View previous topic :: View next topic |
Author |
Message |
DevLinux n00b
Joined: 29 Jul 2015 Posts: 8
|
Posted: Fri Jan 21, 2022 10:06 pm Post subject: Compliance and Vulnerability Scanning |
|
|
I'm curious if anybody out there is doing any compliance and vulnerability scanning of their Gentoo servers?
I looked at the Gentoo Security Handbook. No mention I could see of anything there and a banner says the handbook hasn't been touched in a decade. Tried searching the forums. Nessus and Greenbone Vulnerability Manager don't do compliance scanning in the free versions. Nessus is a $2500 product for the pro version and GVM requires buying a hardware appliance.
Just wanted to see what others were doing. This is for a home network so while I don't mind paying, price has to be reasonable. |
|
Back to top |
|
|
ShadowCat8 Apprentice
Joined: 07 Oct 2008 Posts: 173 Location: San Bernardino, CA, USA
|
Posted: Sat Jan 22, 2022 1:27 am Post subject: |
|
|
Greetings,
Well, for server vulnerability scanning, I have been looking at the community version of Qualys.
Pros:
- It's free.
- It knows about Gentoo as it's own distro.
- When you have it configured the way you want, it's reporting is very thorough.
Cons:
- Community version access only lasts for six-month blocks at a time. To renew/extend, you have to contact a sales rep.
- Configuration can seem overwhelming. I have used Qualys in the past to scan websites I was working on for vulnerabilities and it can be a lot of configuration to get to the tests you want/need.
- As far as full server scanning, the community version only allows one server to be scanned and tested, IIRC.
That's what I have so far as I have been trying to get my community account extended (READ: re-activated) for full server scanning to test a new server image I have developed with Gentoo.
I will post again as soon as I know more. _________________ ________________________
"As far as the laws of mathematics refer to reality, they are not
certain, and as far as they are certain, they do not refer to reality."
-- Albert Einstein |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2008
|
Posted: Sat Jan 22, 2022 1:35 pm Post subject: Re: Compliance and Vulnerability Scanning |
|
|
DevLinux wrote: | I'm curious if anybody out there is doing any compliance and vulnerability scanning of their Gentoo servers?
...
Just wanted to see what others were doing. This is for a home network so while I don't mind paying, price has to be reasonable. |
Probably not what you're after, but, I run rkhunter, which includes looking for know vulnerabilities. Free, of course. _________________ Greybeard |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|