.000Z", + "end": "2017-05-27T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + }, + { + "details": { + "mod_loading_disabled": null, + "package_name": "kernel", + "error_key": "KERNEL_CVE_2017_2636", + "vulnerable_kernel": "3.10.0-123.el7", + "mod_loaded": null, + "mitigation_info": false + }, + "id": 766342165, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "system_id": "f31b6265939d4a8492d3ce9655dc94be", + "account_number": "540155", + "uuid": "d195e3c5e5e6469781c4e59fa3f5ba87", + "date": "2017-05-25T14:01:19.000Z", + "rule": { + "summary_html": "

A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as CVE-2017-2636.

\n", + "generic_html": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.

\n

An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.

\n

An attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.

\n

Red Hat recommends that you use the proposed mitigation to disable the N_HDLC module.

\n", + "more_info_html": "\n", + "severity": "WARN", + "ansible": true, + "ansible_fix": false, + "ansible_mitigation": false, + "rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636", + "error_key": "KERNEL_CVE_2017_2636", + "plugin": "CVE_2017_2636_kernel", + "description": "Kernel vulnerable to local privilege escalation via n_hdlc module (CVE-2017-2636)", + "summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636).\n", + "generic": "A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.\n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.\n\nAn attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nRed Hat recommends that you use the proposed mitigation to disable the N_HDLC module.\n", + "reason": "

A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation.

\n

This host is affected because it is running kernel 3.10.0-123.el7.

\n", + "type": null, + "more_info": "* For more information about the flaw, see [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636) and [CVE-2017-2636 article](https://access.redhat.com/security/vulnerabilities/CVE-2017-2636).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n", + "active": true, + "node_id": null, + "category": "Security", + "retired": false, + "reboot_required": false, + "publish_date": null, + "rec_impact": 2, + "rec_likelihood": 2, + "resolution": "

Red Hat recommends updating the kernel package and rebooting the system.

\n
# yum update kernel\n# reboot\n
" + }, + "maintenance_actions": [{ + "done": false, + "id": 58335, + "maintenance_plan": { + "maintenance_id": 16545, + "name": "Insights Summit 2017 - n_HDLC", + "description": "", + "start": "2017-05-06T02:00:00.000Z", + "end": "2017-05-06T03:00:00.000Z", + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 61895, + "maintenance_plan": { + "maintenance_id": 16835, + "name": "Summit 2017 N_HDLC", + "description": "", + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 66225, + "maintenance_plan": { + "maintenance_id": 19445, + "name": "Seattle's Best Plan", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }, { + "done": false, + "id": 71075, + "maintenance_plan": { + "maintenance_id": 19845, + "name": "Optum N_HDLC FIX", + "description": null, + "start": null, + "end": null, + "created_by": "rhn-support-wnix", + "silenced": false, + "hidden": false, + "suggestion": null, + "remote_branch": null + } + }] + } +] diff --git a/awx/ui/tests/spec/inventories/insights/insights.service-test.js b/awx/ui/tests/spec/inventories/insights/insights.service-test.js new file mode 100644 index 0000000000..4a8091b6bf --- /dev/null +++ b/awx/ui/tests/spec/inventories/insights/insights.service-test.js @@ -0,0 +1,62 @@ +'use strict'; + +import insights_json from './data/insights-data.js'; +import solvable_insights_json from './data/solvable.insights-data.js'; +import not_solvable_insights_json from './data/not_solvable.insights-data.js'; +import high_insights_json from './data/high.insights-data.js'; +import medium_insights_json from './data/medium.insights-data.js'; +import low_insights_json from './data/low.insights-data.js'; + +describe('Service: InsightsService', () => { + let InsightsService; + + beforeEach(angular.mock.module('Tower')); + + beforeEach(angular.mock.inject(( _InsightsService_) => { + InsightsService = _InsightsService_; + })); + + describe('filter()', () => { + it('filter for "total" returns the total set of reports', () => { + let filteredSet = InsightsService.filter('total', insights_json.reports); + expect(filteredSet).toEqual(insights_json.reports); + expect(filteredSet.length).toBe(12); + }); + + it('properly filters the reports dataset for solvable reports', () => { + let filteredSet = InsightsService.filter('solvable', insights_json.reports); + expect(filteredSet).toEqual(solvable_insights_json); + expect(filteredSet.length).toBe(3); + }); + + it('properly filters the reports dataset for not-solvable reports', () => { + let filteredSet = InsightsService.filter('not_solvable', insights_json.reports); + expect(filteredSet).toEqual(not_solvable_insights_json); + expect(filteredSet.length).toBe(9); + }); + + it('properly filters the reports dataset for CRITICAL reports', () => { + let filteredSet = InsightsService.filter('critical', insights_json.reports); + expect(filteredSet).toEqual([]); + expect(filteredSet.length).toBe(0); + }); + + it('properly filters the reports dataset for ERROR reports', () => { + let filteredSet = InsightsService.filter('high', insights_json.reports); + expect(filteredSet).toEqual(high_insights_json); + expect(filteredSet.length).toBe(2); + }); + + it('properly filters the reports dataset for WARN reports', () => { + let filteredSet = InsightsService.filter('medium', insights_json.reports); + expect(filteredSet).toEqual(medium_insights_json); + expect(filteredSet.length).toBe(8); + }); + + it('properly filters the reports dataset for INFO reports', () => { + let filteredSet = InsightsService.filter('low', insights_json.reports); + expect(filteredSet).toEqual(low_insights_json); + expect(filteredSet.length).toBe(2); + }); + }); +});