By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Does AWS inspector find vulnerabilities in removed but still in dpkg list for ubuntu?

0

I have an instance with UBUNTU 20.04 and AWS inspector2 installed. Inspector reported a vulnerability in rsyslog package and I checked the VM and found the package in the dpkg list but the vulnerable package was installed but it is no longer, and only config files remain. As a result also the solution didn't work as apt does not upgrade a removed package.

Is this expected or a failure in AWS inspector?

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                               Version                           Architecture Description
+++-==================================-=================================-============-===============================================================================
rc  rsyslog                            8.2001.0-1ubuntu1.1               amd64        reliable system and kernel logging daemon
Topics
ComputeSecurity, Identity, & ComplianceAWS Well-Architected Framework
Tags
Linux ProvisioningAmazon InspectorSecurity
Language
English
Carlos
asked 9 months ago261 views
1 Answer
0

rc in the first column is key here, it says that the package has been removed but the configuration files remain on the system. Rather than attempt to upgrade it, it can be completely removed from the system with apt-get remove --purge, and then reinstalled from fresh.

profile picture
EXPERT
Steve_M
answered 9 months ago
  • Carlos
    9 months ago

    Yeah, I know that, but my point is AWS inspector should either:

    • not to detect a removed package as a vulnerability
    • not to offer an upgrade a package that is not installed

    The correct answer will be "yeah, it fails like that." if it does

  • Steve_M EXPERT
    9 months ago

    I guess that Inspector has got rsyslog-8.2001.0-1 on its list of things to look out for, so when Inspector finds a remnant of this on a host that is being scanned then this will be included in the findings.

    The decision about whether an item needs to be treated or can be skipped is one that is best left to the Ubuntu specialist who is going through the findings.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content