Linux | Alexander V. Leonov

New Vulners.com services for Linux Security Audit and Vulnerability Alerting. Upd. This post is out of date! Check out “Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing” from 2021.

A few weeks ago I was describing how to perform Linux Vulnerability Assessment without a Vulnerability Scanner. I also wrote in “Vulnerability scanners: a view from the vendor and end user side” that vulnerability scanning is not rocket science and it is easy to make your own scanner for vulnerabilities for a particular OS. Especially it is a popular Linux Distribution.

But. It’s one thing to write that you can do it, and another thing to develop a script for home use, and quite another thing to make a publicly available and efficient service…

Vulners Team guys have actually created such free Linux Vulnerability Audit service!

Linux Vulnerability Audit Service

First of all, they made a GUI where you can specify OS version (usually it is in the /etc/os-release file), list of packages installed on the host and get the list of vulnerabilities.

For example, here are the vulnerabilities for my Ubuntu Laptop, which I update frequently:

One vulnerability was found:

But GUI is good for demonstration. In real life, you can use Vulners Audit API. It will return list of vulnerabilities in JSON.

Continue reading →

Dealing with Qualys Cloud Agents. Today I would like to write about Qualys agent-based VM scanning. Agent-based scanning is a relatively new trend among VM vendors. At the beginning of Vulnerability Assessment, there was a prevailing view that the agentless scanning is more convenient for the users: you do not need to install anything on the host, just get credentials and you are ready to scan.

Qualys Cloud Agents logo

However, time passed and it now appears that installing agents on all hosts, where it is technically possible, may be easier, than managing credentials for authenticated scanning. Don’t forget the fact that almost all agentless scanning solutions require scanning account with root/admin privileges, and it’s not an easy task to minimize permissions of this accounts while keeping all functional capabilities of the scanner.

In recent years almost all major VM vendors who previously were promoting agentless scanning have also proposed agent-based solutions.

The main purposes of these solutions are:

scan devices that periodically connect to the enterprise network and it’s hard to catch them with traditional active scan (for example, laptop);
scan business critical hosts for which it is impossible to get scanning credentials.

VM vendors have taken different approaches for agent-based scanning. For example, Tenable agents are technically very similar to Nessus installations without web interface (read more at “Nessus Manager and Agents“), limited to can scan only the localhost. This seems reasonable, because historically Nessus scanner is available for many platforms, including Windows, Linux, MacOS. Qualys chose other way. They made minimalistic agents for data gathering, processing it on the remote servers. This is also fits well in Qualys cloud concept.

As I wrote earlier in “Qualys Vulnerability Management GUI and API“, Qualys working hard to make their web interface easier for beginners. When you go to CA (Cloud Agents) tab, the first thing you see is a user-friendly interface for quick start.

Cloud Agents Welcome

Continue reading →

Testing Secpod Saner Personal vulnerability scanner. SecPod Technologies is an information security products company located in Bangalore, India. They are also known as top OVAL Contributor and NVT vendor for OpenVAS. Besides the products designed for a big enterprises (vulnerability scanner Saner Business and threat intelligence platform Ancor), they have either vulnerability and compliance management solution for personal use – Saner Personal. And personal means that this scanner will scan only localhost. It’s free, SCAP-compatible, it has remediation capabilities. And it works. =)

Secpod Saner Personal scanning results

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Linux

Dealing with Qualys Cloud Agents

Testing Secpod Saner Personal vulnerability scanner