I have an instance with UBUNTU 20.04 and AWS inspector2 installed. Inspector reported a vulnerability in rsyslog package and I checked the VM and found the package in the dpkg list but the vulnerable package was installed but it is no longer, and only config files remain. As a result also the solution didn't work as apt does not upgrade a removed package.
Is this expected or a failure in AWS inspector?
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==================================-=================================-============-===============================================================================
rc rsyslog 8.2001.0-1ubuntu1.1 amd64 reliable system and kernel logging daemon
AWS 공식업데이트됨 2년 전
Yeah, I know that, but my point is AWS inspector should either:
The correct answer will be "yeah, it fails like that." if it does
I guess that Inspector has got rsyslog-8.2001.0-1 on its list of things to look out for, so when Inspector finds a remnant of this on a host that is being scanned then this will be included in the findings.
The decision about whether an item needs to be treated or can be skipped is one that is best left to the Ubuntu specialist who is going through the findings.