I have an issue with plugin OID 220.127.116.11.4.1.25618.104.22.168441 (Determine OS and list of installed packages via SSH login)
I’m scanning on a weekly basis a list of linux hosts with authenticated scans enabled and working. Scans works fine but local security checks are not performed since the system identifier is unknown by the NVT. Targets are running Linux Mint, with the following identifiers:
Linux ov-eqi 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Is there any workaround / solution to this issue ? (I’ve seen a post from cfi asking for feedbacks on this, but the thread is more than 1 year old, so not sure if it’s still open)
Note: Such an implementation would only introduce OS Detection for Linux Mint. There are no plans by Greenbone to support this Linux Distributions for package manager based authenticated scans, especially as it seems (only did a short research) that Linux Mint doesn’t publish any vendor advisories for their packages.
OS: Ubuntu Version: 16.04 CPE: cpe:/o:canonical:ubuntu_linux:16.04 Found by NVT: 22.214.171.124.4.1.256126.96.36.199586 (SSH OS Identification) Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 Setting key “Host/runs_unixoide” based on this information
As you can see Linux Mint is just an Ubuntu variant. It use the same packages repository, and follow the mainstream releases plan, so packages are identical to the Ubuntu distribution. So using the ubuntu plugin should work without issues.
Thanks again for providing this information, this should be enough to implement at least some basic OS Detection capabilities when doing authenticated scans. It will take some time tough, will give a note here once this was done.
The simplest explanation for this could be that these are detected as Debian because Linux Mint seems to be providing a /etc/debian_version with a Debian specific codename in addition to the other previous posted files having Linux Mint specific info included.