Vulnerability scan shows no vulnerabilities in openSUSE Leap #22579
Replies: 3 comments 7 replies
-
Hi @ricardoklein, OpenSUSE is not officially supported that's why it is expected to have some false negatives and positives, as far as I can see the scan is working but for this case, the vulnerability for sudo is reported as "resolved" according to SUSE feed https://www.suse.com/security/cve/CVE-2023-42465.html. Debian 12 is officially supported since 4.6.0, we do not need to use "allow os". |
Beta Was this translation helpful? Give feedback.
-
Hi @MiguelazoDS , thanks for replying. For openSUSE, well, I understand that the issue has a solution from the provider, I can apply the fix, but I haven't on purpose to keep the vulnerability there, and see if Wazuh was going to complain about it.
If you take only the package version, you will see also that they are the same for Do you (or anyone reading this thread) know if this is not supported because of a technical reason or some decision made by the project owners? ps.: I am still not discarding the possibility I did some mistake in the config, if what I described in the first post is wrong for openSUSE Leap 15, I did my best following the available documentation I found. If there is any other way to set this up, please let me know. |
Beta Was this translation helpful? Give feedback.
-
Hi @ricardoklein, The main reason it was added native support only for Suse is that the feeds listed here https://www.suse.com/support/security/oval/ are only available for that OS, OpenSUSE seems to not have its own OVAL where we can correlate the CVEs with the installed packages. Maybe we have some source now to get those CVEs for opensuse. I don't see there's something wrong with your config. and I think you're right about this
I would be nice if you can get some logs during the scan for that CVE (or any other similar) to check what the scan is considering during the correlation. To enable debug logs
and restart the manager after that. In the meantime I'll be doing some tests too. |
Beta Was this translation helpful? Give feedback.
-
I am new to Wazuh, testing it to monitor security on openSUSE Leap 15.5.
The server is running on Debian 12, which despite not listed as supported, works like a charm (maybe because of the fact it is compatible with ubuntu).
I was able to enable the vulnerability scan for openSUSE Leap by adding
<os allow="openSUSE Leap-15">15-server</os>
to the default block for SUSE in the vulnerability scan configuration at the/var/etc/ossec.conf
file on my wazuh server:While I can see the vulnerability scans are happening, no vulnerabilities are reported in Wazuh:
And, the machine has some vulnerabilities, like for example:
Which is connected to suse-su-20240876-1 and CVE-2023-42465.
I am not opening a bug report or issue yet, because I suspect I did something wrong in the setup and want to be sure it is not my fault before opening an issue. Both the agent and server are running v4.7.3
Beta Was this translation helpful? Give feedback.
All reactions