How It Works

Navigation:  Kcare-nexpose >

How It Works

Previous pageReturn to chapter overviewNext page

The script finds CVEs that are related to patches applied by KernelCare (downloaded either from KernelCare ePortal or the central KernelCare patch server) and excludes them from Nexpose vulnerability scanner reports. The script can approve this exception in Nexpose (if you do not want to approve, set is_approve to false in the script config). It can also remove the old exceptions left from the previous script runs (set delete_old to true in the script config).

 

First, you should generate report in Nexpose (see supported report types below) and specify it in the config file. Also you need to specify some other parameters:

 

$ cp /usr/local/etc/kcare-nexpose.yml.template /usr/local/etc/kcare-nexpose.yml
$ vim /usr/local/etc/kcare-nexpose.yml

 

Note. IP address in Nexpose and the one in KernelCare ePortal should be the same. If you use Nexpose and KernelCare ePortal on different instances, you should make sure that Nexpose and KernelCare ePortal are not using localhost (127.0.0.1). Otherwise, kcare-nexpose can mark vulnerability wrong, as it just analyzes IP addresses from Nexpose and KernelCare ePortal.

If used with CLN license server, the script can work with servers behind NAT by matching them by their hostnames.

 

Supported report types

 

raw-xml-v2

 

nexpose-xml2