We are having issues with vulnerability detection on our RHEL 6 estate, wondering if anyone else is scanning any RHEL 6 boxes on a regular basis?
Issue resolved in the latest signature release, still (incorrectly) tagged our RHEL 6.9 hosts as EUS but that no longer surpresses the vulnerabilities it finds... logic prevails...YAY
Hi Dan,You can explain your query here else can contact support directly.
I have a support call open just wondering if anyone else has had this issue.
We scan RHEL all day long. every supported version (and some no longer supported versions). We use a linux auth file with username and password, and others use SSH key pair with passphrase. the accounts are part of the sudoers file. We are not seeing any issues right now.
We do the same here as Red Beard. We scan RHEL 6 and 7 with no issues.
Ok thanks for letting me know, thats interesting, we are on EU1 so different platform but even so you would expect common code..
We regularly scan RHEL 6 and 7 boxes using ssh key authentication and everything had been working fine.
Our problem occured at the end of last year when we noticed we werent recieving kernel update vulnerabilities from Qualys for our RHEL 6.9 hosts.
Checking on the hosts themselves we could clearly see that there we were running vulnerable kernel versions, Qualys scans would even enumerate the version correctly in informational... but would not show the relevant vulnerability.
Apparantly the issue is to do with Extended Update Support detection and somehow RHEL 6.9 has been flagged as EUS (incorrectly), it was because RHEL 6.9 was EUS that Qualys was supressing the missing kernel patches!
Firstly RHEL 6.9 is not EUS!
Secondly even if it was why would you want to scan for vulnerabilities on a host and then supress them depending on what support lifecylcle they were in? if it's vulnerable it's vulnerable !
Strange behaviour from Qualys but hope it is finally being resolved now after a month long argument about RHEL 6.9 being EUS :S
Retrieving data ...