Hello Community,
When performing a scan with credentials, I expect local security checks to include analysis of netsat, services and installed packages. But, unfortunately, I don’t get the full result. Also, when scanning with the same profile, I get different scanning results. What may be the issue and how to get a predictable and complete scan result?
For example: I have an apache package installed on my server, but openvas can’t find it.
Well. local checks are a bit problematic. they need custom nvt (check files) for each os and package files. that is huge effort.
I think that oracle linux checks are not updated and maintaned anymore. I wrote oracle linux checks for some years. On my side they are not maintained any more.
Thank you, @Eero
I tried to scan CentOS and the results really got better!
I also tried to scan Oracle Linux 7 with an account that is part of the wheel group and the scan showed the apache package. Do you know why this doesn’t happen when I scanning with an account without a wheel group?
@etty1337 well. i think that requirement it that user account can run rpm -qa command to get package information. you can try to run command on both accounts.
@Eero, I tried to execute this command from user and got a list of installed packages. I don’t see what could be wrong with the scan.
Thanks for your help, @Eero
I need to take a break for more detailed research on the problem.
if( “oraclelinux-release-7” >< rls ) {
set_kb_item( name:“ssh/login/oracle_linux”, value:TRUE );
buf = ssh_cmd( socket:sock, cmd:"/bin/rpm -qa --qf ‘%{NAME}~%{VERSION}~%{RELEASE};’" );
register_rpms( buf:buf );
if( match = eregmatch( pattern:“oraclelinux-release-7.([0-9]+)”, string:rls ) ) {
version = “7.” + match[1];
} else {
version = “7”;
}
log_message( port:port, data:"We are able to login and detect that you are running Oracle Linux " + version );
register_and_report_os( os:"Oracle Linux " + version, cpe:“cpe:/o:oracle:linux:” + version, banner_type:“SSH login”, desc:SCRIPT_DESC, runs_key:“unixoide” );
set_kb_item( name:“ssh/login/release”, value:“OracleLinux7” ); # nb: Special handling as the Oracle / ELSA LSCs are using just the major release
exit( 0 );
}
it don’t get rpms, if release file is not matching “oraclelinux-release-7”