Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct F5 fingerprints #171

Closed
wants to merge 2 commits into from
Closed

Correct F5 fingerprints #171

wants to merge 2 commits into from

Conversation

jhart-r7
Copy link
Contributor

@jhart-r7 jhart-r7 commented Aug 24, 2018
edited

In other fingerprints the vendor is F5, which is more correct. This makes the vendor name consistent.

This also uses the BIG-IP family and BIG-IP LTM product consistently, and corrects a handful of os fingerprints that should be service.

@jhart-r7 jhart-r7 changed the title Correct F5 vendor Correct F5 fingerprints Aug 24, 2018
gwiseman-r7
gwiseman-r7 reviewed Aug 24, 2018
View reviewed changes
Copy link
Contributor

@gwiseman-r7 gwiseman-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the InsightVM/Nexpose side of things we have a large number of checks that rely on the OS vendor value being F5 and family being BIG-IP. So removing " Labs" makes things more consistent from that point of view 👍

The changes from os to service shouldn't affect vulnerability results at all. Even though our checks use OS-level fingerprints, they won't fire from recog matches (they rely on an additional system config value to be asserted, which corresponds to what these files call product (e.g. LTM).

xml/http_wwwauth.xml
@@ -287,8 +287,9 @@
<fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;.*$">
<description>Generic F5 Big-IP</description>
<example>Basic realm="BIG-IP"</example>
<param pos="0" name="os.vendor" value="F5"/>
<param pos="0" name="os.product" value="BIG-IP"/>
<param pos="0" name="servicevendor" value="F5"/>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing . separator

gwiseman-r7
gwiseman-r7 approved these changes Aug 24, 2018
View reviewed changes
Copy link
Contributor

@gwiseman-r7 gwiseman-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the missing . and 🚢

@jhart-r7
Copy link
Contributor Author

Good catch. I'll see about adding a test to catch possibly bad fingerprints like that.

@jhart-r7
Copy link
Contributor Author

This was landed, but for some reason it is not showing up here.

@jhart-r7 jhart-r7 closed this Aug 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwiseman-r7 gwiseman-r7 gwiseman-r7 approved these changes

@tsellers-r7 tsellers-r7 Awaiting requested review from tsellers-r7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jhart-r7 @gwiseman-r7