Well. I think that checking only version numbers are not reliable way to evaluate security of server..
If you really want to do it, then just pick commercial nessus.. Eero la 9. kesäk. 2018 klo 1.01 Ewae Rpok <ewaer...@gmail.com> kirjoitti: > Thanks for confirming, Eero. > > Any advice for alternative approaches to managing vulnerability assessment > on Oracle Linux? > > Cheers, > Ewae. > > On Friday, 8 June 2018, Eero Volotinen <eero.voloti...@iki.fi> wrote: > >> Hi, >> >> I "was" developer of that feed :) >> >> I haven't updated it for while, due to lack of time and/or sponsor ;) >> >> Eero >> >> pe 8. kesäk. 2018 klo 17.59 Ewae Rpok <ewaer...@gmail.com> kirjoitti: >> >>> Hello all. >>> >>> Can anyone advise on scanning Oracle Linux vulnerabilities? >>> The Community feed seems to omit checks for errata published post 2016. >>> >>> e.g. https://linux.oracle.com/errata/ELSA-2018-0395.html was not >>> reported despite kernel-uek 4.1.12-61.1.18 being run and >>> kernel-3.10.0-514 being installed (both built 04 Nov 2016). >>> >>> Equivalent vulnerability in CentOS/RHEL-compatible kernel was positively >>> identified when run against CentOS system: >>> https://lists.centos.org/pipermail/centos-announce/2018-May/022843.html >>> CentOS Update for kernel CESA-2018:1629 centos7 >>> OID 1.3.6.1.4.1.25623.1.0.882885 >>> >>> Vulnerabilities are actually found - just nothing new. >>> Supported by the following found on a recent kali linux install: >>> >>> root@kali:/var/lib/openvas/plugins# find . -name "ELSA*"|sort -rn|head >>> ./2016/ELSA-2016-3554.nasl.asc >>> ./2016/ELSA-2016-3554.nasl >>> ./2016/ELSA-2016-3553.nasl.asc >>> ./2016/ELSA-2016-3553.nasl >>> ./2016/ELSA-2016-3552.nasl.asc >>> ./2016/ELSA-2016-3552.nasl >>> ./2016/ELSA-2016-3551.nasl.asc >>> ./2016/ELSA-2016-3551.nasl >>> ./2016/ELSA-2016-3531.nasl.asc >>> ./2016/ELSA-2016-3531.nasl >>> root@kali:/var/lib/openvas/plugins# find . -name "gb_CESA*"|sort >>> -rn|head >>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl.asc >>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl >>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl.asc >>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl >>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl.asc >>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl >>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl.asc >>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl >>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl.asc >>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl >>> root@kali:/var/lib/openvas/plugins# >>> >>> >>> vulners.com has different looking pages for Oracle Linux vulnerabilities >>> before and after the apparent cutoff - e.g. >>> https://vulners.com/openvas/OPENVAS:1361412562310122925 >>> and >>> https://vulners.com/oraclelinux/ELSA-2016-3559 >>> >>> Should I be using a different tool or approach? >>> >>> Thanks in advance, >>> Ewae. >>> _______________________________________________ >>> Openvas-discuss mailing list >>> Openvas-discuss@wald.intevation.org >>> >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> >>
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
