5 Replies Latest reply: Sep 13, 2017 1:12 PM by cezar RSS

CentOS false positives

sypsg Novice

First question - how do I get a Tenable support account? We have a licensed version of Security Center, as well as of LCE, but I can't find where to create my account on the support.tenable.com page so I can add our license information.

 

Second question - Nessus is reporting CentOS vulnerabilities for Redhat patches, but the CentOS repos don't have the patches like the Redhat repos do. For instance, Nessus reports our kernel version is 3.10.0-514.26.2, which is the latest available for CentOS 7, and says we need to have 3.10.0-693, which doesn't exist for CentOS. There are 10 more findings like this, that recommend we update to versions of applications that don't exist. What do we do about these types of vulnerabilities? Please assume we can't replace thousands of CentOS servers with Redhat servers, because that would be expensive and time consuming.

 

Thanks,

George

  • Re: CentOS false positives
    cezar Apprentice

    George,

     

    ad 1) Your company for sure already have the account  with the name of the user to whom the activation e-mail has been sent. Please contact you system supplier and ask who was the contact. Then login as this person (who is default admin) to the support WWW, go to "Add/Edit/Remove Accounts" on menu on the left and create your own personal account.

     

    ad 2) The newest kernels are not available in CentOS repositories at once. You can download never RPMs from independent repos, like ElRepo (ELRepo : HomePage). However please note, that they may contain some changes which will not allow you in future clean update to CentOS 8.

     

    Cezar

    • Re: CentOS false positives
      sypsg Novice

      Cezar, thanks for the response.

       

      The kernel update, and the others, are already on the repos: http://mirror.centos.org/centos/7/cr/x86_64/Packages/kernel-3.10.0-693.1.1.el7.x86_64.rpm

       

      Yum update says nothing to update though.

       

      This is the same on every CentOS server we have, and a test one we just set up in the lab to make sure our SA's haven't messed up the repo in Puppet or something.

      • Re: CentOS false positives
        cezar Apprentice

        Well, it's not Tenable-releated problem ;-) Anyway, please issue the following commands:

         

        yum update

        yum info kernel.x86_64

         

        Is the new kernel version visible on the list showed by second command?

        • Re: CentOS false positives
          sypsg Novice

          Definitely not a Tenable problem. The problem is because the vulnerabilities are in the Continuous Release bucket in the repo, so we can't update using them. So, when Tenable identifies these vulnerabilities, we have to make POA&M's with no end date, awaiting the new versions to be released into the main repo. Fun! Thanks, Cezar, for your help.

          • Re: CentOS false positives
            cezar Apprentice

            George,

             

            Your are welcome :-) Please mark my answer as helpfull, or answered, so the thread will change the status - it'll help others in future while searching the forum.

             

            Cezar