Red Hat: Custom RPM Repository Handling Improvements...
Red Hat: Custom RPM Repository Handling Improvements Summary Users with custom Red Hat repository naming conventions in their enterprise can now upload a custom mapping file in json format that maps custom RPM repository relative URLs to the official Red Hat counterparts for the purposes of vulnerability scanning. Problem Many Red Hat and Tenable customers utilize custom repository configurations and/or mirrors. In these cases, where neither the configured repository label or URL match Red Hat’s official mapping, Tenable plugins are unable to determine what software updates are available to the scan target. This can result in an increased number of potential false positive findings for Red Hat Local Checks. Solution With this update, we have introduced a method that allows users to upload a json file via their scan policy that maps their internal custom repository relative URL to the official Red Hat label and URL of the repository it mirrors. To upload this json file to your scan policy, go to “Settings > Advanced > Vulnerability Options > Custom Red Hat Repository Mapping” and click on the “Add File” link. For a more detailed overview of how this works in practice, please refer to the following user guide: How Red Hat Local Vulnerability Checks Use Repositories To Determine Scope Impacted Plugins All plugins in the Red Hat Local Security Checks family New plugin added: Plugin ID 233963, redhat_custom_repos.nasl Updated Scan Policy Templates Nessus Scanner Advanced Scan Advanced Dynamic Scan Basic Network Scan Nessus Agents Advanced Agent Scan Basic Agent Scan Targeted Release Date Nessus and Tenable VM: Monday, April 14, 2025 Tenable Security Center: TBCImprovements to Enumeration, Reporting and Utilisation of...
Improvements to Enumeration, Reporting and Utilisation of RPM Repositories in Amazon Linux and Red Hat Enterprise Linux. Summary Improvements have been made to how we report on and use RPM repositories for the purposes of Local Checks on Amazon Linux 2 and Red Hat Enterprise Linux. Changes (Amazon Linux) New functionality has been added to the plugin codebase to enumerate enabled Core and Extras repositories in Amazon Linux by reading the repo files in /etc/yum.repos.d. To surface this information, a new plugin has been written to enumerate the enabled repositories (plugin ID TBC after release) . The detected Extras repositories will be used downstream in Amazon Linux vulnerability detection plugins (e.g al2_ALASDNSMASQ-2024-002.nasl, plugin ID 193452) to determine if the target machine has the relevant Extras repository that hosts the affected/fixed package(s). Changes (Red Hat) At present, we have the ability to enumerate enabled repositories by reading the repo files in /etc/yum.repos.d. Red Hat provides a mapping file, repositories-to-cpe.json, which we use to validate the detected repositories by checking the validity of the detected relative URL only. New functionality has been added to redhat_repos.nasl (plugin ID 149983) to also attempt validation of the enabled repositories via their assigned labels. With the ever increasing usage of custom and/or mirrored repositories in our customers' environments, having the ability to now check both repository URLs and labels provides a better chance of validating the detected repositories. Impact Customers should expect to see more accurate vulnerability detections. This may result in fewer findings due to fewer false positive detections on both Amazon Linux and Red Hat Enterprise Linux going forward. Affected Plugins Any plugins in the Amazon Linux Local Security Checks family that relate to packages hosted in Amazon Linux Extras repositories. All plugins in the Red Hat Local Security Checks family. Affected Sensors Tenable Nessus Tenable Enclave Security Agent Continuous Assessment Target Release Date Nessus Plugins: Amazon Linux : December 11, 2024 Red Hat : December 16, 2024