[svlug] rpm tips: full version including epoch, CVEs fixed via backport

[Aaron Porter]

On Wed, Nov 28, 2012 at 4:23 PM, Rick Moen <rick at linuxmafia.com> wrote:
> Some of you may have the good fortune of needing to satisfy auditors who
> do what they laughingly call 'penetration tests' of the servers, in
> which they check reported version strings of your network daemons and
> then require you to prove that you're not vulnerable (and typically hit
> you with a basically insane demand that you upgrade to something dumb --
> because they've never heard of backported patches).

My favorite...

Auditor: What RPMs are installed on the system?
Admin: Well, we run Debian so technically none but...
Auditor: Wow! that's easy. No RPMs installed <checks box>
Admin: But!
Auditor: Next question...