Emerging Threat Alert: 'OutlawCountry' Tool Used by CIA to Target Linux Systems
I heart that the OS RHEL 6.x with Linux kernel 6.4-bit 2.6.32 installed could be affected
can you help me for work arround since im installing the RHEL 6.9
thanks
Responses
Guru
9710 points
Hi Ilyasse,
The best "workaround" generally would be to install the latest secure and stable edition of RHEL, which actually is 7.4 !
For your convenience -> Red Hat Enterprise Linux 7.4 Product Download | Red Hat Enterprise Linux 7.4 Release Notes
Regards,
Christian
Guru
6222 points
Hello Christian,
RHEL 6.9 is under full support. Not all ISV's support RHEL 7.x
I advise Ilyasse to open a support case.
Regards,
Jan Gerrit
Guru
9710 points
Hi Jan Gerrit,
I know that RHEL 6.9 is fully supported ... but I don't think a new support case is necessary, as this issue is currently under investigation - or is your experience that in such a case, when Red Hat already is aware of a problem, it would accelerate the process ?
Regards,
Christian
Guru
6222 points
Hi Christian,
I did not see Mark's posting. So there is not a real need for a Support Case, unless Ilyasse wants a possiblity to escalate to a duty manager if the investigation takes too much time.
Regards,
Jan Gerrit
Guru
9710 points
Thanks for your quick feedback, Jan Gerrit. Mark and me must have posted the KB article at the same time - I hope you generally agree that using the latest stable edition of an operating system is always best practice though. :)
Regards,
Christian
Guru
6222 points
Hi Christian,
I am a solution designer and have to say: the ISV is leading. If the ISV states I only certify my application for RHEL 6.x, I will not advise my customer to install RHEL 7.y (current).
My advise is follow the EOL policies of Red Hat, do not use an end of life RHEL minor release.
If a customer can choose between major release, it is best practise to pick the highest GA major/minor release, for it will be supported for the longest time period.
Regards,
Jan Gerrit
Red Hat
Guru
1638 points
There is guidance on OutlawCountry at: https://access.redhat.com/solutions/3099221
Red Hat
Guru
7257 points
There is no "exploit" or "vulnerability" involved in the OutlawCountry tool. It is a kernel module. A user must already have root access to load the kernel module, just like loading any other kernel module.
Presumably you have some security guidelines in place to ensure unprivileged users cannot gain root access, either via the root account, or via sudo, or via other unpatched security errata. Following that security policy is the way to prevent this tool being used against you.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.