External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-13 02:50:02 -03:30
Code Issues Packages Projects Releases Wiki Activity

trim insights content to only what the UI needs

Browse Source
This commit is contained in:
Chris Meyers 2017-07-27 10:39:43 -04:00
parent 480a2f5a85
commit f20f4f40a0
5 changed files with 802 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
awx/api/views.py
View File

@ -74,6 +74,7 @@ from awx.main.utils import (
decrypt_field,
)
from awx.main.utils.filters import SmartFilter
from awx.main.utils.insights import filter_insights_api_response
from awx.api.permissions import * # noqa
from awx.api.renderers import * # noqa
@ -2097,7 +2098,8 @@ class HostInsights(GenericAPIView):
return (dict(error=_('Failed to gather reports and maintenance plans from Insights API at URL {}. Server responded with {} status code and message {}').format(url, res.status_code, res.content)), status.HTTP_500_INTERNAL_SERVER_ERROR)
try:
return (dict(insights_content=res.json()), status.HTTP_200_OK)
filtered_insights_content = filter_insights_api_response(res.json())
return (dict(insights_content=filtered_insights_content), status.HTTP_200_OK)
except ValueError:
return (dict(error=_('Expected JSON response from Insights but instead got {}').format(res.content)), status.HTTP_500_INTERNAL_SERVER_ERROR)

724
awx/main/tests/data/insights.json Normal file
View File

@ -0,0 +1,724 @@
{
"toString": "$REDACTED$",
"isCheckingIn": false,
"system_id": "11111111-1111-1111-1111-111111111111",
"display_name": null,
"remote_branch": null,
"remote_leaf": null,
"account_number": "1111111",
"hostname": "$REDACTED$",
"parent_id": null,
"system_type_id": 105,
"last_check_in": "2017-07-21T07:07:29.000Z",
"stale_ack": false,
"type": "machine",
"product": "rhel",
"created_at": "2017-07-20T17:26:53.000Z",
"updated_at": "2017-07-21T07:07:29.000Z",
"unregistered_at": null,
"reports": [{
"details": {
"vulnerable_setting": "hosts: files dns myhostname",
"affected_package": "glibc-2.17-105.el7",
"error_key": "GLIBC_CVE_2015_7547"
},
"id": 955802695,
"rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A critical security flaw in the <code>glibc</code> library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.</p>\n",
"generic_html": "<p>The <code>glibc</code> library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the <code>libresolv</code> part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when <code>libresolv</code> is called from the nss_dns NSS service module. This flaw is known as <a href=\"https://access.redhat.com/security/cve/CVE-2015-7547\">CVE-2015-7547</a>.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw see <a href=\"https://access.redhat.com/security/cve/CVE-2015-7547\">CVE-2015-7547</a>.</li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "ERROR",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2015_7547_glibc|GLIBC_CVE_2015_7547",
"error_key": "GLIBC_CVE_2015_7547",
"plugin": "CVE_2015_7547_glibc",
"description": "Remote code execution vulnerability in libresolv via crafted DNS response (CVE-2015-7547)",
"summary": "A critical security flaw in the `glibc` library was found. It allows an attacker to crash an application built against that library or, potentially, execute arbitrary code with privileges of the user running the application.",
"generic": "The `glibc` library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the `libresolv` part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when `libresolv` is called from the nss_dns NSS service module. This flaw is known as [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).",
"reason": "<p>This host is vulnerable because it has vulnerable package <strong>glibc-2.17-105.el7</strong> installed and DNS is enabled in <code>/etc/nsswitch.conf</code>:</p>\n<pre><code>hosts: files dns myhostname\n</code></pre><p>The <code>glibc</code> library is vulnerable to a stack-based buffer overflow security flaw. A remote attacker could create specially crafted DNS responses that could cause the <code>libresolv</code> part of the library, which performs dual A/AAAA DNS queries, to crash or potentially execute code with the permissions of the user running the library. The issue is only exposed when <code>libresolv</code> is called from the nss_dns NSS service module. This flaw is known as <a href=\"https://access.redhat.com/security/cve/CVE-2015-7547\">CVE-2015-7547</a>.</p>\n",
"type": null,
"more_info": "* For more information about the flaw see [CVE-2015-7547](https://access.redhat.com/security/cve/CVE-2015-7547).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).",
"active": true,
"node_id": "2168451",
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2016-10-31T04:08:35.000Z",
"rec_impact": 4,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends updating <code>glibc</code> and restarting the affected system:</p>\n<pre><code># yum update glibc\n# reboot\n</code></pre><p>Alternatively, you can restart all affected services, but because this vulnerability affects a large amount of applications on the system, the best solution is to restart the system.</p>\n"
},
"maintenance_actions": [{
"done": false,
"id": 305205,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 305955,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"affected_kernel": "3.10.0-327.el7",
"error_key": "KERNEL_CVE-2016-0728"
},
"id": 955802705,
"rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as <a href=\"https://access.redhat.com/security/cve/cve-2016-0728\">CVE-2016-0728</a>.</p>\n",
"generic_html": "<p>A vulnerability in the Linux kernel rated <strong>Important</strong> was discovered. The use-after-free flaw relates to the way the Linux kernel&#39;s key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as <a href=\"https://access.redhat.com/security/cve/cve-2016-0728\">CVE-2016-0728</a>.</p>\n<p>Red Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the <a href=\"https://bugzilla.redhat.com/attachment.cgi?id=1116284&amp;action=edit\">systemtap patch</a> to update your running kernel.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaws and versions of the package that are vulnerable see <a href=\"https://access.redhat.com/security/cve/cve-2016-0728\">CVE-2016-0728</a>.</li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "WARN",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2016_0728_kernel|KERNEL_CVE-2016-0728",
"error_key": "KERNEL_CVE-2016-0728",
"plugin": "CVE_2016_0728_kernel",
"description": "Kernel key management subsystem vulnerable to local privilege escalation (CVE-2016-0728)",
"summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).",
"generic": "A vulnerability in the Linux kernel rated **Important** was discovered. The use-after-free flaw relates to the way the Linux kernel's key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n\nRed Hat recommends that you update the kernel and reboot the system. If you cannot reboot now, consider applying the [systemtap patch](https://bugzilla.redhat.com/attachment.cgi?id=1116284&action=edit) to update your running kernel.",
"reason": "<p>A vulnerability in the Linux kernel rated <strong>Important</strong> was discovered. The use-after-free flaw relates to the way the Linux kernel&#39;s key management subsystem handles keyring object reference counting in certain error paths of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. The issue was reported as <a href=\"https://access.redhat.com/security/cve/cve-2016-0728\">CVE-2016-0728</a>.</p>\n<p>The host is vulnerable as it is running <strong>kernel-3.10.0-327.el7</strong>.</p>\n",
"type": null,
"more_info": "* For more information about the flaws and versions of the package that are vulnerable see [CVE-2016-0728](https://access.redhat.com/security/cve/cve-2016-0728).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).",
"active": true,
"node_id": "2130791",
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2016-10-31T04:08:37.000Z",
"rec_impact": 2,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends that you update <code>kernel</code> and reboot. If you cannot reboot now, consider applying the <a href=\"https://bugzilla.redhat.com/attachment.cgi?id=1116284&amp;action=edit\">systemtap patch</a> to update your running kernel.</p>\n<pre><code># yum update kernel\n# reboot\n-or-\n# debuginfo-install kernel (or equivalent)\n# stap -vgt -Gfix_p=1 -Gtrace_p=0 cve20160728e.stp\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305215,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 306205,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"processes_listening_int": [
["neutron-o", "127.0.0.1", "6633"],
["ovsdb-ser", "127.0.0.1", "6640"]
],
"processes_listening_ext": [
["CPU", "0.0.0.0", "5900"],
["libvirtd", "", "::16509"],
["master", "", ":1:25"],
["qemu-kvm", "0.0.0.0", "5900"],
["vnc_worke", "0.0.0.0", "5900"],
["worker", "0.0.0.0", "5900"]
],
"error_key": "OPENSSL_CVE_2016_0800_DROWN_LISTENING",
"processes_listening": [
["CPU", "0.0.0.0", "5900"],
["libvirtd", "", "::16509"],
["master", "", ":1:25"],
["neutron-o", "127.0.0.1", "6633"],
["ovsdb-ser", "127.0.0.1", "6640"],
["qemu-kvm", "0.0.0.0", "5900"],
["vnc_worke", "0.0.0.0", "5900"],
["worker", "0.0.0.0", "5900"]
],
"processes_names": ["/usr/bin/", "CPU", "ceilomete", "gmain", "handler6", "libvirtd", "master", "neutron-o", "neutron-r", "nova-comp", "ovs-vswit", "ovsdb-cli", "ovsdb-ser", "pickup", "privsep-h", "qemu-kvm", "qmgr", "redhat-ac", "revalidat", "tuned", "urcu3", "virtlogd", "vnc_worke", "worker"],
"vulnerable_package": "openssl-libs-1.0.1e-42.el7_1.9"
},
"id": 955802715,
"rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_DROWN_LISTENING",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned <a href=\"https://access.redhat.com/security/cve/CVE-2016-0800\">CVE-2016-0800</a> and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.</p>\n",
"generic_html": "<p>A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.</p>\n<p>A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see <a href=\"https://access.redhat.com/security/cve/CVE-2015-0293\">CVE-2015-0293</a>).</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw see <a href=\"https://access.redhat.com/security/cve/CVE-2016-0800\">CVE-2016-0800</a></li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "ERROR",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2016_0800_openssl_drown|OPENSSL_CVE_2016_0800_DROWN_LISTENING",
"error_key": "OPENSSL_CVE_2016_0800_DROWN_LISTENING",
"plugin": "CVE_2016_0800_openssl_drown",
"description": "OpenSSL with externally listening processes vulnerable to session decryption (CVE-2016-0800/DROWN)",
"summary": "A new cross-protocol attack against SSLv2 protocol has been found. It has been assigned [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800) and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. An attacker can decrypt passively collected TLS sessions between up-to-date client and server which supports SSLv2.",
"generic": "A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.\n\nA more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see [CVE-2015-0293](https://access.redhat.com/security/cve/CVE-2015-0293)).",
"reason": "<p>This host is vulnerable because it has vulnerable package <strong>openssl-libs-1.0.1e-42.el7_1.9</strong> installed.</p>\n<p>It also runs the following processes that use OpenSSL libraries:</p>\n<ul class=\"pre-code\"><li>/usr/bin/</li><li>CPU</li><li>ceilomete</li><li>gmain</li><li>handler6</li><li>libvirtd</li><li>master</li><li>neutron-o</li><li>neutron-r</li><li>nova-comp</li><li>ovs-vswit</li><li>ovsdb-cli</li><li>ovsdb-ser</li><li>pickup</li><li>privsep-h</li><li>qemu-kvm</li><li>qmgr</li><li>redhat-ac</li><li>revalidat</li><li>tuned</li><li>urcu3</li><li>virtlogd</li><li>vnc_worke</li><li>worker</li></ul>\n\n\n\n\n<p>The following processes that use OpenSSL libraries are listening on the sockets bound to public IP addresses:</p>\n<ul class=\"pre-code\"><li>CPU (0.0.0.0)</li><li>libvirtd ()</li><li>master ()</li><li>qemu-kvm (0.0.0.0)</li><li>vnc_worke (0.0.0.0)</li><li>worker (0.0.0.0)</li></ul>\n\n\n\n\n\n\n\n\n<p>A new cross-protocol attack against a vulnerability in the SSLv2 protocol has been found. It can be used to passively decrypt collected TLS/SSL sessions from any connection that used an RSA key exchange cypher suite on a server that supports SSLv2. Even if a given service does not support SSLv2 the connection is still vulnerable if another service does and shares the same RSA private key.</p>\n<p>A more efficient variant of the attack exists against unpatched OpenSSL servers using versions that predate security advisories released on March 19, 2015 (see <a href=\"https://access.redhat.com/security/cve/CVE-2015-0293\">CVE-2015-0293</a>).</p>\n",
"type": null,
"more_info": "* For more information about the flaw see [CVE-2016-0800](https://access.redhat.com/security/cve/CVE-2016-0800)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).",
"active": true,
"node_id": "2174451",
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2016-10-31T04:08:33.000Z",
"rec_impact": 3,
"rec_likelihood": 4,
"resolution": "<p>Red Hat recommends that you update <code>openssl</code> and restart the affected system:</p>\n<pre><code># yum update openssl\n# reboot\n</code></pre><p>Alternatively, you can restart all affected services (that is, the ones linked to the openssl library), especially those listening on public IP addresses.</p>\n"
},
"maintenance_actions": [{
"done": false,
"id": 305225,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 306435,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"vulnerable_kernel": "3.10.0-327.el7",
"package_name": "kernel",
"error_key": "KERNEL_CVE_2016_5195_2"
},
"id": 955802725,
"rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195_2",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A flaw was found in the Linux kernel&#39;s memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.</p>\n",
"generic_html": "<p>A race condition was found in the way Linux kernel&#39;s memory subsystem handled breakage of the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.</p>\n<p>A process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild. </p>\n<p>Red Hat recommends that you update the kernel package.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw see <a href=\"https://access.redhat.com/security/cve/CVE-2016-5195\">CVE-2016-5195</a></li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "WARN",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2016_5195_kernel|KERNEL_CVE_2016_5195_2",
"error_key": "KERNEL_CVE_2016_5195_2",
"plugin": "CVE_2016_5195_kernel",
"description": "Kernel vulnerable to privilege escalation via permission bypass (CVE-2016-5195)",
"summary": "A flaw was found in the Linux kernel's memory subsystem. An unprivileged local user could use this flaw to write to files they would normally only have read-only access to and thus increase their privileges on the system.",
"generic": "A race condition was found in the way Linux kernel's memory subsystem handled breakage of the read only shared mappings COW situation on write access. An unprivileged local user could use this flaw to write to files they should normally have read-only access to, and thus increase their privileges on the system.\n\nA process that is able to mmap a file is able to race Copy on Write (COW) page creation (within get_user_pages) with madvise(MADV_DONTNEED) kernel system calls. This would allow modified pages to bypass the page protection mechanism and modify the mapped file. The vulnerability could be abused by allowing an attacker to modify existing setuid files with instructions to elevate permissions. This attack has been found in the wild. \n\nRed Hat recommends that you update the kernel package.\n",
"reason": "<p>A flaw was found in the Linux kernel&#39;s memory subsystem. An unprivileged local user could use this flaw to write to files they would normally have read-only access to and thus increase their privileges on the system.</p>\n<p>This host is affected because it is running kernel <strong>3.10.0-327.el7</strong>. </p>\n",
"type": null,
"more_info": "* For more information about the flaw see [CVE-2016-5195](https://access.redhat.com/security/cve/CVE-2016-5195)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).",
"active": true,
"node_id": "2706661",
"category": "Security",
"retired": false,
"reboot_required": true,
"publish_date": "2016-10-31T04:08:33.000Z",
"rec_impact": 2,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends that you update the <code>kernel</code> package and restart the system:</p>\n<pre><code># yum update kernel\n# reboot\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305235,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 306705,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"mitigation_conf": "no",
"sysctl_live_ack_limit": "100",
"package_name": "kernel",
"sysctl_live_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit = 100",
"error_key": "KERNEL_CVE_2016_5696_URGENT",
"vulnerable_kernel": "3.10.0-327.el7",
"sysctl_conf_ack_limit": "100",
"sysctl_conf_ack_limit_line": "net.ipv4.tcp_challenge_ack_limit = 100 # Implicit default",
"mitigation_live": "no"
},
"id": 955802735,
"rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A flaw in the Linux kernel&#39;s TCP/IP networking subsystem implementation of the <a href=\"https://tools.ietf.org/html/rfc5961\">RFC 5961</a> challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.</p>\n",
"generic_html": "<p>A flaw was found in the implementation of the Linux kernel&#39;s handling of networking challenge ack &#40;<a href=\"https://tools.ietf.org/html/rfc5961\">RFC 5961</a>&#41; where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack. </p>\n<p>Red Hat recommends that you update the kernel package or apply mitigations.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw see <a href=\"https://access.redhat.com/security/cve/CVE-2016-5696\">CVE-2016-5696</a></li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "ERROR",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2016_5696_kernel|KERNEL_CVE_2016_5696_URGENT",
"error_key": "KERNEL_CVE_2016_5696_URGENT",
"plugin": "CVE_2016_5696_kernel",
"description": "Kernel vulnerable to man-in-the-middle via payload injection",
"summary": "A flaw in the Linux kernel's TCP/IP networking subsystem implementation of the [RFC 5961](https://tools.ietf.org/html/rfc5961) challenge ACK rate limiting was found that could allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.",
"generic": "A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack &#40;[RFC 5961](https://tools.ietf.org/html/rfc5961)&#41; where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack. \n\nRed Hat recommends that you update the kernel package or apply mitigations.",
"reason": "<p>A flaw was found in the implementation of the Linux kernel&#39;s handling of networking challenge ack &#40;<a href=\"https://tools.ietf.org/html/rfc5961\">RFC 5961</a>&#41; where an attacker is able to determine the\nshared counter. This flaw allows an attacker located on different subnet to inject or take over a TCP connection between a server and client without needing to use a traditional man-in-the-middle (MITM) attack.</p>\n<p>This host is affected because it is running kernel <strong>3.10.0-327.el7</strong>. </p>\n<p>Your currently loaded kernel configuration contains this setting: </p>\n<pre><code>net.ipv4.tcp_challenge_ack_limit = 100\n</code></pre><p>Your currently stored kernel configuration is: </p>\n<pre><code>net.ipv4.tcp_challenge_ack_limit = 100 # Implicit default\n</code></pre><p>There is currently no mitigation applied and your system is vulnerable.</p>\n",
"type": null,
"more_info": "* For more information about the flaw see [CVE-2016-5696](https://access.redhat.com/security/cve/CVE-2016-5696)\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).",
"active": true,
"node_id": "2438571",
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2016-10-31T04:08:32.000Z",
"rec_impact": 4,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends that you update the <code>kernel</code> package and restart the system:</p>\n<pre><code># yum update kernel\n# reboot\n</code></pre><p><strong>or</strong></p>\n<p>Alternatively, this issue can be addressed by applying the following mitigations until the machine is restarted with the updated kernel package.</p>\n<p>Edit <code>/etc/sysctl.conf</code> file as root, add the mitigation configuration, and reload the kernel configuration:</p>\n<pre><code># echo &quot;net.ipv4.tcp_challenge_ack_limit = 2147483647&quot; &gt;&gt; /etc/sysctl.conf \n# sysctl -p\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305245,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 306975,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 316055,
"maintenance_plan": {
"maintenance_id": 30575,
"name": "Fix the problem",
"description": null,
"start": null,
"end": null,
"created_by": "asdavis@redhat.com",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"kernel_left_fully_exploitable": true,
"vulnerable_kernel_version_release": "3.10.0-327.el7",
"kernel_kpatch_applied": false,
"kernel_vulnerable": true,
"glibc_left_fully_exploitable": true,
"vulnerable_glibc": {
"PACKAGE_NAMES": ["glibc"],
"PACKAGES": ["glibc-2.17-105.el7"]
},
"kernel_stap_applied": false,
"error_key": "CVE_2017_1000364_KERNEL_CVE_2017_1000366_GLIBC_EXPLOITABLE",
"vulnerable_kernel_name": "kernel",
"nothing_left_fully_exploitable": false,
"glibc_vulnerable": true
},
"id": 955802745,
"rule_id": "CVE_2017_1000366_glibc|CVE_2017_1000364_KERNEL_CVE_2017_1000366_GLIBC_EXPLOITABLE",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A flaw was found in the way memory is being allocated on the stack for user space binaries. It has been assigned <a href=\"https://access.redhat.com/security/cve/CVE-2017-1000364\">CVE-2017-1000364</a> and <a href=\"https://access.redhat.com/security/cve/CVE-2017-1000366\">CVE-2017-1000366</a>. An unprivileged local user can use this flaw to execute arbitrary code as root and increase their privileges on the system.</p>\n",
"generic_html": "<p>A flaw was found in the way memory is being allocated on the stack for user space binaries. It has been assigned CVE-2017-1000364 and CVE-2017-1000366. An unprivileged local user can use this flaw to execute arbitrary code as root and increase their privileges on the system.</p>\n<p>If heap and stack memory regions are adjacent to each other, an attacker can use this flaw to jump over the heap/stack gap, cause controlled memory corruption on process stack or heap, and thus increase their privileges on the system. </p>\n<p>An attacker must have access to a local account on the system.</p>\n<p>Red Hat recommends that you update the kernel and glibc.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw, see <a href=\"https://access.redhat.com/security/vulnerabilities/stackguard\">the vulnerability article</a> and <a href=\"https://access.redhat.com/security/cve/CVE-2017-1000364\">CVE-2017-1000364</a> and <a href=\"https://access.redhat.com/security/cve/CVE-2017-1000366\">CVE-2017-1000366</a>.</li>\n<li>To learn how to upgrade packages, see <a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>.</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "WARN",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2017_1000366_glibc|CVE_2017_1000364_KERNEL_CVE_2017_1000366_GLIBC_EXPLOITABLE",
"error_key": "CVE_2017_1000364_KERNEL_CVE_2017_1000366_GLIBC_EXPLOITABLE",
"plugin": "CVE_2017_1000366_glibc",
"description": "Kernel and glibc vulnerable to local privilege escalation via stack and heap memory clash (CVE-2017-1000364 and CVE-2017-1000366)",
"summary": "A flaw was found in the way memory is being allocated on the stack for user space binaries. It has been assigned [CVE-2017-1000364](https://access.redhat.com/security/cve/CVE-2017-1000364) and [CVE-2017-1000366](https://access.redhat.com/security/cve/CVE-2017-1000366). An unprivileged local user can use this flaw to execute arbitrary code as root and increase their privileges on the system.\n",
"generic": "A flaw was found in the way memory is being allocated on the stack for user space binaries. It has been assigned CVE-2017-1000364 and CVE-2017-1000366. An unprivileged local user can use this flaw to execute arbitrary code as root and increase their privileges on the system.\n\nIf heap and stack memory regions are adjacent to each other, an attacker can use this flaw to jump over the heap/stack gap, cause controlled memory corruption on process stack or heap, and thus increase their privileges on the system. \n\nAn attacker must have access to a local account on the system.\n\nRed Hat recommends that you update the kernel and glibc.\n",
"reason": "<p>A flaw was found in kernel and glibc in the way memory is being allocated on the stack for user space binaries.</p>\n<p>The host is affected because it is running <strong>kernel-3.10.0-327.el7</strong> and using <strong>glibc-2.17-105.el7</strong>.</p>\n",
"type": null,
"more_info": "* For more information about the flaw, see [the vulnerability article](https://access.redhat.com/security/vulnerabilities/stackguard) and [CVE-2017-1000364](https://access.redhat.com/security/cve/CVE-2017-1000364) and [CVE-2017-1000366](https://access.redhat.com/security/cve/CVE-2017-1000366).\n* To learn how to upgrade packages, see [What is yum and how do I use it?](https://access.redhat.com/solutions/9934).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n",
"active": true,
"node_id": null,
"category": "Security",
"retired": false,
"reboot_required": true,
"publish_date": "2017-06-19T15:00:00.000Z",
"rec_impact": 2,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends updating the <code>kernel</code> and <code>glibc</code> packages and rebooting the system.</p>\n<pre><code># yum update kernel glibc\n# reboot\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305255,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 307415,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"PACKAGE_NAMES": ["sudo"],
"PACKAGES": ["sudo-1.8.6p7-16.el7"],
"error_key": "CVE_2017_1000367_SUDO"
},
"id": 955802755,
"rule_id": "CVE_2017_1000367_sudo|CVE_2017_1000367_SUDO",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A local privilege escalation flaw was found in <code>sudo</code>. A local user having sudo access on the system,\ncould use this flaw to execute arbitrary commands as root. This issue was reported as\n<a href=\"https://access.redhat.com/security/cve/CVE-2017-1000367\">CVE-2017-1000367</a></p>\n",
"generic_html": "<p>A local privilege escalation flaw was found in <code>sudo</code>. All versions of sudo package shipped with RHEL 5, 6 and 7 are vulnerable\nto a local privilege escalation vulnerability. A flaw was found in the way <code>get_process_ttyname()</code> function obtained\ninformation about the controlling terminal of the sudo process from the status file in the proc filesystem.\nThis allows a local user who has any level of sudo access on the system to execute arbitrary commands as root or\nin certain conditions escalate his privileges to root.</p>\n<p>Red Hat recommends that you update update the <code>sudo</code> package.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the remote code execution flaw <a href=\"https://access.redhat.com/security/cve/CVE-2017-1000367\">CVE-2017-1000367</a> see <a href=\"https://access.redhat.com/security/vulnerabilities/3059071\">knowledge base article</a>.</li>\n<li>To learn how to upgrade packages, see &quot;<a href=\"https://access.redhat.com/solutions/9934\">What is yum and how do I use it?</a>&quot;</li>\n<li>To better understand <a href=\"https://www.sudo.ws/\">sudo</a>, see <a href=\"https://www.sudo.ws/intro.html\">Sudo in a Nutshell</a></li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat Products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "WARN",
"ansible": true,
"ansible_fix": true,
"ansible_mitigation": false,
"rule_id": "CVE_2017_1000367_sudo|CVE_2017_1000367_SUDO",
"error_key": "CVE_2017_1000367_SUDO",
"plugin": "CVE_2017_1000367_sudo",
"description": "sudo vulnerable to local privilege escalation via process TTY name parsing (CVE-2017-1000367)",
"summary": "A local privilege escalation flaw was found in `sudo`. A local user having sudo access on the system,\ncould use this flaw to execute arbitrary commands as root. This issue was reported as\n[CVE-2017-1000367](https://access.redhat.com/security/cve/CVE-2017-1000367)",
"generic": "A local privilege escalation flaw was found in `sudo`. All versions of sudo package shipped with RHEL 5, 6 and 7 are vulnerable\nto a local privilege escalation vulnerability. A flaw was found in the way `get_process_ttyname()` function obtained\ninformation about the controlling terminal of the sudo process from the status file in the proc filesystem.\nThis allows a local user who has any level of sudo access on the system to execute arbitrary commands as root or\nin certain conditions escalate his privileges to root.\n\nRed Hat recommends that you update update the `sudo` package.\n",
"reason": "<p>This machine is vulnerable because it has vulnerable <code>sudo</code> package <strong>sudo-1.8.6p7-16.el7</strong> installed.</p>\n",
"type": null,
"more_info": "* For more information about the remote code execution flaw [CVE-2017-1000367](https://access.redhat.com/security/cve/CVE-2017-1000367) see [knowledge base article](https://access.redhat.com/security/vulnerabilities/3059071).\n* To learn how to upgrade packages, see \"[What is yum and how do I use it?](https://access.redhat.com/solutions/9934)\"\n* To better understand [sudo](https://www.sudo.ws/), see [Sudo in a Nutshell](https://www.sudo.ws/intro.html)\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat Products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n",
"active": true,
"node_id": "3059071",
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2017-05-30T13:30:00.000Z",
"rec_impact": 2,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends that you update the <code>sudo</code> package.</p>\n<pre><code># yum update sudo\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305265,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 308075,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"mod_loading_disabled": false,
"package_name": "kernel",
"error_key": "KERNEL_CVE_2017_2636",
"vulnerable_kernel": "3.10.0-327.el7",
"mod_loaded": false,
"mitigation_info": true
},
"id": 955802765,
"rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as <a href=\"https://access.redhat.com/security/cve/CVE-2017-2636\">CVE-2017-2636</a>.</p>\n",
"generic_html": "<p>A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.</p>\n<p>An unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.</p>\n<p>An attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.</p>\n<p>Red Hat recommends that you use the proposed mitigation to disable the N_HDLC module.</p>\n",
"more_info_html": "<ul>\n<li>For more information about the flaw, see <a href=\"https://access.redhat.com/security/cve/CVE-2017-2636\">CVE-2017-2636</a> and <a href=\"https://access.redhat.com/security/vulnerabilities/CVE-2017-2636\">CVE-2017-2636 article</a>.</li>\n<li>The Customer Portal page for the <a href=\"https://access.redhat.com/security/\">Red Hat Security Team</a> contains more information about policies, procedures, and alerts for Red Hat products.</li>\n<li>The Security Team also maintains a frequently updated blog at <a href=\"https://securityblog.redhat.com\">securityblog.redhat.com</a>.</li>\n</ul>\n",
"severity": "WARN",
"ansible": true,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "CVE_2017_2636_kernel|KERNEL_CVE_2017_2636",
"error_key": "KERNEL_CVE_2017_2636",
"plugin": "CVE_2017_2636_kernel",
"description": "Kernel vulnerable to local privilege escalation via n_hdlc module (CVE-2017-2636)",
"summary": "A vulnerability in the Linux kernel allowing local privilege escalation was discovered.\nThe issue was reported as [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636).\n",
"generic": "A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation. It has been assigned CVE-2017-2636.\n\nAn unprivileged local user could use this flaw to execute arbitrary code in kernel memory and increase their privileges on the system. The kernel uses a TTY subsystem to take and show terminal output to connected systems. An attacker crafting specific-sized memory allocations could abuse this mechanism to place a kernel function pointer with malicious instructions to be executed on behalf of the attacker.\n\nAn attacker must have access to a local account on the system; this is not a remote attack. Exploiting this flaw does not require Microgate or SyncLink hardware to be in use.\n\nRed Hat recommends that you use the proposed mitigation to disable the N_HDLC module.\n",
"reason": "<p>A use-after-free flaw was found in the Linux kernel implementation of the HDLC (High-Level Data Link Control) TTY line discipline implementation.</p>\n<p>This host is affected because it is running kernel <strong>3.10.0-327.el7</strong>.</p>\n",
"type": null,
"more_info": "* For more information about the flaw, see [CVE-2017-2636](https://access.redhat.com/security/cve/CVE-2017-2636) and [CVE-2017-2636 article](https://access.redhat.com/security/vulnerabilities/CVE-2017-2636).\n* The Customer Portal page for the [Red Hat Security Team](https://access.redhat.com/security/) contains more information about policies, procedures, and alerts for Red Hat products.\n* The Security Team also maintains a frequently updated blog at [securityblog.redhat.com](https://securityblog.redhat.com).\n",
"active": true,
"node_id": null,
"category": "Security",
"retired": false,
"reboot_required": false,
"publish_date": "2017-05-16T12:00:00.000Z",
"rec_impact": 2,
"rec_likelihood": 2,
"resolution": "<p>Red Hat recommends updating the <code>kernel</code> package and rebooting the system.</p>\n<pre><code># yum update kernel\n# reboot\n</code></pre><p><strong>Alternatively</strong>, apply one of the following mitigations:</p>\n<p>Disable loading of N_HDLC kernel module:</p>\n<pre><code># echo &quot;install n_hdlc /bin/true&quot; &gt;&gt; /etc/modprobe.d/disable-n_hdlc.conf\n</code></pre>"
},
"maintenance_actions": [{
"done": false,
"id": 305275,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 308675,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}, {
"details": {
"kvr": "3.10.0-327.el7",
"error_key": "IPMI_LIST_CORRUPTION_CRASH"
},
"id": 955826995,
"rule_id": "ipmi_list_corruption_crash|IPMI_LIST_CORRUPTION_CRASH",
"system_id": "11111111-1111-1111-1111-111111111111",
"account_number": "1111111",
"uuid": "11111111111111111111111111111111",
"date": "2017-07-21T07:07:29.000Z",
"rule": {
"summary_html": "<p>Kernel occasionally panics when running <code>ipmitool</code> command due to a bug in the ipmi message handler.</p>\n",
"generic_html": "<p>Kernel occasionally panics when running <code>ipmitool</code> due to a bug in the ipmi message handler.</p>\n",
"more_info_html": "<p>For how to upgrade the kernel to a specific version, refer to <a href=\"https://access.redhat.com/solutions/161803\">How do I upgrade the kernel to a particular version manually?</a>.</p>\n",
"severity": "WARN",
"ansible": false,
"ansible_fix": false,
"ansible_mitigation": false,
"rule_id": "ipmi_list_corruption_crash|IPMI_LIST_CORRUPTION_CRASH",
"error_key": "IPMI_LIST_CORRUPTION_CRASH",
"plugin": "ipmi_list_corruption_crash",
"description": "Kernel panic occurs when running ipmitool command with specific kernels",
"summary": "Kernel occasionally panics when running `ipmitool` command due to a bug in the ipmi message handler.\n",
"generic": "Kernel occasionally panics when running `ipmitool` due to a bug in the ipmi message handler.\n",
"reason": "<p>This host is running kernel <strong>3.10.0-327.el7</strong> with the IPMI management tool installed.\nKernel panics can occur when running <code>ipmitool</code>.</p>\n",
"type": null,
"more_info": "For how to upgrade the kernel to a specific version, refer to [How do I upgrade the kernel to a particular version manually?](https://access.redhat.com/solutions/161803).\n",
"active": true,
"node_id": "2690791",
"category": "Stability",
"retired": false,
"reboot_required": true,
"publish_date": null,
"rec_impact": 3,
"rec_likelihood": 1,
"resolution": "<p>Red Hat recommends that you complete the following steps to fix this issue:</p>\n<ol>\n\n<li>Upgrade kernel to the version <strong>3.10.0-327.36.1.el7</strong> or later:</li>\n\n<code>\n# yum update kernel\n</code>\n<li>Restart the host with the new kernel.</li>\n<code>\n# reboot\n</code>\n</ol>\n"
},
"maintenance_actions": [{
"done": false,
"id": 305285,
"maintenance_plan": {
"maintenance_id": 29315,
"name": "RHEL Demo Infrastructure",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}, {
"done": false,
"id": 310145,
"maintenance_plan": {
"maintenance_id": 29335,
"name": "RHEL Demo All Systems",
"description": null,
"start": null,
"end": null,
"created_by": "$READACTED$",
"silenced": false,
"hidden": false,
"suggestion": null,
"remote_branch": null,
"allow_reboot": true
}
}]
}]
}

9
awx/main/tests/data/insights.py Normal file
View File

@ -0,0 +1,9 @@
import json
import os
dir_path = os.path.dirname(os.path.realpath(__file__))
with open(os.path.join(dir_path, 'insights.json')) as data_file:
TEST_INSIGHTS_PLANS = json.loads(data_file.read())

24
awx/main/tests/unit/utils/test_insights.py Normal file
View File

@ -0,0 +1,24 @@
# Copyright (c) 2017 Ansible Tower by Red Hat
# All Rights Reserved.
from awx.main.utils.insights import filter_insights_api_response
from awx.main.tests.data.insights import TEST_INSIGHTS_PLANS
def test_filter_insights_api_response():
actual = filter_insights_api_response(TEST_INSIGHTS_PLANS)
assert actual['last_check_in'] == '2017-07-21T07:07:29.000Z'
assert len(actual['reports']) == 9
assert actual['reports'][0]['maintenance_actions'][0]['maintenance_plan']['name'] == "RHEL Demo Infrastructure"
assert actual['reports'][0]['maintenance_actions'][0]['maintenance_plan']['maintenance_id'] == 29315
assert actual['reports'][0]['rule']['severity'] == 'ERROR'
assert actual['reports'][0]['rule']['description'] == 'Remote code execution vulnerability in libresolv via crafted DNS response (CVE-2015-7547)'
assert actual['reports'][0]['rule']['category'] == 'Security'
assert actual['reports'][0]['rule']['summary'] == ("A critical security flaw in the `glibc` library was found. "
"It allows an attacker to crash an application built against "
"that library or, potentially, execute arbitrary code with "
"privileges of the user running the application.")
assert actual['reports'][0]['rule']['ansible_fix'] is False

42
awx/main/utils/insights.py Normal file
View File

@ -0,0 +1,42 @@
# Copyright (c) 2017 Ansible Tower by Red Hat
# All Rights Reserved.
def filter_insights_api_response(json):
new_json = {}
'''
'last_check_in',
'reports.[].rule.severity',
'reports.[].rule.description',
'reports.[].rule.category',
'reports.[].rule.summary',
'reports.[].rule.ansible_fix',
'reports.[].maintenance_actions.[].maintenance_plan.name',
'reports.[].maintenance_actions.[].maintenance_plan.maintenance_id',
'''
if 'last_check_in' in json:
new_json['last_check_in'] = json['last_check_in']
if 'reports' in json:
new_json['reports'] = []
for rep in json['reports']:
new_report = {
'rule': {},
'maintenance_actions': []
}
if 'rule' in rep:
for k in ['severity', 'description', 'category', 'summary', 'ansible_fix',]:
if k in rep['rule']:
new_report['rule'][k] = rep['rule'][k]
for action in rep.get('maintenance_actions', []):
new_action = {'maintenance_plan': {}}
if 'maintenance_plan' in action:
for k in ['name', 'maintenance_id']:
if k in action['maintenance_plan']:
new_action['maintenance_plan'][k] = action['maintenance_plan'][k]
new_report['maintenance_actions'].append(new_action)
new_json['reports'].append(new_report)
return new_json