Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False positives scanning Red Hat servers running Apache

From: Mark Rogowski <m.rogowski () UWINNIPEG CA>
Date: Thu, 26 Apr 2007 16:10:08 -0500
Redhat, Novell/Suse, pretty much all the major vendors are doing it now.  I found it too labour intensive to weed out 
all the false positives and it wasted a lot of the admins time as well.

Nowadays, when I'm ready to do vuln scans on systems I ask the admins for version numbers of running services and when 
they applied their last patch updates.  I am able to minimize the amount of false positives to a trickle.  Its a real 
time saver for the busy admins, and for me as well.



Mark Rogowski 
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034


Aaron Lafferty <lafferty () OAR NET> 04/26/07 10:20 AM >>>

 It's a pretty common practice for redhat to do that.  It's annoying if you are vulnerability scanning, because short 
of logging into the box and figuring out what package is currently installed, or pen testing it... you just can't be 
sure what the case is.  If you get any other suggestions on how to figure this out, I would be interested in knowing 
what they are.

Oh... and Hi Clifford!

Thanks,
Aaron
Previous By Date Next
Previous By Thread Next

Current thread: