Hi, There are two kinds of check. remote checks and local checks.
Anyway, both scanners works same way. Nessus contains a bit more remote check(s) and updated oracle linux checks. -- Eero On Mon, Jun 11, 2018 at 11:30 AM Ewae Rpok <ewaer...@gmail.com> wrote: > Thanks again for the advice. > > Do all the community feeds work by checking only version numbers? If so, > I think this would help me make a stronger case to get funding for Nessus. > > Cheers, > Ewae. > > On Saturday, 9 June 2018, Eero Volotinen <eero.voloti...@iki.fi> wrote: > >> Well. I think that checking only version numbers are not reliable way to >> evaluate security of server.. >> >> If you really want to do it, then just pick commercial nessus.. >> >> Eero >> >> la 9. kesäk. 2018 klo 1.01 Ewae Rpok <ewaer...@gmail.com> kirjoitti: >> >>> Thanks for confirming, Eero. >>> >>> Any advice for alternative approaches to managing vulnerability >>> assessment on Oracle Linux? >>> >>> Cheers, >>> Ewae. >>> >>> On Friday, 8 June 2018, Eero Volotinen <eero.voloti...@iki.fi> wrote: >>> >>>> Hi, >>>> >>>> I "was" developer of that feed :) >>>> >>>> I haven't updated it for while, due to lack of time and/or sponsor ;) >>>> >>>> Eero >>>> >>>> pe 8. kesäk. 2018 klo 17.59 Ewae Rpok <ewaer...@gmail.com> kirjoitti: >>>> >>>>> Hello all. >>>>> >>>>> Can anyone advise on scanning Oracle Linux vulnerabilities? >>>>> The Community feed seems to omit checks for errata published post 2016. >>>>> >>>>> e.g. https://linux.oracle.com/errata/ELSA-2018-0395.html was not >>>>> reported despite kernel-uek 4.1.12-61.1.18 being run and >>>>> kernel-3.10.0-514 being installed (both built 04 Nov 2016). >>>>> >>>>> Equivalent vulnerability in CentOS/RHEL-compatible kernel was >>>>> positively >>>>> identified when run against CentOS system: >>>>> https://lists.centos.org/pipermail/centos-announce/2018-May/022843.html >>>>> CentOS Update for kernel CESA-2018:1629 centos7 >>>>> OID 1.3.6.1.4.1.25623.1.0.882885 >>>>> >>>>> Vulnerabilities are actually found - just nothing new. >>>>> Supported by the following found on a recent kali linux install: >>>>> >>>>> root@kali:/var/lib/openvas/plugins# find . -name "ELSA*"|sort -rn|head >>>>> ./2016/ELSA-2016-3554.nasl.asc >>>>> ./2016/ELSA-2016-3554.nasl >>>>> ./2016/ELSA-2016-3553.nasl.asc >>>>> ./2016/ELSA-2016-3553.nasl >>>>> ./2016/ELSA-2016-3552.nasl.asc >>>>> ./2016/ELSA-2016-3552.nasl >>>>> ./2016/ELSA-2016-3551.nasl.asc >>>>> ./2016/ELSA-2016-3551.nasl >>>>> ./2016/ELSA-2016-3531.nasl.asc >>>>> ./2016/ELSA-2016-3531.nasl >>>>> root@kali:/var/lib/openvas/plugins# find . -name "gb_CESA*"|sort >>>>> -rn|head >>>>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl.asc >>>>> ./2018/centos/gb_CESA-2018_1726_thunderbird_centos6.nasl >>>>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl.asc >>>>> ./2018/centos/gb_CESA-2018_1725_thunderbird_centos7.nasl >>>>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl.asc >>>>> ./2018/centos/gb_CESA-2018_1700_procps-ng_centos7.nasl >>>>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl.asc >>>>> ./2018/centos/gb_CESA-2018_1669_libvirt_centos6.nasl >>>>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl.asc >>>>> ./2018/centos/gb_CESA-2018_1660_qemu-guest-agent_centos6.nasl >>>>> root@kali:/var/lib/openvas/plugins# >>>>> >>>>> >>>>> vulners.com has different looking pages for Oracle Linux >>>>> vulnerabilities >>>>> before and after the apparent cutoff - e.g. >>>>> https://vulners.com/openvas/OPENVAS:1361412562310122925 >>>>> and >>>>> https://vulners.com/oraclelinux/ELSA-2016-3559 >>>>> >>>>> Should I be using a different tool or approach? >>>>> >>>>> Thanks in advance, >>>>> Ewae. >>>>> _______________________________________________ >>>>> Openvas-discuss mailing list >>>>> Openvas-discuss@wald.intevation.org >>>>> >>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> >>>>
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
