We are currently working our way through a PCI compliance assessment on our server running CentOS.
We are getting a lot of 'severe' issues with suggested fixes. The suggestions to rectify the issues are mostly to update the packages to the latest version. Sound advice I thought, until I ran 'sudo yum update', then ran that scan again and frustratingly the issues hadn't gone.
I spoke to our hosting provider (it's a dedicated server) and they said that although the version is up to date it will have various patches that fix known security issues.
They suggested running a changelog command for the packages and then appealing each of the severe issues flagged on the scan. So I went to create an appeal for the first issue and it asked for the version of the package, the patch level and the reason I feel we're exempt.
So, in CentOS what's the simplest way of showing the version number and patch level for each individual installed package?
Best Answer
rpm -q <package name>will give you the software version number as well as the package release number, but you will need to investigate the contents ofrpm --changelog <package name>in order to determine which patches have been applied.