I have an instance with UBUNTU 20.04 and AWS inspector2 installed. Inspector reported a vulnerability in rsyslog
package and I checked the VM and found the package in the dpkg
list but the vulnerable package was installed but it is no longer, and only config files remain. As a result also the solution didn't work as apt
does not upgrade a removed package.
Is this expected or a failure in AWS inspector?
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==================================-=================================-============-===============================================================================
rc rsyslog 8.2001.0-1ubuntu1.1 amd64 reliable system and kernel logging daemon
Yeah, I know that, but my point is AWS inspector should either:
The correct answer will be "yeah, it fails like that." if it does
I guess that Inspector has got rsyslog-8.2001.0-1 on its list of things to look out for, so when Inspector finds a remnant of this on a host that is being scanned then this will be included in the findings.
The decision about whether an item needs to be treated or can be skipped is one that is best left to the Ubuntu specialist who is going through the findings.