ID KSPLICE.NASL Type nessus Reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
Ksplice is being used to maintain the remote host's operating system
kernel without requiring reboots.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(65047);
script_version("1.3");
script_cvs_date("Date: 2019/09/11 17:29:26");
script_name(english:"KSplice : Installed Patches");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is using KSplice to maintain the OS kernel."
);
script_set_attribute(
attribute:"description",
value:
"Ksplice is being used to maintain the remote host's operating system
kernel without requiring reboots."
);
script_set_attribute(attribute:"see_also", value:"http://www.ksplice.com/");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/06");
script_set_attribute(attribute:"agent", value:"unix");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"General");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("ksplice.inc");
include("misc_func.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
# Check for ksplice status data
status = get_one_kb_item("Host/ksplice/status");
status = ereg_replace(pattern:"\s+$", replace:"", string:status);
cves = make_list();
if (!empty_or_null(status))
{
previous_line = "";
installed_section = 0;
status_split = split(status, sep:'\n', keep:FALSE);
foreach line (status_split)
{
if (empty_or_null(line)) continue;
if (preg(string:line, pattern:"^\s*Installed:\s*$")) installed_section = 1;
if (!installed_section) continue;
if (!empty(previous_line)) line = previous_line + line;
if (preg(string:line, pattern:"}\s*$"))
{
previous_line = "";
line_split = split(line, sep:' ', keep:FALSE);
for (m=0;m<max_index(line_split);m++)
{
word = line_split[m];
cve_match = pregmatch(string:word, pattern:"(CVE-\d{4}-\d{4,})");
if (!empty_or_null(cve_match) && !empty_or_null(cve_match[1]))
{
cves = make_list(cves, cve_match[1]);
}
}
}
else
{
previous_line += line;
}
}
# If the status file exists but no updates have been installed, write a dummy CVE to ensure
# Host/ksplice/kernel-cves can be written so that KSplice checks execute correctly.
if (empty_or_null(cves)) {
cves = make_list("NONE");
}
}
if (!empty_or_null(cves)) {
cves = collib::cve_sort(cves);
cve_list = join(cves, sep:",");
replace_kb_item(name:"Host/ksplice/kernel-cves", value:cve_list);
}
if (!get_kb_item("Host/uptrack-uname-a") && !cve_list) audit(AUDIT_NOT_INST, "KSplice");
# if the file /etc/uptrack/disable exists then ksplice/uptrack is disabled
if (get_kb_item("Host/uptrack-disable-file")) exit(0, "Ksplice is installed but is not currently being used.");
report = "";
if (get_kb_item("Host/uptrack-show-installed"))
{
installed_patches = get_kb_item("Host/uptrack-show-installed");
installed_patches = ereg_replace(pattern:"\nEffective kernel version.*", replace:"", string:installed_patches);
report += installed_patches;
}
if (report != "") report += '\n' + '\n';
if (!empty_or_null(cve_list))
{
report += 'Kernel CVEs determined to be patched through Uptrack or KSplice:\n';
cves_block = ' ';
for (i = 0; i < max_index(cves); i++)
{
terminator = ' ';
if (i == (max_index(cves) - 1))
{
terminator = '';
}
else if ((i + 1) % 4 == 0)
{
terminator = ',\n ';
}
else
{
terminator = ', ';
}
cves_block += cves[i] + terminator;
}
report += cves_block;
}
if (report != "") report += '\n' + '\n';
if (get_kb_item("Host/uptrack-show-available"))
{
available_patches = get_kb_item("Host/uptrack-show-available");
available_patches = ereg_replace(pattern:"\nEffective kernel version.*", replace:"", string:available_patches);
report += available_patches;
}
if (report_verbosity > 0) security_note(port:0, extra:report);
else security_note(0);
{"id": "KSPLICE.NASL", "bulletinFamily": "scanner", "title": "KSplice : Installed Patches", "description": "Ksplice is being used to maintain the remote host's operating system\nkernel without requiring reboots.", "published": "2013-03-06T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/65047", "reporter": "This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.ksplice.com/"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-01T03:19:48", "edition": 20, "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["LINUX_ALT_PATCH_DETECT.NASL"]}], "modified": "2021-01-01T03:19:48", "rev": 2}, "score": {"value": 0.0, "vector": "NONE", "modified": "2021-01-01T03:19:48", "rev": 2}, "vulnersScore": 0.0}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65047);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/11 17:29:26\");\n\n script_name(english:\"KSplice : Installed Patches\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is using KSplice to maintain the OS kernel.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ksplice is being used to maintain the remote host's operating system\nkernel without requiring reboots.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ksplice.com/\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"General\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"ksplice.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Check for ksplice status data\nstatus = get_one_kb_item(\"Host/ksplice/status\");\nstatus = ereg_replace(pattern:\"\\s+$\", replace:\"\", string:status);\ncves = make_list();\nif (!empty_or_null(status))\n{\n previous_line = \"\";\n installed_section = 0;\n status_split = split(status, sep:'\\n', keep:FALSE);\n foreach line (status_split)\n {\n if (empty_or_null(line)) continue;\n if (preg(string:line, pattern:\"^\\s*Installed:\\s*$\")) installed_section = 1;\n if (!installed_section) continue;\n if (!empty(previous_line)) line = previous_line + line;\n if (preg(string:line, pattern:\"}\\s*$\"))\n {\n previous_line = \"\";\n line_split = split(line, sep:' ', keep:FALSE);\n for (m=0;m<max_index(line_split);m++)\n {\n word = line_split[m];\n cve_match = pregmatch(string:word, pattern:\"(CVE-\\d{4}-\\d{4,})\");\n if (!empty_or_null(cve_match) && !empty_or_null(cve_match[1]))\n {\n cves = make_list(cves, cve_match[1]);\n }\n }\n }\n else\n {\n previous_line += line;\n }\n }\n # If the status file exists but no updates have been installed, write a dummy CVE to ensure \n # Host/ksplice/kernel-cves can be written so that KSplice checks execute correctly.\n if (empty_or_null(cves)) {\n cves = make_list(\"NONE\");\n }\n}\nif (!empty_or_null(cves)) {\n cves = collib::cve_sort(cves);\n cve_list = join(cves, sep:\",\");\n replace_kb_item(name:\"Host/ksplice/kernel-cves\", value:cve_list);\n}\n\n\nif (!get_kb_item(\"Host/uptrack-uname-a\") && !cve_list) audit(AUDIT_NOT_INST, \"KSplice\");\n\n# if the file /etc/uptrack/disable exists then ksplice/uptrack is disabled\nif (get_kb_item(\"Host/uptrack-disable-file\")) exit(0, \"Ksplice is installed but is not currently being used.\");\n\nreport = \"\";\nif (get_kb_item(\"Host/uptrack-show-installed\"))\n{\n installed_patches = get_kb_item(\"Host/uptrack-show-installed\");\n installed_patches = ereg_replace(pattern:\"\\nEffective kernel version.*\", replace:\"\", string:installed_patches);\n report += installed_patches;\n}\nif (report != \"\") report += '\\n' + '\\n';\nif (!empty_or_null(cve_list))\n{\n report += 'Kernel CVEs determined to be patched through Uptrack or KSplice:\\n';\n cves_block = ' ';\n for (i = 0; i < max_index(cves); i++)\n {\n terminator = ' ';\n if (i == (max_index(cves) - 1))\n {\n terminator = '';\n }\n else if ((i + 1) % 4 == 0)\n {\n terminator = ',\\n ';\n }\n else\n {\n terminator = ', ';\n }\n cves_block += cves[i] + terminator;\n }\n report += cves_block;\n}\nif (report != \"\") report += '\\n' + '\\n';\nif (get_kb_item(\"Host/uptrack-show-available\"))\n{\n available_patches = get_kb_item(\"Host/uptrack-show-available\");\n available_patches = ereg_replace(pattern:\"\\nEffective kernel version.*\", replace:\"\", string:available_patches);\n report += available_patches;\n}\nif (report_verbosity > 0) security_note(port:0, extra:report);\nelse security_note(0);\n", "naslFamily": "General", "pluginID": "65047", "cpe": [], "scheme": null}
{"nessus": [{"lastseen": "2020-09-23T15:28:02", "description": "This is a wrapper plugin for ensuring that detection scripts for\ncustom software patching methodologies (outside of yum, dpkg, and\nsimilar package management systems) get run prior to the execution\nof localcheck plugins.\n\nAdd additional detection scripts to the script_dependencies\nattribute.", "edition": 14, "published": "2019-03-18T00:00:00", "title": "Linux Alternate Patch Detection", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2019-03-18T00:00:00", "cpe": [], "id": "LINUX_ALT_PATCH_DETECT.NASL", "href": "https://www.tenable.com/plugins/nessus/122878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122878);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_xref(name:\"IAVT\", value:\"0001-T-0504\");\n\n script_name(english:\"Linux Alternate Patch Detection\");\n script_summary(english:\"Calls scripts for checking alternate patching/hotfixing software.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"Runs dependency plugins.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This is a wrapper plugin for ensuring that detection scripts for\ncustom software patching methodologies (outside of yum, dpkg, and\nsimilar package management systems) get run prior to the execution\nof localcheck plugins.\n\nAdd additional detection scripts to the script_dependencies\nattribute.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"General\");\n\n script_dependencies(\"ksplice.nasl\", \"kpatch.nasl\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\nexit(0, \"Dependency scripts run.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}
