<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=4048960308545126&amp;ev=PageView&amp;noscript=1">

Joao Correia August 27, 2021

automation, vulnerability management, vulnerability management tool

Tips for TuxCare’s KernelCare Enterprise integration with Qualys

feature Image

Qualys provides visibility into the IT infrastructure, with comprehensive reporting on the state of systems and vulnerabilities that may be present in them. 

TuxCare’s KernelCare Enterprise provides Live Patching for the Linux Kernel and important shared libraries like OpenSSL and glibc. 

It is possible to integrate KernelCare specific information into Qualys reports having the best of both worlds and accurately reflect the patched state of running kernels. This article shows you how to achieve this.

 

There is already an integration between Qualys and KernelCare, which lets “Information gathering” operations return the correct information. When KernelCare is deployed onto a system, Qualys will provide the following output for an “Information gathering” operation:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot1

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot2

And this is as expected. When digging into the details, you can see the effective version of the currently running kernel:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot3

And

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot4

This is the result of “/usr/bin/kcare-uname -r”. This command provides the correct output version for a system running a kernel that has received live patches, as opposed to “uname -r”, which will only show the installed kernel version.

So, for “Information gathering” operations, Qualys is KernelCare-aware and provides the correct output. 

However, when scanning for kernel-related package versions, “Outdated packages” will still report the older kernel version, and this will artificially inflate the number of vulnerabilities present:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot5

To correct this, there is an option under “Report Template” in Qualys to specifically ignore older versions:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot6

This filter will correctly ignore older kernel versions in the report. In our test example, the change made this:

Go to this:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot7

This isn’t just a trick to ignore some issues - it’s a way to ensure the Qualys’ report reflects accurate vulnerabilities when systems are protected with TuxCare’s KernelCare Enterprise.

Newsletter

Stay in the Loop

Subscribe to our newsletter to get the latest news on live patching technology from TuxCare Team.

Subscribe