TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
How to patch CentOS against BootHole
Features

How to patch CentOS against BootHole

August 17, 2020

If you have CentOS servers in your data center, you’ll want to make sure to patch them against BootHole. Jack Wallen shows you how.

” data-credit=”Image: MyImages_Micha, Getty Images/iStockphoto” rel=”noopener noreferrer nofollow”>Binary code, password vulnerability taking out with tweezers, selective focus

Image: MyImages_Micha, Getty Images/iStockphoto

By now you’ve probably read about BootHole. If not, it’s a fairly insipid vulnerability that can render those Linux servers unbootable. So anyone with a data center filled with Linux machines should probably be concerned about this particular flaw. 

BootHole leverages a vulnerability in both GRUB2 and Secure Boot. To make BootHole a bit more daunting, it’s actually a really easy hack to pull off. The only thing blocking ne’er do wells from making it happen is having remote access to the server. Once inside, however, all an attacker would have to do is edit the grub.cfg file in such a way as to pass a token too large for the flex parse buffer. And because grub.cfg isn’t signed, changes to the file aren’t checked.

When this happens, your Linux server won’t boot. 

Of course, because this is open source, the patches came within a few days of the BootHole discovery. Those patches come in the form of shim files that can be applied. Thing is, you can run a system update and the shims might not get picked up. I ran two different updates on two different CentOS machines (7 and 8) and neither updated the necessary packages.

You can, however, take care of this manually. Let me show you how.

SEE: 10 things companies are keeping in their own data centers (TechRepublic download)

What you’ll need

The only things you’ll need to make this happen are a running instance of CentOS and a user with sudo privileges. Any machine running a version of GRUB2 older than version 2.06 is affected. To find out what version of GRUB2 you are running, open a terminal window and issue the command:

sudo yum info grub2-common


If you see Version 2.02 or earlier, your machine is vulnerable.

Let’s patch it.

How to patch CentOS against BootHole

I’ll show you the commands for patching against BootHole for both CentOS 7 and 8. Believe it or not, all you have to do is install a single package on your machine. Of course, since we are logged in, you might as well do an upgrade first.

To upgrade CentOS, open a terminal window and issue the command:

sudo dnf update


Check to see if the kernel is going to be upgraded. If so, know that you’ll need to reboot for the changes to take effect. Because of that, you might want to hold off on the update until a time when a reboot is possible. 

Even if you skip the update, you can still run the patch commands.

To patch CentOS 7, you would issue the command:

sudo dnf install shim-x64-15-8.el7_8 -y


To patch CentOS 8, the command would be:

sudo dnf install shim-x64-15-15.el8_2 -y


That’s it. With two commands your CentOS data center server is patched against the BootHole vulnerability. Do make sure, however, to regularly update your Linux machines. You might think they are impenetrable, but they aren’t. 

A good way of looking at this is, if a machine is connected to the network, it’s vulnerable–regardless of the operating system. Keep your systems always up-to-date and you’re one step ahead (or at least on pace) of attackers.







Data Center Trends Newsletter


DevOps, virtualization, the hybrid cloud, storage, and operational efficiency are just some of the data center topics we’ll highlight.
Delivered Mondays and Wednesdays




Sign up today




Also see


Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/97-of-the-worlds-100-largest-airports-have-massive-cybersecurity-risks/#ftag=RSS56d97e7

97 of the world’s 100 largest airports have massive cybersecurity risks

https://www.techrepublic.com/article/throwing-a-fastball-how-the-minnesota-twins-are-using-machine-learning-to-analyze-mounds-of-data/#ftag=RSS56d97e7

Throwing a fastball: How the Minnesota Twins are using machine learning to analyze mounds of data

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh