Using the attached security vulnerability patch-ssh-and-daas_1628619072372.sh script:
1) this patch addresses the SSH vulnerability by updating the Ciphers used for SSH in the MOI appliance file /etc/ssh/sshd_config file as follows:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
2) it also removes the data service (daas) ports 7160 and 7161 by updating the MOI appliance file /opt/moi/dataservice/normal/docker-compose.yml
to address the TLS vulnerability with these ports.
Release : 2.0
Component : MF OPERATIONAL INTELLIGENCE
1) Download/Copy the patch-ssh-and-daas_1628619072372.sh file to the MOI appliance box.
2) Give execute permission to rpatch-ssh-and-daas_1628619072372.sh using the following command
chmod +x patch-ssh-and-daas_1628619072372.sh
3) Execute the script using the following command
./patch-ssh-and-daas_1628619072372.sh
4) Once the execution is complete, the dataservice_dataservice_1 will be restarted since the daas ports were removed.
5) Execute command docker ps -a to monitor the health of the containers.
(wait 5 mins and check to ensure that all the Docker containers are up and healthy)