Securing ZENworks Virtual Appliances with System Updates
About ZENworks Virtual Appliance
As we all know ZENworks Virtual Appliance is an alternate way to traditional way of deployment & installing ZENworks Server. This is fast, convenient, lowers deployment costs and accelerate time-to-value with a “plug-and-play” virtual appliance.
Securing ZENworks Virtual Appliance
As we release a newer version of ZENworks, the Virtual Appliance is being built with the latest version of SUSE Linux OS that will have the security vulnerabilities fixed up to date. However the timeline to upgrade the zone to the latest version of ZENworks can be different for each customer.
Securing ZENworks Virtual Appliance is essential to resolve all applicable critical vulnerabilities.
How to Secure
Novell has established a way that make this process easier, better in order to make appliance servers more compliant.
Novell identifies all the security patches that are critical & applicable to various versions of virtual appliances, which in-turn are for respective SLES Linux OS versions and its service packs. These security patches are included in ZENworks Update Channels, which will have all the previous security patches. These channels are built to support RPM metadata. This is then wrapped as a System Update containing zypper way of applying the packages that are part of these security patches.
Zypper, a package managers, that provides a powerful satisfiability solver to compute package dependencies and a convenient package management API.
Process of Securing
Security updates for ZENworks Virtual Appliance are posted to Technical Information Document Knowledgebase.
This can be downloaded, imported into the zone & schedule applying the security patches. These security patches are designed to be cumulative & thus applying the latest Security Updates will obsolete all the previous Security Updates.
The first Security Update is now available & address the following vulnerabilities
- GNU Bash Remote Code Execution aka ShellShock Vulnerabilities
- Mozilla Network Security Services Vulnerabilities
- GHOST: glibc gethostbyname buffer overflow
Happy Patching ZENworks Appliances…