Security Introduction

EulerOS security center provides official announcements for all EulerOS products and services.

A Process That Never Ends

The EulerOS team does its utmost to protect the safety of our customers, and we regard software security as a continuous development process. We implement the following measures:


•Promptly react to security incidents and deliver premium quality security updates

•Continuously improve the security-related functionality in EulerOS products

•Continuously contribute to the rapidly growing maturity of Open Source Software

•Respect the Open Source Software security principles of openness, transparency and traceability


Software security is a complex challenge. Software can provide many of its own security features, such as authentication methods, encryption, intrusion prevention and detection, and backup. At the same time, it can also contain errors (both deliberate and accidental) that can affect the system's security, including design flaws, programming errors, and backdoors. The EulerOS Security Team addresses all of these aspects of software security to ensure the security of the customer's system.

Two Sides Of Security

Software provides security features (such as authentication methods, encryption, intrusion prevention and detection, backup and others), but it also contains errors (such as design flaws, programming errors, and even backdoors) that often turn out to be relevant for the system's security. The EulerOS Security Team's task is to addresses all of these aspects of software security, in conviction that security in software is a challenge that never ends.


Security Features:

•A modern Linux Operating System feature a rich set of security programs and functions that range from access controls, intrusion prevention and detection, flexible and trustworthy authentication mechanisms, encryption for files and network connections, file integrity checking utilities, network analysis tools and monitoring/logging utilities for your system.

•To complement this, there are advanced tools that help you to securely configure and administer your system, and to securely download and install update packages. The update packages fix security bugs that have been found after your product has been made.

•The security features of your Linux system are waiting for you to explore them. Take advantage of them to further improve the level of privacy and security that is built into your system already by default!


Security Bugs:

•Programs are (usually) written by humans, and humans make mistakes. By consequence, all software contains errors. Some of these errors appear as instabilities (the software or the entire system crashes), while others may not have any apparent, visible effect. However, some software errors may introduce a security risk.

•A local or a remote attacker may be able to feed specially drafted data to the software which takes advantage of the programming error (in the case of a remotely exploitable bug, the data comes from an attached network device, such as a cable or DSL modem, or a wireless network interface card). The application then either crashes, resulting in a Denial of Service (DoS) attack, or it executes code that originates from the attacker, transferring control over the execution context from what the programmer intended to what the attacker has in mind for the exploitation of the error. Depending on the software's function, the resulting security breach can impose little or high security risks for your data and your system, potentially giving an attacker the opportunity to delete, alter or even steal your data, or use the system for his own purposes.

What We Do For Security

•Help to carefully select and configure the software used in EulerOS.

•Develop security tools and applications.

•Regularly conduct source code audits of Open Source Software. A source code audit is a detailed in-depth analysis of the program text that the programmer wrote to implement the functions of the software.

•Monitor security mailing lists for security related errors in software.

•Maintain contact to software authors, individuals that specialize in software security and software security organizations (such as the CERT) to communicate and coordinate technical and organizational details about security related malfunctions in software.


•Provide solutions for software security breaches in the form of security updates.

•Communicate the error and the availability of security updates (update packages).

Security Support Management

Security Service


EulerOS provides the following security services:

•Reads and responds (non-automated) to all email communication within three working days.

•Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response.

•Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.

•Directs all customers without security-related inquiries to more appropriate contact points.

Processing Workflow

Processing Workflow

EulerOS Security provides objective information about security risks that affect you. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.

EulerOS Security provides objective information about security risks that affect you. We use the following workflow to communicate accurate information about how these vulnerabilities affect you, so you can make informed decisions.

Terms & Conditions

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

活动时间: 2020年8月12日-2020年9月11日

OK

EulerOS security ratings

EulerOS rates the impact of security issues found in products using a four-point scale (Low, Moderate, Important, and Critical), as well as Common Vulnerability Scoring System (CVSS) base scores. For a detailed description of the CVSS V3 standard, please refer to the following official link: 

https://www.first.org/cvss/calculator/3.0 These provide a prioritized risk assessment to help you understand and schedule upgrades to your systems, enabling informed decisions on the risk each issue places on your unique environment.
CVSS V3 Score Severity Rating Description
9~10Critical impactThis rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact.
7~8.9Important impactThis rating is given to flaws that can easily compromise the confidentiality, integrity, or availability of resources. These are the types of vulnerabilities that allow local users to gain privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service.
4~6.9Moderate impactThis rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity, or availability of resources, under certain circumstances. These are the types of vulnerabilities that could have had a Critical impact or Important impact but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations.
0~3.9Low impactThis rating is given to all other issues that have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences.

Vulnerability Assessment Tools

An assessment can start by using some form of an information-gathering tool. When assessing the entire network, map the layout first to find the hosts that are running. Once located, examine each host individually. Focusing on these hosts requires another set of tools. Knowing which tools to use may be the most crucial step in finding vulnerabilities. The following are some of the tools that are commonly used by EulerOS for security.

•Nmap is a popular tool that can be used to determine the layout of a network. Nmap has been available for many years and is probably the most often used tool when gathering information. Administrators can use Nmap on a network to find host systems and open ports on those systems.Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your network and even pass an option that allows Nmap to attempt to identify the operating system running on a particular host. For more information about using Nmap, see the official homepage at the following URL:https://www.insecure.org/

•Greenbone Security Manager (GSM) is a full-featured and powerful security scanning tool developed based on the openVAS community to provide mature vulnerability analysis and management solutions. GSM is updated frequently, with host scanning and real-time vulnerability search functions, and can provide complete reports. Even if GSM is powerful and frequently updated, there may be false positives and false negatives. For more information about GSM, please visit the official website:  https://www.greenbone.net/

Reference

EulerOS provides official detailed security recommendations, as well as CVE related instructions. You can perform system repair or upgrade according to the actual situation. For details, please refer to the corresponding section. EulerOS provides a machine-readable page where the user needs to crawl the corresponding content using the following address:

https://hweuleros.com/ict/site-euleros/euleros/server/front_interface/security_titleList.jspx

The xml file of Security Advisories:

https://developer.huaweicloud.com/ict/cn/site-euleros/euleros/security-advisories/EulerOS-SA-xxxx-xxxx.xml

EulerOS Community

EulerOS is a open enterprise Linux operating system

Learn More