I noticed there is no specific support of Rocky via notus or nasl scripts in the community feed, but they are in the enterprise feed as of last year. When will we see a version of these added to the community feed? Since the “the fall of CentOS”, I ( and most anyone that was using CentOS seriously) have moved all of my machines to Rocky. OpenVAS community edition has long supported scanning for CentOS, so I hope this is on the roadmap for Rocky too?
at the moment Rocky Linux and also AlmaLinux are considered enterprise distributions and therefore are only part of the enterprise feed via paid subscriptions. Currently there are no plans to change this.
Red Hat, Suse & Ubuntu are the largest and most widely recognized “Enterprise” distribution of Linux, and the community feed has local tests specific to them. Instead, Rocky is one of the newest open source repackagings of Red Hat, and it is being considered an Enterprise distribution? I’m not knocking Rocky, I think it is absolutely solid, which is why it is my go to for open source projects. But in Enterprise environments, it’s Red Hat all the way. I’m questioning the categorization for the purpose of supporting the community who is more likely to be using Rocky than Red Hat. It’s also widely accepted that Rocky is the replacement for CentOS and local checks for CentOS have been in the Community feed for as long as I can remember.
Now … I have always understood that the community feed was lacking in Enterprise checks. Examples I have seen are Exchange server vulnerabilities and such that would not be in a small installation, as it’s very rare to install an Exchange server in anything other than an Enterprise environment. This makes sense to me. But categorizing an entire popular OpenSource Distribution of Linux as “Enterprise” and leaving it completely out of the feeds just don’t seem right to me.
@DeeAnn,
That is EXCELLENT news. I hope GB will soon make the enterprise feed available for subscription. I know of several folks, myself included, who would be interested. Likewise, I’d also be interested in reselling via my Company if that were possible.
Is there any chance of a community feed for Rocky though? If not for the nasl scripts, at least the notus data to verify Rocky Systems are fully patched?
Red Hat LSCs are also in the enterprise feed only since 2018 (Remember, the enterprise feed didn’t existed before so you might always find products which have mixed coverage).
As previously mentioned:
Changing this would be also not in the hands / in the decision of any Greenbone staff reading / answering in this forum.