The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Fail - ISC Bind Version No Longer Supported

Discussion in 'Security' started by meljc, Jan 27, 2016.

  1. meljc

    meljc Registered

    Joined:
    Jan 27, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    Hello,

    I am running the lastest version of WHM on a dedicated server and received a PCI Compliance failure as following: after running a PCI Compliance scan the following is flagged:

    What is the best way to go about rectifying this issue.

    Thanks
    Mel
     
    #1 meljc, Jan 27, 2016
    Last edited by a moderator: Jan 27, 2016
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Since you are on RHEL/CentOS 6 (or so it seems) your OS is supported and should still be receiving updates.

    Run a "yum update" from a root shell, ensure all packages are up to date. Then run this:

    Code:
    rpm -q --changelog bind > bind_changelog.txt
    That text file should show that your bind version is up to date and received updates as recent as Dec 2015. Send the file to your PCI vendor and dispute the findings as your version is receiving backported security fixes.
     
  3. meljc

    meljc Registered

    Joined:
    Jan 27, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    Thanks Quizknows. I already did a yum update and the version was still the same. I'll try the other command. I think the issue is that the version I have is no longer supported, so even if there are security fixes, they want the next version 9.9.8 or higher.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You should be able to provide them the output of the RPM command to show that security patches have been backported to the existing version of Bind.

    Thank you.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    We deal with this all the time with PCI vendors. They only look at the version number and not whether or not it's actively receiving backports. You just need the changelog to prove it to them. Do not try to change/upgrade the installed version beyond what yum update provides. This is standard with a lot of things on RHEL / CentOS including OpenSSH and OpenSSL, and you may have to do the same for those RPMs in the future.
     
Loading...

Share This Page