Best matching OS:
OS: Ubuntu
CPE: cpe:/o:canonical:ubuntu_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (SSH OS Identification)
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_8.3p1 Ubuntu-1
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Debian GNU/Linux
CPE: cpe:/o:debian:debian_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.100292 (apcupsd / apcnisd Detection)
Concluded from apcupsd Banner on port 3551/tcp: VERSION : 3.14.14 (31 May 2016) debian
apcupsd running on Ubuntu is detected as debian…
Best matching OS:
OS: Debian GNU/Linux 10
Version: 10
CPE: cpe:/o:debian:debian_linux:10
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (SSH OS Identification)
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Linux/Unix
CPE: cpe:/o:linux:kernel
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (HTTP OS Identification)
Concluded from HTTP Server banner on port 8006/tcp: Server: pve-api-daemon/3.0
This is actually Proxmox (“pve” = Proxmox virtual environment https://www.proxmox.com/proxmox-ve)
Yes, its Debian-based and there is probably no way of telling if it was installed as package(s) or from iso…
Thanks a lot for providing this information / doing this posting
From VT side the only result which counts is the “Best matching OS” which is correctly detected as Ubuntu. Other less unreliable ones are mentioned below which is the case for apcupsd.
As the banner reports “debian” and not “ubuntu” there is unfortunately no detection improvement possible for the less reliable results.
We have a HTTP based OS detection covered by the following VTs:
Name: HTTP OS Identification
OID: 1.3.6.1.4.1.25623.1.0.111067
but indeed not sure if it is possible to somehow differ between the ISO and the package installation. Any further details on such detection possibilities of PVE are very welcome.
The first VT was not present in my results - dont know why…
The second VT is the one that identified Proxmox as “cpe:/o:linux:kernel” which should be something more like “cpe:/o:debian:proxmox”!?
Just thinking: If it has the package installed it is a virtualization node.
So the installation method should not matter and it probably should “override” the “Best matching OS”
Sorry it was deteced based on the TCP-Stack that a Linux Kernel takes care of TCP/IP, nothing more. The detection was and is correct. There is no Proxmox TCP-Stack
Ah, indeed. I had missed that this VT currently isn’t doing any OS detection. And after having a look at it i noticed that i had written that myself and can now remember that i wasn’t sure back then if Proxmox VE is really an OS (cpe:/o:) or just an application used by an OS like Debian (cpe:/a:) and decided to go for the latter.
Mhhh, i was in contact with the NVD because of a typo in a Proxmox VE CPE used by them (cpe:/a:proxmov:virtual_environment instead of cpe:/a:proxmox:virtual_environment) and also mentioned in the conversation that the CPE could be a cpe:/o: for an Operating System instead.
They disagreed on that because they think that Proxmox VE isn’t an Operating System at all. As we need to stay as near as possible with the official CPEs used by the NVD we’re now going for the following in the next few weeks:
Keeping the cpe:/a for Proxmox VE
Registering an Debian operating system CPE if Proxmox was detected
So the Proxmox VE Detection and Proxmox based OS detection of Debian has been reworked today and the changes will arrive in the feeds in the next few days (probably tomorrow or the day after).
What we’re basically getting is the following if e.g. only 3128/tcp is exposed (no Proxmox VE version extraction possible):
Detected Proxmox Virtual Environment (VE, PVE)
Version: unknown
Location: /
CPE: cpe:/a:proxmox:virtual_environment
Detection methods:
- HTTP(s) on port 3128/tcp
Concluded from version/product identification result:
Server: pve-api-daemon/3.0
Best matching OS:
OS: Debian GNU/Linux
CPE: cpe:/o:debian:debian_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.117270 (Proxmox Virtual Environment (VE, PVE) Detection Consolidation)
Concluded from Debian version fingerprinting based on the Proxmox VE major version
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Debian GNU/Linux
CPE: cpe:/o:debian:debian_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (Operating System (OS) Detection (HTTP))
Concluded from HTTP Server banner on port 3128/tcp: Server: pve-api-daemon/3.0
or the following if 8006/tcp (the version extraction is possible in that case):
Detected Proxmox Virtual Environment (VE, PVE)
Version: 6.3-2
Location: /
CPE: cpe:/a:proxmox:virtual_environment:6.3-2
Detection methods:
- HTTP(s) on port 8006/tcp
Concluded from version/product identification result:
<redacted>
Best matching OS:
OS: Debian GNU/Linux 10
Version: 10
CPE: cpe:/o:debian:debian_linux:10
Found by NVT: 1.3.6.1.4.1.25623.1.0.117270 (Proxmox Virtual Environment (VE, PVE) Detection Consolidation)
Concluded from Debian version fingerprinting based on the Proxmox VE major version
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Debian GNU/Linux
CPE: cpe:/o:debian:debian_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (Operating System (OS) Detection (HTTP))
Concluded from HTTP Server banner on port 8006/tcp: Server: pve-api-daemon/3.0
Detected Proxmox Virtual Environment (VE, PVE)
Version: 6.3-6
Location: /
CPE: cpe:/a:proxmox:virtual_environment:6.3-6
Detection methods:
- HTTP(s) on port 8006/tcp
Concluded from version/product identification result:
...
Best matching OS:
OS: Debian GNU/Linux 10
Version: 10
CPE: cpe:/o:debian:debian_linux:10
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (Operating System (OS) Detection (SSH))
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Debian GNU/Linux 10
Version: 10
CPE: cpe:/o:debian:debian_linux:10
Found by NVT: 1.3.6.1.4.1.25623.1.0.117270 (Proxmox Virtual Environment (VE, PVE) Detection Consolidation)
Concluded from Debian version fingerprinting based on the Proxmox VE major version
OS: Debian GNU/Linux
CPE: cpe:/o:debian:debian_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (Operating System (OS) Detection (HTTP))
Concluded from HTTP Server banner on port 8006/tcp: Server: pve-api-daemon/3.0
