-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running lacework cli command to scan package manifests is creating empty output file #491
Comments
Actually it looks like this may work You may need to update your documentation here https://www.lacework.com/blog/running-with-packer/ |
@lorelei-rupp-imprivata Thank you so much for your feedback! 🎉 - Let me look at the blog post and |
Yeah, at least suggest things to look at if you are using packer etc.. because I spent a lot of time trying to figure out why I had an empty file |
@afiune so interestingly when I drop the --debug flag, I get back to an empty file. At the end of the debug output too it says |
Does the cli, when there are no vulnerabilities not output empty json or anything to that affect? |
@lorelei-rupp-imprivata If I understand correctly, when you run the
This is correct and indicates that your packer image doesn't have any vulnerability, though, I see your point where, To further troubleshoot I will need the package-manifest your are sending to Lacework, you can generate it with
Could you please send it to me via Email at afiune@lacework.net? NOTE: Run that command from within the package image 👆🏽 |
When I run the cli manually on the box myself I see the Will generate and send, Thanks! I am just confused if I am suppose to see an empty file or if I should see this message when there are no issues |
Following this doc https://www.lacework.com/blog/running-with-packer/ and running
lacework vulnerability host scan-pkg-manifest --local | tee /tmp/lacework-vulnerability.out
leaves me with an empty out file every time with packer. Running manually returnssh-4.2$ lacework vulnerability host scan-pkg-manifest --local 2>&1 > /tmp/lacework-vulnerability.json sh-4.2$ cat /tmp/lacework-vulnerability.json There are no vulnerabilities found! Time for 🍕
I turned on debug mode with
lacework vulnerability host scan-pkg-manifest --local --debug --noninteractive | tee /tmp/lacework-vulnerability.out
and I see more output from the running of the cli, but the output file is still empty. Trying to understand why and what I am doing wrongamazon-ebs.eks-node-build: Starting scan amazon-ebs.eks-node-build: {"level":"info","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:258","msg":"turning off interactive mode"} amazon-ebs.eks-node-build: {"level":"info","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:313","msg":"switch output to json format"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/root.go:214","msg":"configuration file not found"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:133","msg":"unable to load state from config"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:349","msg":"state updated","api_key":"<sensitive>"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:354","msg":"state updated","api_secret":"<sensitive>"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/cli_state.go:359","msg":"state updated","account":"<sensitive>"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/root.go:53","msg":"updating honeyvent","dataset":"lacework-cli-prod"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:01Z","caller":"cmd/honeyvent.go:175","msg":"new honeyvent","dataset":"lacework-cli-prod","trace_id":"2155f929a76309b0","span_id":"6e10fc4718d283e9","parent_id":""}{\"name\":\"libss\",\"namespace\":\"amzn:2\"},\"CVE_PROPS\":{\"cve_batch_id\":\"2C3E1E2F758548629868B9090BEABF6C\",\"description\":\"Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-5188: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. 1790048: CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c CVE-2019-5094: 1768555: CVE-2019-5094 e2fsprogs: Crafted ext4 partition leads to out-of-bounds write An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.\",\"link\":\"https://alas.aws.amazon.com/AL2/ALAS-2020-1509.html\",\"metadata\":null},\"FIX_INFO\":{\"compare_result\":0,\"eval_status\":\"GOOD\",\"fix_available\":0,\"fixed_version\":\"0:1.42.9-19.amzn2\",\"fixed_version_comparison_infos\":[{\"curr_fix_ver\":\"1.42.9-19.amzn2\",\"is_curr_fix_ver_greater_than_other_fix_ver\":\"0\",\"other_fix_ver\":\"1.42.9-19.amzn2\"}],\"fixed_version_comparison_score\":0,\"max_prefix_matching_len_score\":17,\"version_installed\":\"0:1.42.9-19.amzn2\"},\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"MATCH_NO_VULN\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":1,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"glibc-minimal-langpack\",\"pkg_ver\":\"0:2.26-48.amzn2\",\"version_format\":\"rpm\"},\"VULN_ID\":\"ALAS2-2021-1599\",\"SEVERITY\":\"High\",\"FEATURE_KEY\":{\"name\":\"glibc-minimal-langpack\",\"namespace\":\"amzn:2\"},\"CVE_PROPS\":{\"cve_batch_id\":\"2C3E1E2F758548629868B9090BEABF6C\",\"description\":\"Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-25013: A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. 1912960: CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding\",\"link\":\"https://alas.aws.amazon.com/AL2/ALAS-2021-1599.html\",\"metadata\":null},\"FIX_INFO\":{\"compare_result\":-1,\"eval_status\":\"GOOD\",\"fix_available\":0,\"fixed_version\":\"0:2.26-40.amzn2\",\"fixed_version_comparison_infos\":[{\"curr_fix_ver\":\"2.26-40.amzn2\",\"is_curr_fix_ver_greater_than_other_fix_ver\":\"0\",\"other_fix_ver\":\"2.26-40.amzn2\"}],\"fixed_version_comparison_score\":0,\"max_prefix_matching_len_score\":8,\"version_installed\":\"0:2.26-48.amzn2\"},\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"MATCH_NO_VULN\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":9,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"yum-utils\",\"pkg_ver\":\"0:1.1.31-46.amzn2.0.1\",\"version_format\":\"rpm\"},\"VULN_ID\":\"ALAS2-2018-1063\",\"SEVERITY\":\"High\",\"FEATURE_KEY\":{\"name\":\"yum-utils\",\"namespace\":\"amzn:2\"},\"CVE_PROPS\":{\"cve_batch_id\":\"2C3E1E2F758548629868B9090BEABF6C\",\"description\":\"Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2018-10897: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. 1600221: CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal\",\"link\":\"https://alas.aws.amazon.com/AL2/ALAS-2018-1063.html\",\"metadata\":null},\"FIX_INFO\":{\"compare_result\":0,\"eval_status\":\"GOOD\",\"fix_available\":0,\"fixed_version\":\"0:1.1.31-46.amzn2.0.1\",\"fixed_version_comparison_infos\":[{\"curr_fix_ver\":\"1.1.31-46.amzn2.0.1\",\"is_curr_fix_ver_greater_than_other_fix_ver\":\"0\",\"other_fix_ver\":\"1.1.31-46.amzn2.0.1\"}],\"fixed_version_comparison_score\":0,\"max_prefix_matching_len_score\":21,\"version_installed\":\"0:1.1.31-46.amzn2.0.1\"},\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"MATCH_NO_VULN\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":1,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"jq\",\"pkg_ver\":\"0:1.5-1.amzn2.0.2\",\"version_format\":\"rpm\"},\"VULN_ID\":null,\"SEVERITY\":null,\"FEATURE_KEY\":null,\"CVE_PROPS\":null,\"FIX_INFO\":null,\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"NO_MATCH\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":0,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"irqbalance\",\"pkg_ver\":\"2:1.7.0-4.amzn2.0.1\",\"version_format\":\"rpm\"},\"VULN_ID\":null,\"SEVERITY\":null,\"FEATURE_KEY\":null,\"CVE_PROPS\":null,\"FIX_INFO\":null,\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"NO_MATCH\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":0,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"xfsprogs\",\"pkg_ver\":\"0:4.5.0-18.amzn2.0.1\",\"version_format\":\"rpm\"},\"VULN_ID\":null,\"SEVERITY\":null,\"FEATURE_KEY\":null,\"CVE_PROPS\":null,\"FIX_INFO\":null,\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"NO_MATCH\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":0,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"python-chardet\",\"pkg_ver\":\"0:2.2.1-1.amzn2\",\"version_format\":\"rpm\"},\"VULN_ID\":null,\"SEVERITY\":null,\"FEATURE_KEY\":null,\"CVE_PROPS\":null,\"FIX_INFO\":null,\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"NO_MATCH\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":0,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}},{\"OS_PKG_INFO\":{\"namespace\":\"amzn:2\",\"os\":\"amzn\",\"os_ver\":\"2\",\"pkg\":\"libstdc++\",\"pkg_ver\":\"0:7.3.1-13.amzn2\",\"version_format\":\"rpm\"},\"VULN_ID\":null,\"SEVERITY\":null,\"FEATURE_KEY\":null,\"CVE_PROPS\":null,\"FIX_INFO\":null,\"SUMMARY\":{\"eval_created_time\":\"Mon, 26 Jul 2021 05:13:03 -0700\",\"eval_status\":\"NO_MATCH\",\"num_fixable_vuln\":0,\"num_fixable_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0},\"num_total\":0,\"num_vuln\":0,\"num_vuln_by_severity\":{\"1\":0,\"2\":0,\"3\":0,\"4\":0,\"5\":0}},\"PROPS\":{\"eval_algo\":\"1001\"}}],\"ok\":true,\"message\":\"SUCCESS\"}"} amazon-ebs.eks-node-build: {"level":"debug","ts":"2021-07-26T12:13:08Z","caller":"cmd/cli_state.go:294","msg":"skipping spinner","noninteractive":true,"action":"stop_progress"}
The text was updated successfully, but these errors were encountered: