Educause Security Discussion mailing list archives
Re: False positives scanning Red Hat servers running Apache
From: Mark Rogowski <m.rogowski () UWINNIPEG CA>
Date: Thu, 26 Apr 2007 16:10:08 -0500
Redhat, Novell/Suse, pretty much all the major vendors are doing it now. I found it too labour intensive to weed out all the false positives and it wasted a lot of the admins time as well. Nowadays, when I'm ready to do vuln scans on systems I ask the admins for version numbers of running services and when they applied their last patch updates. I am able to minimize the amount of false positives to a trickle. Its a real time saver for the busy admins, and for me as well. Mark Rogowski IT Security Technology Solutions Centre University of Winnipeg Ph: (204) 786-9034
Aaron Lafferty <lafferty () OAR NET> 04/26/07 10:20 AM >>>
It's a pretty common practice for redhat to do that. It's annoying if you are vulnerability scanning, because short of logging into the box and figuring out what package is currently installed, or pen testing it... you just can't be sure what the case is. If you get any other suggestions on how to figure this out, I would be interested in knowing what they are. Oh... and Hi Clifford! Thanks, Aaron
Current thread:
- False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- <Possible follow-ups>
- Re: False positives scanning Red Hat servers running Apache Julian Y. Koh (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Aaron Lafferty (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Allison Henry (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Steve Brukbacher (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Russell Fulton (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Bill Ogle (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Mark Rogowski (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Chris Green (Apr 30)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 30)