You may be interested in Lynis and how Assimilation is extending the data. https://github.com/CISOfy/lynis http://itbestpractices.info/
On Tue, Aug 18, 2015 at 1:04 PM David Lang <da...@lang.hm> wrote: > As I see it, you either trust your distro, or you pay one of the > vulnerability > scanner companies to track such things (and deal with the errors that > happen > anyway) > > And then you keep an ear out for critical things that haven't made it to > the > updates yet anyway. > > David Lang > > On Tue, 18 Aug 2015, Paul DiSciascio wrote: > > > Date: Tue, 18 Aug 2015 07:38:57 -0400 > > From: Paul DiSciascio <the...@bytemonkey.net> > > To: tech@lists.lopsa.org > > Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities > from the > > NVD at NIST > > > > On a related note, I'd be curious to know how you plan to map what's in > > this database to package versions on the systems you're auditing. I > > tried to tackle this years ago and determined that there would be too > > much manual effort to keep that sort of mapping up to date. > > > > For example, some vulnerability in package-2.3.1 that gets fixed in > > package-2.3.2 upstream might be patched in package-2.3.1-a as provided > > by RedHat, and NIST's data will indicate that 2.3.1 is vulnerable. > > > > Does anyone know if there is another data source available to help with > > this correlation? > > > > Thanks, > > Paul > > > > > > On 8/17/15 11:29 PM, Aleksey Tsalolikhin wrote: > >> Thanks for your kind replies. Once I got home and put the kidlet to bed > >> and my life became nice and quiet and calm, I actually had no trouble > >> getting 2cvs to work: > >> > >> 2csv entry vuln:cve-id vuln:cvss/cvss:base_metrics/cvss:score > >> vuln:summary < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv > >> > >> Thanks for the pointers to cvskit though and the PowerShell script! =) > >> > >> On Mon, Aug 17, 2015 at 7:47 PM, Rickard, Josh A. < > ricka...@missouri.edu > >> <mailto:ricka...@missouri.edu>> wrote: > >> > >> If you’re interested in using PowerShell you could do the > following:____ > >> > >> __ __ > >> > >> $vulninfo= Invoke-WebRequest -Uri > >> "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml > "____ > >> > >> __ __ > >> > >> $entry= $vulninfo.nvd.entry____ > >> > >> __ __ > >> > >> $temphostobject= @()____ > >> > >> $vulnhostobject= @()____ > >> > >> __ __ > >> > >> #loop through each entry node____ > >> > >> ForEach($cvesin $entry){____ > >> > >> __ __ > >> > >> IF($cves.cvss.'base_metrics'.score -gt 7){____ > >> > >> $objectproperties = @{cve=$($cves.'cve-id');____ > >> > >> > >> cvss=$($cves.cvss.'base_metrics'.score);____ > >> > >> summary=$($cves.summary)____ > >> > >> }____ > >> > >> __ __ > >> > >> $temphostobject = New-Object PSObject -Property > >> $objectproperties____ > >> > >> $vulnhostobject += $temphostobject____ > >> > >> }____ > >> > >> }____ > >> > >> __ __ > >> > >> $vulnhostobject| ft ____ > >> > >> __ __ > >> > >> __ __ > >> > >> I could add some features and make it an advanced function, but this > >> should give you an object that you can return and add to another > >> function or do other fun stuff with.____ > >> > >> __ __ > >> > >> Let me know if you need any other help.____ > >> > >> __ __ > >> > >> Thanks,____ > >> > >> __ __ > >> > >> *Josh Rickard*____ > >> > >> Security Analyst____ > >> > >> Information Security and Access Management____ > >> > >> Division of Information Technology____ > >> > >> University of Missouri____ > >> > >> (573) 884-6280 <tel:%28573%29%20884-6280> |ricka...@missouri.edu > >> <mailto:ricka...@missouri.edu>____ > >> > >> ACA | GCWN | GCFA____ > >> > >> __ __ > >> > >> *From:*tech-boun...@lists.lopsa.org > >> <mailto:tech-boun...@lists.lopsa.org> > >> [mailto:tech-boun...@lists.lopsa.org > >> <mailto:tech-boun...@lists.lopsa.org>] *On Behalf Of *Aleksey > >> Tsalolikhin > >> *Sent:* Monday, August 17, 2015 8:57 PM > >> *To:* t...@lopsa.org <mailto:t...@lopsa.org> > >> *Subject:* [lopsa-tech] getting a list of critical vulnerabilities > >> from the NVD at NIST____ > >> > >> __ __ > >> > >> Hello,____ > >> > >> __ __ > >> > >> I want to get a list of Critical (CVSS > 7) CVE's for a security > >> vulnerability assessment for a client. > >> ____ > >> > >> __ __ > >> > >> Scored CVEs are available from https://nvd.nist.gov/download.cfm > >> through a set of XML feeds. The nice NIST web site says:____ > >> > >> __ __ > >> > >> A common way to use the feeds is to perform a one-time import of all > >> of the main XML vulnerability feeds and then use the "modified" > >> feeds to keep up-to-date.____ > >> > >> __ __ > >> > >> I thought I'd start out by figuring out how to convert the 2015 XML > >> to CSV. I got halfway there:____ > >> > >> __ __ > >> > >> $ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat____ > >> > >> $ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv____ > >> > >> usage: 2csv record field [field ...] < in > csv____ > >> > >> $____ > >> > >> __ __ > >> > >> There is no documentation for 2csv that I could find... I'm now > >> banging my head against it, trial and error...____ > >> > >> __ __ > >> > >> I might end up just grepping the data I need out of the flat file. > >> All I'm looking for is CVE ID, Summary and CVSS score. Has anybody > >> been down this path already?____ > >> > >> __ __ > >> > >> -- ____ > >> > >> Need CFEngine training? Email train...@verticalsysadmin.com > >> <mailto:train...@verticalsysadmin.com>____ > >> > >> > >> > >> > >> -- > >> Need CFEngine training? Email train...@verticalsysadmin.com > >> <mailto:train...@verticalsysadmin.com> > >> > >> > >> _______________________________________________ > >> Tech mailing list > >> Tech@lists.lopsa.org > >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > >> This list provided by the League of Professional System Administrators > >> http://lopsa.org/ > >> > > _______________________________________________ > > Tech mailing list > > Tech@lists.lopsa.org > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > >_______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
