Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Documentation on vulners cve (since old cve profile has been deprecated)
See original GitHub issueI am having trouble getting CVE scan data since the cve scan has been moved to vulners.py
Is there documentation on this? If so, I will look it over to see if I can figure out what is wrong.
If not here is the relevant data:
[root@hostname cve]# pwd
/srv/salt/hubblestack_data/hubblestack_nova_profiles/cve
[root@hostname cve]# cat vulners.yaml
vulners_scanner: True
vulners_api_key: <my key>
pwd; cat top.nova
/srv/salt/hubblestack_data/hubblestack_nova_profiles
# Default top.nova
#
# Subscribes to CIS, cve_scan, and misc.yaml for miscellaneous checks
nova:
'*':
#- security.meltdown_spectre
- security.ssh_passwordauthentication
#- cis.distribution-independent-linux-level-1-all-v1-1-0
- vulners
Output from hubble audit:
hubble hubble.audit
{'Compliance': '0%',
'Failure': [{'sshd-authenticationmethods-publickey': 'Check for explicitly configured publickey authentication method'},
{'sshd-passwordauthentication-no': 'Ensure password authentication is disabled in sshd_config'}]}
Also, I would like to make sure the functionality in the previous scan to be able to use a local json file for CVE data was still supported.
Issue Analytics
- State:
- Created 5 years ago
- Comments:20
Top Results From Across the Web
KB5021131: How to manage the Kerberos protocol changes ...
For more information, see what you should do first to help prepare the environment and prevent Kerberos authentication issues. Windows events related to...
Read more >CVE - CVE
CVE -2022-4642 A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile...
Read more >Jenkins Security Advisory 2022-10-19
Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin. SECURITY-2824 (2) / CVE-2022 ...
Read more >Unpatched Zero-Day Vulnerabilities in Microsoft Exchange ...
Microsoft confirmed both zero-day vulnerabilities late the evening of September 29, 2022 and said they were aware of "limited, targeted attacks ...
Read more >CVE-2021-44228 - NVD
1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We have also been using hubble for disconnected servers and need to be able to download the datasource for offline scanning.
It’s feature-frozen here: https://github.com/hubblestack/hubble/tree/3.0
We’re currently testing and prepping, shooting for an official release by end of April, assuming no big issues.