Tenable Research Release Highlights

Forum Discussion

rmoody's avatar
rmoody
Product Team
10 months ago

Improvements to Enumeration, Reporting and Utilisation of...

Improvements to Enumeration, Reporting and Utilisation of RPM Repositories in Amazon Linux and Red Hat Enterprise Linux.

Summary

Improvements have been made to how we report on and use RPM repositories for the purposes of Local Checks on Amazon Linux 2 and Red Hat Enterprise Linux. 

Changes (Amazon Linux)

New functionality has been added to the plugin codebase to enumerate enabled Core and Extras repositories in Amazon Linux by reading the repo files in /etc/yum.repos.d. To surface this information, a new plugin has been written to enumerate the enabled repositories (plugin ID TBC after release) .

The detected Extras repositories will be used downstream in Amazon Linux vulnerability detection plugins (e.g al2_ALASDNSMASQ-2024-002.nasl, plugin ID 193452) to determine if the target machine has the relevant Extras repository that hosts the affected/fixed package(s). 

Changes (Red Hat)

At present, we have the ability to enumerate enabled repositories by reading the repo files in /etc/yum.repos.d. Red Hat provides a mapping file, repositories-to-cpe.json, which we use to validate the detected repositories by checking the validity of the detected relative URL only. New functionality has been added to redhat_repos.nasl (plugin ID 149983) to also attempt validation of the enabled repositories via their assigned labels. With the ever increasing usage of custom and/or mirrored repositories in our customers' environments, having the ability to now check both repository URLs and labels provides a better chance of validating the detected repositories. 

Impact

Customers should expect to see more accurate vulnerability detections. This may result in fewer findings due to fewer false positive detections on both Amazon Linux and Red Hat Enterprise Linux going forward.  

Affected Plugins

  1. Any plugins in the Amazon Linux Local Security Checks family that relate to packages hosted in Amazon Linux Extras repositories.
  2. All plugins in the Red Hat Local Security Checks family. 

Affected Sensors 

  1. Tenable Nessus
  2. Tenable Enclave Security
  3. Agent Continuous Assessment

Target Release Date

Nessus Plugins:

  • Amazon Linux : December 11, 2024
  • Red Hat : December 16, 2024
AL2
Amazon Linux
Linux REPOSITORIES
Plugins
Red Hat Enterprise
Red Hat Enterprise Linux
RHEL
RPM
Yum

2 Replies

  • rmoody's avatar
    rmoody
    Product Team
    10 months ago

    Hi all,

    The release date for the Red Hat portion of this is now Monday, Dec 16. The Amazon Linux updates will go out today as planned.

    Apologies once again for the delay.

    Kind regards,

    Rob Moody | Manager, Research

  • rmoody's avatar
    rmoody
    Product Team
    10 months ago

    Hi all,

    The release date has been pushed out to Wednesday, December 11.

    The Red Hat portion of this is taking a little longer than expected, but we are almost there. My apologies for the delay.

    Kind regards,

    Rob Moody | Manager, Research