Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Does AWS inspector find vulnerabilities in removed but still in dpkg list for ubuntu?

0

I have an instance with UBUNTU 20.04 and AWS inspector2 installed. Inspector reported a vulnerability in rsyslog package and I checked the VM and found the package in the dpkg list but the vulnerable package was installed but it is no longer, and only config files remain. As a result also the solution didn't work as apt does not upgrade a removed package.

Is this expected or a failure in AWS inspector?

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                               Version                           Architecture Description
+++-==================================-=================================-============-===============================================================================
rc  rsyslog                            8.2001.0-1ubuntu1.1               amd64        reliable system and kernel logging daemon
Tópicos
ComputaçãoSegurança, identidade e conformidadeAWS Well-Architected Framework
Tags
Provisionamento do LinuxAmazon InspectorSegurança
Idioma
English
Carlos
feita há 10 meses272 visualizações
1 Resposta
0

rc in the first column is key here, it says that the package has been removed but the configuration files remain on the system. Rather than attempt to upgrade it, it can be completely removed from the system with apt-get remove --purge, and then reinstalled from fresh.

profile picture
ESPECIALISTA
Steve_M
respondido há 10 meses
  • Carlos
    há 10 meses

    Yeah, I know that, but my point is AWS inspector should either:

    • not to detect a removed package as a vulnerability
    • not to offer an upgrade a package that is not installed

    The correct answer will be "yeah, it fails like that." if it does

  • Steve_M ESPECIALISTA
    há 10 meses

    I guess that Inspector has got rsyslog-8.2001.0-1 on its list of things to look out for, so when Inspector finds a remnant of this on a host that is being scanned then this will be included in the findings.

    The decision about whether an item needs to be treated or can be skipped is one that is best left to the Ubuntu specialist who is going through the findings.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante