Amazon Inspector2 - Is it possible to create a suppression rule for issues that don't have a remediation available yet?

0

At the moment, most of my "High" findings are kernel issues that don't have a remediation yet. i.e. there is no kernel to be installed that fixes the issue. Is there a way to create a rule to suppress these issues? They all have the same text in Remediation field

"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."

An example CVEs https://access.redhat.com/security/cve/CVE-2021-40490.

I could add a rule for each one individually based on the CVE name or ID. However that isn't really a scalable solution. I also want them to be shown again when there is a remediation available and hasn't been applied yet.

The most ideal solution would be to just have a view that only shows issues that can be remediated instead of having suppression rules for them.

asked 2 years ago717 views
1 Answer
0

FWIW, I managed to clear out a lot of these issues by deleting all old 4.14 kernels that weren't active.

To upgrade 4.4. to 5.10

  • sudo amazon-linux-extras enable kernel-5.10
  • sudo yum clean metadata
  • sudo yum install -y kernel
  • sudo reboot
  • ....
  • ssh ...
  • sudo yum update -y

To delete all non active kernels

  • sudo rpm -q kernel #see which other kernel packages are installed.
  • sudo package-cleanup --oldkernels --count=1 # Remove non active kernels. This was key to clear out all the issues.

I think it would be kindof nice if the package error for kernels indicated it was the non-active kernel causing the issues. I had thought the issues were stale and they would eventually go away. Not so. Need to delete the non active kernel packages.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions