Amazon Inspector2 - Is it possible to create a suppression rule for issues that don't have a remediation available yet?

0

At the moment, most of my "High" findings are kernel issues that don't have a remediation yet. i.e. there is no kernel to be installed that fixes the issue. Is there a way to create a rule to suppress these issues? They all have the same text in Remediation field

"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."

An example CVEs https://access.redhat.com/security/cve/CVE-2021-40490.

I could add a rule for each one individually based on the CVE name or ID. However that isn't really a scalable solution. I also want them to be shown again when there is a remediation available and hasn't been applied yet.

The most ideal solution would be to just have a view that only shows issues that can be remediated instead of having suppression rules for them.

已提問 2 年前檢視次數 708 次
1 個回答
0

FWIW, I managed to clear out a lot of these issues by deleting all old 4.14 kernels that weren't active.

To upgrade 4.4. to 5.10

  • sudo amazon-linux-extras enable kernel-5.10
  • sudo yum clean metadata
  • sudo yum install -y kernel
  • sudo reboot
  • ....
  • ssh ...
  • sudo yum update -y

To delete all non active kernels

  • sudo rpm -q kernel #see which other kernel packages are installed.
  • sudo package-cleanup --oldkernels --count=1 # Remove non active kernels. This was key to clear out all the issues.

I think it would be kindof nice if the package error for kernels indicated it was the non-active kernel causing the issues. I had thought the issues were stale and they would eventually go away. Not so. Need to delete the non active kernel packages.

已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南