Does AWS inspector find vulnerabilities in removed but still in dpkg list for ubuntu?

0

I have an instance with UBUNTU 20.04 and AWS inspector2 installed. Inspector reported a vulnerability in rsyslog package and I checked the VM and found the package in the dpkg list but the vulnerable package was installed but it is no longer, and only config files remain. As a result also the solution didn't work as apt does not upgrade a removed package.

Is this expected or a failure in AWS inspector?

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                               Version                           Architecture Description
+++-==================================-=================================-============-===============================================================================
rc  rsyslog                            8.2001.0-1ubuntu1.1               amd64        reliable system and kernel logging daemon
Carlos
已提问 10 个月前272 查看次数
1 回答
0

rc in the first column is key here, it says that the package has been removed but the configuration files remain on the system. Rather than attempt to upgrade it, it can be completely removed from the system with apt-get remove --purge, and then reinstalled from fresh.

profile picture
专家
Steve_M
已回答 10 个月前
  • Yeah, I know that, but my point is AWS inspector should either:

    • not to detect a removed package as a vulnerability
    • not to offer an upgrade a package that is not installed

    The correct answer will be "yeah, it fails like that." if it does

  • I guess that Inspector has got rsyslog-8.2001.0-1 on its list of things to look out for, so when Inspector finds a remnant of this on a host that is being scanned then this will be included in the findings.

    The decision about whether an item needs to be treated or can be skipped is one that is best left to the Ubuntu specialist who is going through the findings.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则