No vulnerable packages found

[Ric4br]

Hi!

I need help with the script scan.py. I followed the installation instructions, on zabbix server and 2 test servers. The data collection seems to work, and the integration with zabbix also.

But whenn I get list of packages and make an manual audit in vulners, it finds hunderts of problems as expected, but the scan.py just writes "No vulnerable packages found" for the server. In the dump created by scan.py the packages are listed.

How can I debug the communication and answer from vulvers.

Best Regards

[Ric4br]

INFO:ZTC:Connected to Zabbix API v.4.2.6 INFO:ZTC:Received from Zabbix 2 hosts for processing INFO:ZTC:Receiving extended data about hosts from Zabbix INFO:ZTC:[1 of 2] "XXXXX". Successfully received extended data INFO:ZTC:[2 of 2] "YYYYYY". Successfully received extended data INFO:ZTC:Processed hosts: 2. INFO:ZTC:Checking data from Zabbix INFO:ZTC:After checking data from Zabbix, there are 2 entries left. Removed 0 INFO:ZTC:Receiving the vulnerabilities from Vulners INFO:ZTC:[1 of 2] "XXXXX". Successfully received data from Vulners INFO:ZTC:[2 of 2] "YYYYYY". Successfully received data from Vulners INFO:ZTC:Processed hosts: 2 INFO:ZTC:Exclude invalid response data from Vulners INFO:ZTC:There are 2 entries left. Removed: 0 INFO:ZTC:Сreating an additional field in the host-matrix based on data from Vulners INFO:ZTC:[1 of 2] "XXXXX". Successfully processed INFO:ZTC:[2 of 2] "YYYYYY". Successfully processed INFO:ZTC:Processed hosts: 2 INFO:ZTC:Сreating an LLD-data: CVSS-Scores and Cumulative-Fix commands INFO:ZTC:Creating a matrix of vulnerable packages of all hosts INFO:ZTC:[1 of 2] "XXXXX". Successfully processed vulnerable packages: 2 INFO:ZTC:[2 of 2] "YYYYYY". No vulnerable packages found INFO:ZTC:Processed hosts: 2 INFO:ZTC:Unique vulnerable packages processed: 2 INFO:ZTC:Сreating an LLD-data for package monitoring INFO:ZTC:Creating an bulletin-matrix INFO:ZTC:[1 of 2] "XXXXX". Successfully processed security bulletins: 3 INFO:ZTC:[2 of 2] "YYYYYY". No security bulletins found INFO:ZTC:Processed hosts: 2 INFO:ZTC:Unique security bulletins processed: 3 INFO:ZTC:Сreating an LLD-data for bulletin monitoring INFO:ZTC:Сreating an CVSS Score-based host-lists INFO:ZTC:Сreating an aggregated data INFO:ZTC:Pushing LLD-objects to Zabbix: zabbix_sender -z localhost -p 10051 -i /opt/monitoring/zabbix-threat-control/lld.zbx INFO:ZTC:Response from "localhost:10051": "processed: 3; failed: 0; total: 3; seconds spent: 0.000554" sent: 3; skipped: 0; total: 3

INFO:ZTC:sleep for 5 min INFO:ZTC:Pushing data to Zabbix: zabbix_sender -z localhost -p 10051 -i /opt/monitoring/zabbix-threat-control/data.zbx INFO:ZTC:Response from "localhost:10051": "processed: 23; failed: 0; total: 23; seconds spent: 0.000876" sent: 23; skipped: 0; total: 23

INFO:ZTC:Work completed successfully

[samosvat]

What CVSS-Scores do these packages have?

[Ric4br]

All of them ;-) , many months old backup as test server "YYYYYY"

[Ric4br]

Hi again! Maybe I'm testing it wrong, today overnight the result was different, it found more issues. but not that many.

Yesterday I went in Zabbix Host, items and selected the vulners items and run "check now", The clients logged the execution of the scripts. And after that I started the scan.py in the zabbix server. and did the result described above.

Overnight the results were different. INFO:ZTC:[1 of 2] "XXXXX". Successfully processed vulnerable packages: 7 INFO:ZTC:[2 of 2] "YYYYYY". Successfully processed vulnerable packages: 4 INFO:ZTC:Processed hosts: 2 INFO:ZTC:Unique vulnerable packages processed: 11 INFO:ZTC:Сreating an LLD-data for package monitoring INFO:ZTC:Creating an bulletin-matrix INFO:ZTC:[1 of 2] "XXXXX". Successfully processed security bulletins: 5 INFO:ZTC:[2 of 2] "YYYYYY". Successfully processed security bulletins: 1 INFO:ZTC:Processed hosts: 2 INFO:ZTC:Unique security bulletins processed: 5 INFO:ZTC:Сreating an LLD-data for bulletin monitoring INFO:ZTC:Сreating an CVSS Score-based host-lists INFO:ZTC:Сreating an aggregated data INFO:ZTC:Pushing LLD-objects to Zabbix: zabbix_sender -z localhost -p 10051 -i /opt/monitoring/zabbix-threat-control/lld.zbx INFO:ZTC:Response from "localhost:10051": "processed: 3; failed: 0; total: 3; seconds spent: 0.000514" sent: 3; skipped: 0; total: 3

INFO:ZTC:sleep for 5 min INFO:ZTC:Pushing data to Zabbix: zabbix_sender -z localhost -p 10051 -i /opt/monitoring/zabbix-threat-control/data.zbx INFO:ZTC:Response from "localhost:10051": "processed: 34; failed: 0; total: 34; seconds spent: 0.000996" sent: 34; skipped: 0; total: 34

Maybe I 'm missing some step, because today I did it the "check now" way and the results were the same as yesterday.

Best regards.

[rbourgaize]

@Ric4br

I stumbled in to your comment when I was trying to fix the same issue myself. My symptoms were that I could see in the output you last commented, was that vulnerable packages were identified, but did not appear in Zabbix: INFO:ZTC:[1 of 2] "XXXXX". Successfully processed vulnerable packages: 7 INFO:ZTC:[2 of 2] "YYYYYY". Successfully processed vulnerable packages: 4

I found that in my /etc/zabbix/zabbix_server.conf on the zabbix server my trapper listen port was not enabled: ListenPort=10051 So when the vulners tried to push to it, Zabbix was not listening for the data.

[rbourgaize]

There are a few bits to the install that was not covered in the guide, and a few possible typos which cause issues. Going to try and rebuild Zabbix and the Vulners integration at some point, document the steps, as it seems to work well(ish), but there is a lot more to do outside of the guide to get it to work fully.

[Ric4br]

Hi all !

Is not the same problem. the data is pushed into Zabbix:

but the clients don't get the correct packages problems. If I run the scan on the clients it seems ok but the wrong data arrive to zabbix , and this data is pushed into zabbix.

Best Regards