cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability issues with CENTOS 7 VMs

mraymus
Occasional Visitor

‎Jul 14 2021 05:37 PM

‎Jul 14 2021 05:37 PM

Vulnerability issues with CENTOS 7 VMs

We've got a bunch of CENTOS 7 servers in our environment.    Recently we've started using Security Center to try and make sure our servers are secure and we've got a lot of remediation work to do.  However, we're thinking that a bunch of these CENTOS alerts we are getting are false positives.   Our CENTOS Servers are patched to the latest and greatest updates.  In fact, when I click on your remediation links, it tells me I need to be at the kernel 3.10.0-1160.31.1.el7.x86_64.      

 

When I go to my CENTOS servers and run a yum -y update to see if there are any updates for these servers, they are completely up to date and when I run a uname -a, the kernel information comes back with this:  3.10.0-1160.31.1.el7.x86_64  so I know we are on the latest and greatest kernel, despite the fact that Azure is telling us we need to update our kernel for security purposes. 

 

So, I'm not sure what to do at this point.   Is there a way for me to modify the alert so it can be resolved?   Do I open a ticket with Azure to let them know that it appears there's a problem?  Attached is a sample screenshot of what I'm seeing.   I haven't started investigating the Oracle Java SE stuff yet, just working on the CENTOS Security stuff.   

 

Please advise. 

 

Matt 

Preview file
80 KB
828 Views
1 Like
6 Replies
Reply
6 Replies
Guillaumeben

‎Jul 20 2021 12:26 AM

‎Jul 20 2021 12:26 AM

Re: Vulnerability issues with CENTOS 7 VMs

Hello @mraymus,

I guess you are using Defender for server. Can you maybe try to trigger the vulnerability scanner manually on a CentOS machine, and see if the results are still false-positives:

sudo /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=vm

You can also set an exemption with an expiration date but I would first try to understand why it triggers using the manual scan, and/or by contacting support indeed.

thank you
0 Likes
Reply
sebastianheil

‎Jan 20 2022 11:18 PM

‎Jan 20 2022 11:18 PM

Re: Vulnerability issues with CENTOS 7 VMs

we are having similiar issues... it seems as if the vulnerability assessment is also detecting old / not actively used versions of the kernel that are still residing on the server
0 Likes
Reply
Stanislav Belov

‎Jan 21 2022 12:44 PM

‎Jan 21 2022 12:44 PM

Re: Vulnerability issues with CENTOS 7 VMs

Thank you for your feedback. The best option would be to open a support ticket so that our engineers can collect logs, etc. and find the root cause of the issue.
0 Likes
Reply
sebastianheil

‎Jan 31 2022 04:38 AM

‎Jan 31 2022 04:38 AM

Re: Vulnerability issues with CENTOS 7 VMs

yep, ticket was created. It seems as if this by design. To be honest, as long as I cannot filter for vulnerabilities of the running vs the nonrunning kernel, I will not be able to use the vulnerability assessment solution
0 Likes
Reply
Stanislav Belov

‎Feb 01 2022 01:31 PM

‎Feb 01 2022 01:31 PM

Re: Vulnerability issues with CENTOS 7 VMs

are you using Qualys or MDE TVM for VA?
0 Likes
Reply
sebastianheil

‎Feb 01 2022 11:17 PM

‎Feb 01 2022 11:17 PM

Re: Vulnerability issues with CENTOS 7 VMs

Qualys
0 Likes
Reply