Description
This article provides brief answers to the most common questions. For more detailed and in-depth information, we strongly recommend referring to our documentation here: CLICK
Frequently asked questions
- What is TuxCare Extended Lifecycle Support (ELS)?
- What operating systems is ELS available for?
- How do you determine which vulnerabilities need to be patched in the packages provided by ELS?
- How quickly do you release security patches after a vulnerability is disclosed?
- What is the duration of the ELS?
- What packages do you support?
- What will change on my server after ELS installation?
- What needs to be changed/checked in the network and firewall settings to get ELS working?
- Can I create a local mirror for ELS?
- I'm using a security scanner. Does it recognize your security patches?
- I don't use a security scanner but would like to start. What can you recommend?
- Can I integrate OVAL data with the new vulnerability scanner?
- I find it more convenient to follow updates via RSS. Do you have feeds?
- I don't need ELS on this server anymore. How can I delete it?
- How can I install ELS for PHP?
- What is TuxCare Extended Lifecycle Support (ELS)?
TuxCare's Extended Lifecycle Support (ELS) service provides security updates, system enhancement patches, and selected bug fixes for older versions of a variety of Linux distributions. The service coverage includes updates for the Linux kernel and a list of essential packages that are integral to server operations.
- What operating systems is ELS available for?
Currently, the list of supported systems includes CentOS 6, Oracle Linux 6, CloudLinux 6, CentOS 7, CentOS 8, Ubuntu 16.04, and Ubuntu 18.04.
- How do you determine which vulnerabilities need to be patched in the packages provided by ELS?
TuxCare uses the Common Vulnerability Scoring System (CVSS v3) to assess the severity of security vulnerabilities. ELS provides patches for high and critical security vulnerabilities (with a CVSS score of 7+), and for vulnerabilities rated as medium (4.0 to 6.9) and/or if patches are required for FIPS-certified deployments, we offer additional service options. For more information, please contact our sales team.
- How quickly do you release security patches after a vulnerability is disclosed?
TuxCare operates in compliance with many industry standards and requirements and timely provides security patches. We aim to provide patches for critical and high-risk vulnerabilities (CVSS 7+) within 14 days of the vulnerabilities being publicly disclosed.
- What is the duration of the ELS?
TuxCare provides extended life cycle support (ELS) for up to four years (except for CentOS 7, which is supported for up to five years). This support is provided after a Linux distribution has reached the end of life (EOL) or is no longer receiving standard support.
Distribution | EOL | ELS |
---|---|---|
CentOS 6 | November 2020 | November 2026 |
CentOS 7 | June 2024 | June 2029 |
CentOS 8 | January 2022 | January 2026 |
Oracle Linux 6 | December 2020 | December 2024 |
Ubuntu 16.04 | April 2021 | April 2025 |
Ubuntu 18.04 | May 2023 | May 2028 |
- What packages do you support?
For a complete list of supported packages for each operating system, as well as details on patched Common Vulnerabilities and Exposures (CVEs), please click here. Support for additional packages can be provided upon request to the sales team.
- What will change on my server after ELS installation?
The installation script will register the server with the CLN, add the PGP key to the server, create the ELS repository, and install the els-define package.
ELS in terms of package and system changes does not bring anything functionally new and does not remove the old, we fix security problems in the programs and kernels that are present in the current version, but without changing their functionality and algorithms.
- How can I install ELS?
To install ELS on the server you need to download the installation script and run it with the key obtained when purchasing an ELS license.
Under the spoilers you will find brief installation instructions.
CentOS 6 ELS
Download an installer script:
wget https://repo.cloudlinux.com/centos6-els/install-centos6-els-repo.sh
Run the installer script with the key:
sh install-centos6-els-repo.sh --license-key XXXX-XXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
yum info els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
OracleLinux 6 ELS
Download an installer script:
wget https://repo.cloudlinux.com/oraclelinux6-els/install-oraclelinux-els-repo.py
Run the installer script with the key:
sh install-centos6-els-repo.sh --license-key XXXX-XXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
yum info els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
CloudLinux 6 ELS
You do not need ELS for CentOS 6 subscription if you are already using CloudLinux OS 6. You can find more information here
CentOS 7 ELS
Download an installer script:
wget https://repo.tuxcare.com/centos7-els/install-centos7-els-repo.sh
Run the installer script with the key:
sh install-centos7-els-repo.sh --license-key XXXX-XXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
yum info els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
CentOS 8 ELS
Download an installer script:
- For CentOS 8.4
wget https://repo.cloudlinux.com/el8-els/centos8.4-els/install-centos8.4-els-repo.sh
- For CentOS 8.5
wget https://repo.cloudlinux.com/el8-els/centos8.5-els/install-centos8.5-els-repo.sh
Run the installer script with the key:
- For CentOS 8.4
sh install-centos8.4-els-repo.sh --license-key XXXX-XXXXXXXXXXXX
- For CentOS 8.5
sh install-centos8.5-els-repo.sh --license-key XXXX-XXXXXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
yum info els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
Ubuntu 16.04 ELS
Download an installer script:
wget https://repo.cloudlinux.com/ubuntu16_04-els/install-ubuntu-els-repo.py
Run the installer script with the key:
python install-ubuntu-els-repo.py --license-key XXX-XXXXXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
apt-cache show els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
Ubuntu 18.04 ELS
Download an installer script:
wget https://repo.cloudlinux.com/ubuntu18_04-els/install-ubuntu-els-repo.py
Run the installer script with the key:
python install-ubuntu-els-repo.py --license-key XXXX-XXXXXXXXXXXX
The installation script registers a server in CLN with the key and adds a PGP key to the server.
To ensure the installation has been completed successfully, run the following command:
apt-cache show els-define
It should return the info about an available package. If you can see information about the package, you can be sure that the installation was successful. After this, you will be able to install updates from the repository using a regular yum upgrade command.
- What needs to be changed/checked in the network and firewall settings to get ELS working?
To use ELS, you need to open TCP port 443 for the following routes:
CentOS 6 ELS
- cln.cloudlinux.com
- repo.cloudlinux.com
- els-rollout.cloudlinux.com
OracleLinux 6 ELS, CentOS 8 ELS, Ubuntu 16.04 ELS, Ubuntu 18.04 ELS
- cln.cloudlinux.com
- repo.cloudlinux.com
CentOS 7 ELS
- cln.cloudlinux.com
- repo.tuxcare.com
- els-rollout.tuxcare.com
- Can I create a local mirror for ELS?
Sure. We provide the ability to create local mirrors of ELS updates.
To access local mirroring, you need to provide your external IP address to your account manager or send it to sales@tuxcare.com.
Then follow the instructions provided by the Sales team.
- I'm using a security scanner. Does it recognize your security patches?
We provide OVAL data containing instructions for the scanner to identify resolved vulnerabilities in ELS updates. The els-define package, which is installed on the system during the ELS installation script, is responsible for ensuring that scanners correctly identify security patches provided by ELS.
We currently provide OVAL data for the following products:
- CentOS 6 ELS
- Oracle Linux 6 ELS
- CentOS 7 ELS
- CentOS 8 ELS
- Ubuntu 16.04
- Ubuntu 18.04
Available TuxCare ELS OVAL Streams
- CentOS 6: https://repo.cloudlinux.com/centos6-els/centos6-els-oval.xml
- Oracle Linux 6: https://repo.cloudlinux.com/oraclelinux6-els/oraclelinux6-els-oval.xml
- CentOS 7: https://repo.tuxcare.com/centos7-els/centos7-els-oval.xml
- CentOS 8.4: https://repo.cloudlinux.com/centos8.4-els/centos84-els-oval.xml
- CentOS 8.5: https://repo.cloudlinux.com/centos8.5-els/centos85-els-oval.xml
- Ubuntu 16.04: https://repo.cloudlinux.com/ubuntu16_04-els/ubuntu16.04-els-oval.xml
- Ubuntu 18.04: https://repo.cloudlinux.com/ubuntu18_04-els/ubuntu18.04-els-oval.xml
- I don't use a security scanner but would like to start. What can you recommend?
We suggest using OpenSCAP, which is an open-source vulnerability scanner that can be used to scan a system protected by TuxCare ELS.
How to use OpenSCAP with TuxCare ELS
- Install els-define and OpenSCAP
- for rpm systems:
yum install els-define openscap openscap-utils scap-security-guide -y
- for deb systems:
apt-get install els-define libopenscap8 -y
- Download OVAL stream:
wget https://repo.cloudlinux.com/ubuntu18_04-els/ubuntu18.04-els-oval.xml
- Run scanning:
oscap oval eval --results results.xml --report report.html ubuntu18.04-els-oval.xml
- Examine the scan results report
Following the example above scan results report will be saved to report.html file in the current directory. This file can then be downloaded for analysis or published directly with the local web server, for example:
python3 -m http.server 8000
or for python2
python -m SimpleHTTPServer 8000
Assuming the above command is run from the directory with report.html file, the webpage with the report can then be accessed on http://:8000/report.html
cve through a web browser.
The report includes a table with vulnerabilities and their status on the examined system. Line as the following one reports that the system is vulnerable to the CVE-2023-2828:
update oval:com.tuxcare.clsa:def:1688677755 true patch [CLSA-2023:1688677755], [CVE-2023-2828] Fix CVE(s): CVE-2023-2828
The table also includes corresponding hyperlinks to advisory pages where the package and the version containing the fix can be found as well as the command to run on the target system in order to install the update.
Lines like the one below designate that the fix for the corresponding CVE is already installed on the system, and no further action is needed:
oval:com.tuxcare.clsa:def:1694538670 false patch [CLSA-2023:1694538670], [CVE-2022-40433] Fix CVE(s): CVE-2022-40433
- Can I integrate OVAL data with the new vulnerability scanner?
To detect whether a system has TuxCare ELS installed, check for the following file being present: /etc/els-release
Once that is validated, you can use the corresponding to the operating system OVAL files from above to scan for vulnerabilities.
- I find it more convenient to follow updates via RSS. Do you have feeds?
Yes. They're available at the links below:
- CentOS 6: https://cve.tuxcare.com/rss_feed/releases/centos6els
- CloudLinux 6: https://cve.tuxcare.com/rss_feed/releases/cloudlinux6els
- Oracle Linux 6: https://cve.tuxcare.com/rss_feed/releases/oraclelinux6els
- CentOS 7: https://cve.tuxcare.com/rss_feed/releases/centos7els
- CentOS 8.4: https://cve.tuxcare.com/rss_feed/releases/centos8.4els
- CentOS 8.5: https://cve.tuxcare.com/rss_feed/releases/centos8.5els
- Ubuntu 16.04: https://cve.tuxcare.com/rss_feed/releases/ubuntu16.04els
- Ubuntu 18.04: https://cve.tuxcare.com/rss_feed/releases/ubuntu18.04els
- I don't need ELS on this server anymore. How can I delete it?
- Find and remove the file with ELS repositories:
ls -l /etc/yum.repos.d/*-els.repo -rw-r--r-- 1 root root 210 Aug 2 2021 /etc/yum.repos.d/centos6-els.repo # rm /etc/yum.repos.d/centos6-els.repo
- Remove the
els-define
package:
yum remove els-define
- Do you have ELS for PHP?
Extended Lifecycle Support (ELS) for PHP from TuxCare provides security fixes for PHP versions that have reached their end-of-life. This allows to continue running Linux server vulnerability-free.
Supported OS
TuxCare provides Extended Lifecycle Support through four years after the EOL date.
OS | Version |
---|---|
CentOS, CloudLinux, OracleLinux, etc. | 6.x 64-bit, 7.x 64-bit, 8.x 64-bit, 9.x 64-bit |
AlmaLinux | 8.x 64-bit, 9.x 64-bit |
Ubuntu | 16.04 64-bit, 18.04 64-bit, 20.04 64-bit, 22.04 64-bit |
Supported versions
CentOS, CloudLinux, AlmaLinux, Oracle Linux, etc.: 5.1.6, 5.2.17, 5.3.29, 5.4.45, 5.5.38, 5.6.40, 7.0.33, 7.1.33, 7.2.34, 7.3.33, 7.4.33, 8.0.30, 8.1.27, 8.2, 8.3
Ubuntu: 5.6.40, 7.0.33, 7.1.33, 7.2.34, 7.3.33, 7.4.33, 8.0.30, 8.1.27, 8.2, 8.3
Also worth mentioning is that we release PHP packages with the same GPL Licenses as the original code.
- How can I install ELS for PHP?
Under the spoilers you will find brief installation instructions.
RHEL based systems
Download an installer script:
wget https://repo.cloudlinux.com/php-els/install-php-els-repo.sh
Run the installer script with keys. The installation script registers the server in the CLN with the key, adds the yum repository, and adds a PGP key to the server.
sh install-php-els-repo.sh --license-key XXX-XXXXXXXXXXXX
Verify that the installation was successful.
To ensure the installation has been completed successfully, run the following command. It should return the info about an available package. If information about the package will be available, it would mean that installation was successful. After that, updates will be available for installation from the repository using the usual yum upgrade command.
yum info alt-php73
How to install packages:
- Each version of PHP individually or all versions at once can be installed.
- Standard commands to install each version separately can be used. For example, installing alt-php73:
yum install alt-php73*
To install all versions at the same time, use group:
yum groupinstall alt-php
Ubuntu
Download an installer script:
wget https://repo.cloudlinux.com/php-els/install-php-els-ubuntu-repo.sh
Run the installer script with keys.
bash install-php-els-ubuntu-repo.sh --license-key XXX-XXXXXXXXXXXX
Verify that the installation was successful.
To ensure the installation has been completed successfully, run the following command. It should return the info about an available package. If information about the package will be available, it would mean that installation was successful. After that, updates will be available for installation from the repository using the usual apt upgrade command.
apt-cache show alt-php73-cli
How to install packages:
- Each version of PHP individually or all versions at once can be installed.
- Standard commands to install each version separately can be used. For example, installing alt-php73:
apt-get install alt-php73*
To install all versions at the same time, use group:
apt-get install alt-php
Comments
0 comments
Please sign in to leave a comment.