Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhanced kernel package check with multiple versions installed #1916

Closed
future-ryunosuketanai opened this issue May 13, 2024 · 1 comment · Fixed by #1950
Closed

Enhanced kernel package check with multiple versions installed #1916

future-ryunosuketanai opened this issue May 13, 2024 · 1 comment · Fixed by #1950
Assignees
@MaineK00n
Labels
enhancement

Comments

@future-ryunosuketanai
Copy link
Contributor

future-ryunosuketanai commented May 13, 2024
edited

Hello.
As stated in the title, how about expanding the checking targets for kernel packages that have multiple versions installed?

As shown below, I am using RHEL8.9.

$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.9 (Ootpa)

Additionally, the following kernel packages are installed.

$ uname -a
Linux ip-xxx.yyy.compute.internal 4.18.0-513.24.1.el8_9.x86_64 #1 SMP Thu Mar 14 14:20:09 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux

$ rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEAASE} %{ARCH}\n" | grep kernel
kernel 0 4.18.0 513.24.1.el8_9 x86_64
kernel 0 4.18.0 477.27.1.el8_8 x86_64
kernel-core 0 4.18.0 477.27.1.el8_8 x86_64
kernel-core 0 4.18.0 513.24.1.el8_9 x86_64
kernel-debug 0 4.18.0 477.27.1.el8_8 x86_64
kernel-debug 0 4.18.0 513.24.1.el8_9 x86_64
kernel-debug-core 0 4.18.0 477.27.1.el8_8 x86_64
kernel-debug-core 0 4.18.0 513.24.1.el8_9 x86_64
kernel-modules 0 4.18.0 477.27.1.el8_8 x86_64
kernel-modules 0 4.18.0 513.24.1.el8_9 x86_64
kernel-debug-modules 0 4.18.0 477.27.1.el8_8 x86_64
kernel-debug-modules 0 4.18.0 513.24.1.el8_9 x86_64
kernel-modules-extra 0 4.18.0 477.27.1.el8_8 x86_64
kernel-modules-extra 0 4.18.0 513.24.1.el8_9 x86_64
kernel-debug-modules-extra 0 4.18.0 477.27.1.el8_8 x86_64
kernel-debug-modules-extra 0 4.18.0 513.24.1.el8_9 x86_64
kernel-tools 0 4.18.0 513.24.1.el8_9 x86_64
kernel-tools-libs 0 4.18.0 513.24.1.el8_9 x86_64

If you run a scan in this environment, older versions of some kernel packages will be detected.
In my environment, the following two "old" versions were detected and stored in output results json.

  • kernel-debug 0 4.18.0 477.27.1.el8_8 x86_64
  • kernel-debug-modules-extra 0 4.18.0 477.27.1.el8_8 x86_64

When I checked the implementation code, it seems that only the following packages are checked.

  • kernel
  • kernel-devel
  • kernel-core
  • kernel-modules
  • kernel-uek

vuls/scanner/utils.go

Lines 29 to 35 in ef2be3d

case constant.RedHat, constant.Oracle, constant.CentOS, constant.Alma, constant.Rocky, constant.Amazon, constant.Fedora:
switch pack.Name {
case "kernel", "kernel-devel", "kernel-core", "kernel-modules", "kernel-uek":
ver := fmt.Sprintf("%s-%s.%s", pack.Version, pack.Release, pack.Arch)
return true, kernel.Release == ver
}
return false, false

So, my suggestion is to add the following kernel packages to the check list.

  • kernel-debug
  • kernel-debug-core
  • kernel-debug-modules
  • kernel-debug-modules-extra
  • kernel-modules-extra

However, I'm wondering if I should add all this to the code, or if there's another, better way to express it.

Sincerely.
@MaineK00n MaineK00n self-assigned this May 14, 2024
@MaineK00n MaineK00n mentioned this issue May 28, 2024
Merged
9 tasks
@MaineK00n
Copy link
Collaborator

In this case, kernel-debug* should not be collected since it is not a running kernel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaineK00n MaineK00n

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(redhat-based): collect running kernel packages future-architect/vuls
2 participants
@MaineK00n @future-ryunosuketanai