[Openvas-discuss] Handling CentOS False Positives

Jan-Oliver Wagner Jan-Oliver.Wagner at greenbone.net
Fri Feb 13 17:35:41 CET 2015


Am Donnerstag, 5. Februar 2015, 01:36:29 schrieb Kevin T. Neely:
> We have implemented OpenVAS-based vulnerability assessments at my
> workplace.  This has been working pretty phenomenally for the past few
> months.  I am running into one recurring issue, however.  We are a pretty
> big CentOS shop on the UNIX/Linux side, and when CentOS updates packages to
> implement security patches, they do not update the version number as
> presented by a banner/header.
> 
> As a result, I am running into an increasing number of false positives when
> scanning CentOS systems, since they do not provide new minor versions of
> software, rather they backport security fixes and do not change the version
> numbers.
> 
> Has anyone found an elegant way to deal with this scenario?  A blanket
> override would miss out-of-date systems, and I'd prefer not to create 10s
> (100s?) of overrides per host.

one option would be to do authenticated scans. These have a higher quality
of detection.

-- 
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list