CheckCVE for Probe Manager

Presentation

Module to check the CVE of softwares

Features

• Check if there is a CVE for a software on a remote server.

Installation

Install with ProbeManager

Usage

Administration Page of the module :

Page to add an instance which verifies the CVE of the software of a remote server :

• Give a unique name for this instance, example: server-proxy_checkcve.
• Give a crontab for planning verifications of existing CVE.
• Specify the server on which the software to be monitored is located.
• Select the software to be monitored.
• Select a whitelist for which the software are not vulnerable.

Page to add a software for which a check of CVE can be made :

• Give the name of the software as seen by the OS. example: dovecot-imapd is the name of Dovecot on Debian.
• Specify for which operating systems the software is installed.
• Give its valid CPE name.
• Specify how it was installed, by which package manager.

Page of an instance :

• The button ‘Check CVE’: launch a CVE audit, check if there are known vulnerabilities on this instance.
• Under CVE found: There are links for CVE found. For Debian, it redirects to the security bug tracker. For others, it redirects to www.cvedetails.com.

Miscellaneous

CVEs are registered with their CVE ID, example : CVE-2016-6304

Before putting a CVE in a whitelist, it is necessary to make sure that the patch is well applied to its version. There are sites that help you know this,for example for Debian : Security Bug Tracker

On the home page, if the instance icon is red, there are known vulnerabilities on this instance. If the icon is green, there are none.

All operating systems that have an SSH server are theoretically compatible, in fact as currently only the APT and Brew package manager are supported, this limits to Debian, Ubuntu and OSX.

The knowledge base of CVE used is: https://cve.circl.lu