Re: How to find system configuration vulnerabilities; was: Thank you Debian

To: debian-user@lists.debian.org
Subject: Re: How to find system configuration vulnerabilities; was: Thank you Debian
From: Michael Kjörling <2695bd53d63c@ewoof.net>
Date: Wed, 21 Feb 2024 21:08:18 +0000
Message-id: <[🔎] e1ff2ea1-8ee8-404f-bdb6-cd8eebb4b92f@home.arpa>
In-reply-to: <[🔎] bf1a9544-890a-47ea-9d21-27847e392d08@rodier.me>
References: <[🔎] bf1a9544-890a-47ea-9d21-27847e392d08@rodier.me>

On 21 Feb 2024 19:03 +0000, from andre@rodier.me (Andre Rodier):
> - What is the best approach to check if there is any vulnerability in the
> packages configuration ?
> - Is there any service that could audit the deployment code or the
> configuration files ?

My understanding is that both Lynis and Vuls are popular for
already-installed systems. If you have your configuration packaged as
Ansible scripts, then deploying that onto a disposable VM based on a
minimal Debian installation should be a reasonably practical way of
auditing the deployment process itself for vulnerabilities.

A web search for something like "linux local vulnerability scanner"
will provide you with additional leads.

Note that any automated tool will use some kind of heuristics so (a)
may find things that are not actually vulnerabilities in your setup,
and (b) might not find something which _is_ a vulnerability in your
setup.

-- 
Michael Kjörling                     🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Reply to:

Follow-Ups:
- Re: How to find system configuration vulnerabilities; was: Thank you Debian
  - From: Andre Rodier <andre@rodier.me>

References:
- Thank you Debian
  - From: Andre Rodier <andre@rodier.me>

Prev by Date: Re: Determining which file is at a given LBA offset; was: HDD error: Current_Pending_Sector
Next by Date: Re: Orphaned Inode Problem
Previous by thread: Thank you Debian
Next by thread: Re: How to find system configuration vulnerabilities; was: Thank you Debian
Index(es):
- Date
- Thread