Re: OT: vulnerability scanner

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-08-10 at 14:54, Rick Stevens wrote:
> Scot L. Harris wrote:
> > On Wed, 2005-08-10 at 14:41, Jamie Bohr wrote:
> > 
> >>I know this is off topic but ...
> >>
> >>I am looking to a vulnerability scanner for UNIX.  Currently we (the
> >>company I work for) are using TARA and have come to the conclusion
> >>that either we need to switch to something else or give TARA a major
> >>overhaul.  Before we went down updating TARA I thought I would see
> >>what else was out there that could be a direct TARA replacement and
> >>possibly have more features, central reporting be one of them.
> >>
> >>Thank you for you time,
> >>   Jamie Bohr
> > 
> > 
> > Are you looking for something like nessus?  You can get some fairly
> > comprehensive web based reports from nessus for the systems on your
> > network.
> 
> Yes, nessus is good, but beware of false positives from nessus.  It may 
> report that you have package foobar-X.Y which has a certain
> vulnerability, when in fact you have foobar-X.Y-xx.yy where that has
> been fixed.  Nessus doesn't necessarily know about fixes in incremental
> releases.  It looks at the signon message or behaviour of the program
> and bases its recommendations on that.  Just wanted you to be aware of
> that.
> 
> You can also use nmap to portscan your systems and see which ports a
> given machine is listening on.  We also use portsentry and snort to
> watch things go bump on the network, as well as firewalling the kapok
> out of things.

You are correct, running the tool is not the same as understanding the
output.  :)

The user does need to understand how the tool works and how to interpret
the results.  As you indicate nessus does not know about versions of
programs that have had patches applied to resolve potential security
bugs.  

Used correctly nessus is fairly good at providing a picture of an
environment and where more effort may be needed.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux