Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Vulnerability issues with CENTOS 7 VMs

Copper Contributor

We've got a bunch of CENTOS 7 servers in our environment.    Recently we've started using Security Center to try and make sure our servers are secure and we've got a lot of remediation work to do.  However, we're thinking that a bunch of these CENTOS alerts we are getting are false positives.   Our CENTOS Servers are patched to the latest and greatest updates.  In fact, when I click on your remediation links, it tells me I need to be at the kernel 3.10.0-1160.31.1.el7.x86_64.      

 

When I go to my CENTOS servers and run a yum -y update to see if there are any updates for these servers, they are completely up to date and when I run a uname -a, the kernel information comes back with this:  3.10.0-1160.31.1.el7.x86_64  so I know we are on the latest and greatest kernel, despite the fact that Azure is telling us we need to update our kernel for security purposes. 

 

So, I'm not sure what to do at this point.   Is there a way for me to modify the alert so it can be resolved?   Do I open a ticket with Azure to let them know that it appears there's a problem?  Attached is a sample screenshot of what I'm seeing.   I haven't started investigating the Oracle Java SE stuff yet, just working on the CENTOS Security stuff.   

 

Please advise. 

 

Matt 

7 Replies
Hello @mraymus,

I guess you are using Defender for server. Can you maybe try to trigger the vulnerability scanner manually on a CentOS machine, and see if the results are still false-positives:

sudo /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=vm

You can also set an exemption with an expiration date but I would first try to understand why it triggers using the manual scan, and/or by contacting support indeed.

thank you
we are having similiar issues... it seems as if the vulnerability assessment is also detecting old / not actively used versions of the kernel that are still residing on the server
Thank you for your feedback. The best option would be to open a support ticket so that our engineers can collect logs, etc. and find the root cause of the issue.
yep, ticket was created. It seems as if this by design. To be honest, as long as I cannot filter for vulnerabilities of the running vs the nonrunning kernel, I will not be able to use the vulnerability assessment solution
are you using Qualys or MDE TVM for VA?
Qualys

I'm surprised to see such a post on a site for Microsoft users. Although it's not the first time I've met people who like Linux OS as much as I do. I have a laptop that I converted to CentOS as the number of work files was over 3k. If we are talking about the resilience of CentOS 7 or the upcoming CentOS 8, I can tell you that, processing CVEs, you won't get any problems. It's enough to always check CVE status to be aware of possible security holes in your commercial OS. By the way, CentOS 7 Security runs on a different engine, so it's 100% system protection if you're worried. And when the project closes, TuxCare will be ready in 2024.