I have an issue with plugin OID 1.3.6.1.4.1.25623.1.0.108441 (Determine OS and list of installed packages via SSH login)
I’m scanning on a weekly basis a list of linux hosts with authenticated scans enabled and working. Scans works fine but local security checks are not performed since the system identifier is unknown by the NVT. Targets are running Linux Mint, with the following identifiers:
Linux ov-eqi 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Is there any workaround / solution to this issue ? (I’ve seen a post from cfi asking for feedbacks on this, but the thread is more than 1 year old, so not sure if it’s still open)
Indeed a basic detection for Linux Mint could be implemented, it would be great if you could post the output of the following VT (either here or privately via PN to me):
Name: OS Detection Consolidation and Reporting
OID: 1.3.6.1.4.1.25623.1.0.105937
Family: Product detection
Note: Such an implementation would only introduce OS Detection for Linux Mint. There are no plans by Greenbone to support this Linux Distributions for package manager based authenticated scans, especially as it seems (only did a short research) that Linux Mint doesn’t publish any vendor advisories for their packages.
OS: Ubuntu Version: 16.04 CPE: cpe:/o:canonical:ubuntu_linux:16.04 Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (SSH OS Identification) Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 Setting key “Host/runs_unixoide” based on this information
As you can see Linux Mint is just an Ubuntu variant. It use the same packages repository, and follow the mainstream releases plan, so packages are identical to the Ubuntu distribution. So using the ubuntu plugin should work without issues.
But generally there won’t be any package scanning support provided by Greenbone for Linux Mint, this is something which requires support and maintenance of a community contributor.
Unknown banners have been collected which might help to identify the OS running on this host. If these banners containing information about the host OS please report the following information to https://community.greenbone.net/c/vulnerability-tests:
Banner: uname: Linux ov-master-eqi 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
rpm -qf /etc/redhat-release: error: file /etc/redhat-release: No such file or directory
Thanks again for providing this information, this should be enough to implement at least some basic OS Detection capabilities when doing authenticated scans. It will take some time tough, will give a note here once this was done.
The simplest explanation for this could be that these are detected as Debian because Linux Mint seems to be providing a /etc/debian_version with a Debian specific codename in addition to the other previous posted files having Linux Mint specific info included.