Nice. Lynis sounds like a modern Titan ( https://www.usenix.org/legacy/event/lisa98/full_papers/farmer/farmer.pdf)
On Thu, Aug 20, 2015 at 8:19 PM, Atom Powers <atom.pow...@gmail.com> wrote: > You may be interested in Lynis and how Assimilation is extending the data. > https://github.com/CISOfy/lynis > http://itbestpractices.info/ > > > > On Tue, Aug 18, 2015 at 1:04 PM David Lang <da...@lang.hm> wrote: > >> As I see it, you either trust your distro, or you pay one of the >> vulnerability >> scanner companies to track such things (and deal with the errors that >> happen >> anyway) >> >> And then you keep an ear out for critical things that haven't made it to >> the >> updates yet anyway. >> >> David Lang >> >> On Tue, 18 Aug 2015, Paul DiSciascio wrote: >> >> > Date: Tue, 18 Aug 2015 07:38:57 -0400 >> > From: Paul DiSciascio <the...@bytemonkey.net> >> > To: tech@lists.lopsa.org >> > Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities >> from the >> > NVD at NIST >> > >> > On a related note, I'd be curious to know how you plan to map what's in >> > this database to package versions on the systems you're auditing. I >> > tried to tackle this years ago and determined that there would be too >> > much manual effort to keep that sort of mapping up to date. >> > >> > For example, some vulnerability in package-2.3.1 that gets fixed in >> > package-2.3.2 upstream might be patched in package-2.3.1-a as provided >> > by RedHat, and NIST's data will indicate that 2.3.1 is vulnerable. >> > >> > Does anyone know if there is another data source available to help with >> > this correlation? >> > >> > Thanks, >> > Paul >> > >> > >> > On 8/17/15 11:29 PM, Aleksey Tsalolikhin wrote: >> >> Thanks for your kind replies. Once I got home and put the kidlet to >> bed >> >> and my life became nice and quiet and calm, I actually had no trouble >> >> getting 2cvs to work: >> >> >> >> 2csv entry vuln:cve-id vuln:cvss/cvss:base_metrics/cvss:score >> >> vuln:summary < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv >> >> >> >> Thanks for the pointers to cvskit though and the PowerShell script! =) >> >> >> >> On Mon, Aug 17, 2015 at 7:47 PM, Rickard, Josh A. < >> ricka...@missouri.edu >> >> <mailto:ricka...@missouri.edu>> wrote: >> >> >> >> If you’re interested in using PowerShell you could do the >> following:____ >> >> >> >> __ __ >> >> >> >> $vulninfo= Invoke-WebRequest -Uri >> >> "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml >> "____ >> >> >> >> __ __ >> >> >> >> $entry= $vulninfo.nvd.entry____ >> >> >> >> __ __ >> >> >> >> $temphostobject= @()____ >> >> >> >> $vulnhostobject= @()____ >> >> >> >> __ __ >> >> >> >> #loop through each entry node____ >> >> >> >> ForEach($cvesin $entry){____ >> >> >> >> __ __ >> >> >> >> IF($cves.cvss.'base_metrics'.score -gt 7){____ >> >> >> >> $objectproperties = @{cve=$($cves.'cve-id');____ >> >> >> >> >> >> cvss=$($cves.cvss.'base_metrics'.score);____ >> >> >> >> summary=$($cves.summary)____ >> >> >> >> }____ >> >> >> >> __ __ >> >> >> >> $temphostobject = New-Object PSObject -Property >> >> $objectproperties____ >> >> >> >> $vulnhostobject += $temphostobject____ >> >> >> >> }____ >> >> >> >> }____ >> >> >> >> __ __ >> >> >> >> $vulnhostobject| ft ____ >> >> >> >> __ __ >> >> >> >> __ __ >> >> >> >> I could add some features and make it an advanced function, but >> this >> >> should give you an object that you can return and add to another >> >> function or do other fun stuff with.____ >> >> >> >> __ __ >> >> >> >> Let me know if you need any other help.____ >> >> >> >> __ __ >> >> >> >> Thanks,____ >> >> >> >> __ __ >> >> >> >> *Josh Rickard*____ >> >> >> >> Security Analyst____ >> >> >> >> Information Security and Access Management____ >> >> >> >> Division of Information Technology____ >> >> >> >> University of Missouri____ >> >> >> >> (573) 884-6280 <tel:%28573%29%20884-6280> |ricka...@missouri.edu >> >> <mailto:ricka...@missouri.edu>____ >> >> >> >> ACA | GCWN | GCFA____ >> >> >> >> __ __ >> >> >> >> *From:*tech-boun...@lists.lopsa.org >> >> <mailto:tech-boun...@lists.lopsa.org> >> >> [mailto:tech-boun...@lists.lopsa.org >> >> <mailto:tech-boun...@lists.lopsa.org>] *On Behalf Of *Aleksey >> >> Tsalolikhin >> >> *Sent:* Monday, August 17, 2015 8:57 PM >> >> *To:* t...@lopsa.org <mailto:t...@lopsa.org> >> >> *Subject:* [lopsa-tech] getting a list of critical vulnerabilities >> >> from the NVD at NIST____ >> >> >> >> __ __ >> >> >> >> Hello,____ >> >> >> >> __ __ >> >> >> >> I want to get a list of Critical (CVSS > 7) CVE's for a security >> >> vulnerability assessment for a client. >> >> ____ >> >> >> >> __ __ >> >> >> >> Scored CVEs are available from https://nvd.nist.gov/download.cfm >> >> through a set of XML feeds. The nice NIST web site says:____ >> >> >> >> __ __ >> >> >> >> A common way to use the feeds is to perform a one-time import of >> all >> >> of the main XML vulnerability feeds and then use the "modified" >> >> feeds to keep up-to-date.____ >> >> >> >> __ __ >> >> >> >> I thought I'd start out by figuring out how to convert the 2015 XML >> >> to CSV. I got halfway there:____ >> >> >> >> __ __ >> >> >> >> $ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat____ >> >> >> >> $ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv____ >> >> >> >> usage: 2csv record field [field ...] < in > csv____ >> >> >> >> $____ >> >> >> >> __ __ >> >> >> >> There is no documentation for 2csv that I could find... I'm now >> >> banging my head against it, trial and error...____ >> >> >> >> __ __ >> >> >> >> I might end up just grepping the data I need out of the flat file. >> >> All I'm looking for is CVE ID, Summary and CVSS score. Has anybody >> >> been down this path already?____ >> >> >> >> __ __ >> >> >> >> -- ____ >> >> >> >> Need CFEngine training? Email train...@verticalsysadmin.com >> >> <mailto:train...@verticalsysadmin.com>____ >> >> >> >> >> >> >> >> >> >> -- >> >> Need CFEngine training? Email train...@verticalsysadmin.com >> >> <mailto:train...@verticalsysadmin.com> >> >> >> >> >> >> _______________________________________________ >> >> Tech mailing list >> >> Tech@lists.lopsa.org >> >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> >> This list provided by the League of Professional System Administrators >> >> http://lopsa.org/ >> >> >> > _______________________________________________ >> > Tech mailing list >> > Tech@lists.lopsa.org >> > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> > This list provided by the League of Professional System Administrators >> > http://lopsa.org/ >> >_______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> > -- > Perfection is just a word I use occasionally with mustard. > --Atom Powers-- > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > -- Need CFEngine training? Email train...@verticalsysadmin.com
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
