vulnerability-detector
New in version 3.2.0.
This section covers the configuration for the Vulnerability detection module.
XML section name
<vulnerability-detector>
</vulnerability-detector>
Options
Note
The options update_ubuntu_oval
/update_redhat_oval
(since 3.5) and feed
(since 3.11) are deprecated. It is recommended to use provider
instead.
Options |
Allowed values |
---|---|
yes, no |
|
A positive number (seconds) |
|
yes, no |
|
A positive number (seconds) |
|
A valid vulnerability vendor |
interval
Time between vulnerabilities scans.
Default value |
5m |
Allowed values |
A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), h (hours) or d (days). |
run_on_start
Runs updates and vulnerabilities scans immediately when service is started.
Default value |
yes |
Allowed values |
yes, no |
ignore_time
Time during which vulnerabilities that have already been alerted will be ignored.
Default value |
6 hours |
Allowed values |
A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), h (hours) or d (days). |
provider
Configuration block to specify vulnerability updates.
Allowed tags |
name |
Defines a vulnerability information provider. |
||||
Allowed values |
canonical |
|||||
debian |
||||||
redhat |
||||||
nvd |
||||||
Allowed values |
enabled |
Enables the vulnerability provider update. |
||||
Default value |
no |
|||||
Allowed values |
yes, no |
|||||
os |
Feed to update. |
|||||
Allowed values |
provider |
feed |
||||
canonical |
precise / 12 |
|||||
trusty / 14 |
||||||
xenial / 16 |
||||||
bionic / 18 |
||||||
debian |
wheezy / 7 |
|||||
jessie / 8 |
||||||
stretch / 9 |
||||||
buster / 10 |
||||||
redhat |
|
|||||
nvd |
|
|||||
Allowed tags |
update_interval |
How often the vulnerability database is updated. It has priority over the update_interval option of the provider block. |
||||
Default value |
The value indicated by the update_interval option of the provider block. |
|||||
Allowed values |
A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), h (hours) or d (days). |
|||||
url |
Defines the link to an alternative OVAL files. |
|||||
Allowed values |
Link to download the OVAL file obtained from Canonical or Debian. |
|||||
path |
Defines the path to an alternative OVAL file. |
|||||
Allowed values |
Path where the OVAL file obtained from Canonical or Debian is located. |
|||||
port |
Defines the connection port when using the |
|||||
Allowed values |
A valid port. |
|||||
allow |
Defines compatibility with unsupported systems. |
|||||
Allowed values |
A valid operating system not supported by default. You can find a guide on how to set it up here. |
|||||
update_interval |
How often the vulnerabilities of the provider are updated. It can be overwritten by the attribute with the same name of |
|||||
Default value |
1 hour. |
|||||
Allowed values |
A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), h (hours) or d (days). |
|||||
update_from_year |
Year from which the provider will be updated. |
|||||
Default value |
||||||
Allowed values |
provider |
value |
||||
redhat |
A valid year and greater than 1998. |
|||||
nvd |
A valid year and greater than 2001. |
|||||
canonical |
|
|||||
debian |
|
|||||
allow |
Defines compatibility with unsupported systems. |
|||||
Allowed values |
provider |
value |
||||
redhat |
A valid operating system not supported by default. You can find a guide on how to set it up here. |
|||||
nvd |
|
|||||
canonical |
Use the |
|||||
debian |
Use the |
|||||
Allowed tags |
replaced_os |
Defines the version of Red Hat that will replace the unsupported system. |
||||
Allowed values | A numeric value that in substitution with the tag forms a valid link. |
||||||
url |
Defines the link to an alternative feed files. |
|||||
Allowed values |
provider |
value |
||||
redhat |
Parameterized link to download the feed files obtained from Red Hat Security Data API. You can find a guide on how to set it up here. |
|||||
nvd |
Parameterized link to download the feed files obtained from National Vulnerability Database. You can find a guide on how to set it up here. |
|||||
canonical |
Use the |
|||||
debian |
Use the |
|||||
Allowed tags |
start |
Defines the first value which the tag will be substituted. |
||||
Allowed values | A numeric value that in substitution with the tag forms a valid link. |
||||||
end |
Defines the last value which the tag will be substituted. |
|||||
Allowed values | A numeric value that in substitution with the tag forms a valid link. |
||||||
port |
Defines the connection port. |
|||||
Allowed values | A valid port. |
||||||
path |
Defines the path to an alternative feed files. |
|||||
Allowed values |
provider |
value |
||||
redhat |
Path with regular expression that matches the feed files obtained from Red Hat Security Data API. |
|||||
nvd |
Path with regular expression that matches the feed files obtained from National Vulnerability Database. |
|||||
canonical |
Use the |
|||||
debian |
Use the |
Example of configuration
The following configuration will update the vulnerability database for Ubuntu, Debian, Redhat and Microsoft Windows.
<vulnerability-detector>
<enabled>yes</enabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<provider name="canonical">
<enabled>yes</enabled>
<os>precise</os>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<update_interval>1h</update_interval>
</provider>
<provider name="debian">
<enabled>yes</enabled>
<os>wheezy</os>
<os>stretch</os>
<os>jessie</os>
<os>buster</os>
<update_interval>1h</update_interval>
</provider>
<provider name="redhat">
<enabled>yes</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
<provider name="nvd">
<enabled>yes</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
Note
See the Vulnerability detector section to obtain more information about this module.