RSS

DROWN Policy (2) Versions 1.0

CloudForms and ManageIQ policy, profile and report for DROWN OpenSSH Vulnerability

Downloads in last month

0,2,2,0,0,0,0,0,4,0,0,1,0,1,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0

Commits in last year

0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

This is a package containing a policy, profile and report to assist in identifying affected OpenSSL package versions and validate the security of the servers visible in Red Hat CloudForms and ManageIQ.

See this blog post for additional details: Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example.

Download the following policy, profile and report yaml definitions and import them in your appliance: - DROWN OpenSSL Vulnerability Policy - Compliance: OpenSSL Security Profile - DROWN OpenSSL Vulnerability Report

Once the policy and profile imported, the profile can be assigned to VM instances and Compliance can be checked. Screen Shot Compliance Policy

The report provides the results of the compliance checks. Screen Shot Compliance Report

Are you sure you want to report this extension?

Please describe the reason for reporting this extension. Our moderators will be notified and will disable the extension if it is found to be inappropriate.

×