Thanks again for the advice. Do all the community feeds work by checking only version numbers? If so, I think this would help me make a stronger case to get funding for Nessus.
Cheers, Ewae. On Saturday, 9 June 2018, Eero Volotinen <eero.voloti...@iki.fi> wrote: > Well. I think that checking only version numbers are not reliable way to > evaluate security of server.. > > If you really want to do it, then just pick commercial nessus.. > > Eero > > la 9. kesäk. 2018 klo 1.01 Ewae Rpok <ewaer...@gmail.com> kirjoitti: > >> Thanks for confirming, Eero. >> >> Any advice for alternative approaches to managing vulnerability >> assessment on Oracle Linux? >> >> Cheers, >> Ewae. >> >> On Friday, 8 June 2018, Eero Volotinen <eero.voloti...@iki.fi> wrote: >> >>> Hi, >>> >>> I "was" developer of that feed :) >>> >>> I haven't updated it for while, due to lack of time and/or sponsor ;) >>> >>> Eero >>> >>> pe 8. kesäk. 2018 klo 17.59 Ewae Rpok <ewaer...@gmail.com> kirjoitti: >>> >>>> Hello all. >>>> >>>> Can anyone advise on scanning Oracle Linux vulnerabilities? >>>> The Community feed seems to omit checks for errata published post 2016. >>>> >>>> e.g. https://linux.oracle.com/errata/ELSA-2018-0395.html was not >>>> reported despite kernel-uek 4.1.12-61.1.18 being run and >>>> kernel-3.10.0-514 being installed (both built 04 Nov 2016). >>>> >>>> Equivalent vulnerability in CentOS/RHEL-compatible kernel was positively >>>> identified when run against CentOS system: >>>> https://lists.centos.org/pipermail/centos-announce/2018-May/022843.html >>>> CentOS Update for kernel CESA-2018:1629 centos7 >>>> OID 1.3.6.1.4.1.25623.1.0.882885 >>>> >>>> Vulnerabilities are actually found - just nothing new. >>>> Supported by the following found on a recent kali linux install: >>>> >>>> root@kali:/var/lib/openvas/plugins# find . -name "ELSA*"|sort -rn|head >>>> ./2016/ELSA-2016-3554.nasl.asc >>>> ./2016/ELSA-2016-3554.nasl >>>> ./2016/ELSA-2016-3553.nasl.asc >>>> ./2016/ELSA-2016-3553.nasl >>>> ./2016/ELSA-2016-3552.nasl.asc >>>> ./2016/ELSA-2016-3552.nasl >>>> ./2016/ELSA-2016-3551.nasl.asc >>>> ./2016/ELSA-2016-3551.nasl >>>> ./2016/ELSA-2016-3531.nasl.asc >>>> ./2016/ELSA-2016-3531.nasl >>>> root@kali:/var/lib/openvas/plugins# find . -name "gb_CESA*"|sort >>>> -rn|head >>>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl.asc >>>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl >>>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl.asc >>>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl >>>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl.asc >>>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl >>>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl.asc >>>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl >>>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl.asc >>>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl >>>> root@kali:/var/lib/openvas/plugins# >>>> >>>> >>>> vulners.com has different looking pages for Oracle Linux >>>> vulnerabilities >>>> before and after the apparent cutoff - e.g. >>>> https://vulners.com/openvas/OPENVAS:1361412562310122925 >>>> and >>>> https://vulners.com/oraclelinux/ELSA-2016-3559 >>>> >>>> Should I be using a different tool or approach? >>>> >>>> Thanks in advance, >>>> Ewae. >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> Openvas-discuss@wald.intevation.org >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/ >>>> openvas-discuss >>> >>>
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
