Problem:
I have no idea what the Squid’s part in my installation does Expected outcome:
I have an idea what the Squid’s part in my installation does Foreman and Proxy versions:
Katello 3.18.3
Foreman and Proxy plugin versions:
Distribution and version:
CentOS 7 Other relevant data:
I have a basic single-server katello instance with no proxies, and squid is repeatedly the cause of some vulnerabilities in my installation according to our security scans, so i was wondering what squid actually does in my installation and if it’s even required.
If it’s required i’ll keep it around, but if it was installed at the beginning and is still around due to legacy things, then i’ll get to work on removing it from my installation.
It’s used in Pulp 2 to stream content. In Pulp 3 this is part of the application itself. If you upgrade to Katello 4 then Squid should no longer be needed. I’m not sure if our instructions contain removal, but it should no longer used then.
On a side note: that’s sounds like one of the usual false positives with redhat software. They only check the version numbers and don’t consider security backports.
Yes, that is often the case, but since pulp2 is using squid3, i’m not so sure in these cases.
This morning i had to add a config line to mitigate a uri_whitespace vulnerability.
But we also had to open a case with our scanner provider because it wants us to update from openssl version X to the exact same version except the ksplice variant of the package on our OL7 machines. Both packages are identical with regards to this vulnerability.
Gets real tedious real fast having to check every vulnerability and mark things as false-positives, so removing everything extra that isn’t required helps a bunch
