Subscribe to the feed
Linux 

Author's note: I'm testing the service as part of my job at the Bielefeld IT Service Center (BITS) at Bielefeld University. This article reflects my personal view of Red Hat Insights. Furthermore, I would like to clarify that I am a member of the Red Hat Accelerators community.

After introducing Red Hat Insights and taking a look at the Advisor, it’s time to take a look at Insights' vulnerability management.

insights dashboard

The dashboard shows a box called Vulnerability. Fig. 1 shows that we are obviously affected by 13 vulnerabilities. We are now able to take a closer look at these. This is done as usual via the link in the box or via the menu on the left.

In the vulnerability view, the usual tabular view awaits us (see Fig. 2). Here, CVEs are listed with their ID, the date of publication, an impact assessment, the CVSS base score, and the number of affected systems. In addition, you have the option of assigning a business risk and a status for selected or all CVEs (see yellow marking in Fig. 2).

Red Had Insights vulnerability dashboard

The business risk gives you the opportunity to rate a specific CVE or a group of CVEs on how they might affect your business or have a negative impact on it (see Fig. 3). This status might differ from the Impact in the second column depending on certain security measures you already have in place. The status indicates how the vulnerabilities are processed (see Fig. 4).

Red Had Insights vulnerability edit business risk Red Had Insights vulnerability edit status

As in the Advisor, you get a detailed view with a description of every CVE, evaluation, and overview of the attack vectors (see Fig. 5), as well as links to the Red Hat knowledge base, where detailed information about the CVE and existing errata can be found.

Red Had Insights vulnerability CVE view details

Assessment of the vulnerability management

As of today, we don’t have an active vulnerability management. We try to ensure a certain level of security with a patch management for RHEL with Ansible, which I developed with tools included in RHEL and the Ansible Engine. This ensures that available Red Hat Security Advisories are compulsorily installed on all RHEL systems once a month if they are missing.

Thanks to this patch management, there are only 13 vulnerabilities on the connected test systems, and none of them had a score greater than eight.

Among the systems listed in the dashboard were systems of a test infrastructure that are not connected to the central patch management and are only irregularly patched. Insights showed me here that the risk is far too great, and that these systems will simply be forgotten. For this reason, these hosts were now immediately included in the patch management.

More interesting are CVE-2018-12126CVE-2018-12127CVE-2018-12130, and CVE-2019-11091, which Insights shows for some hosts.

These vulnerabilities have in common that they cannot be closed simply by installing an update. Since these are virtual machines (VM) on a vSphere cluster, a combination of measures is required to mitigate the vulnerabilities.

In this specific case, the affected VMs only have to be switched off and on again once. This propagates new CPU functions to the guest operating system and mitigation is complete.

I have to admit that these vulnerabilities would have remained undiscovered for a long time without insights.

Now I have to assume that there are other vulnerable systems in our environment. Since I’m not allowed to connect these to Insights, I will use a script provided by Red Hat to find these. I really appreciate that Red Hat provides such scripts to help its customers here. There are still a few companies out there that can safely follow this example.

Personally, I think active vulnerability management makes sense. Vulnerabilities can only be found, assessed, and dealt with accordingly through continuous control. At the same time, it can be used to check whether or not measures have already been taken to improve the structural safety level (e.g., a patch management).

Red Had Insights vulnerability dashboard showing zero

Fig. 6 shows that there are currently no open vulnerabilities. This should always be the goal.

I enjoyed the test of the vulnerability management function myself and the vulnerabilities found could be closed within a short time.

[ Attend a Red Hat Insights Ask Me Anything with product manager Jerome Marc, focused on comparing systems with Drift, on July 23, 2020. ]


About the author

Jörg has been a Sysadmin for over ten years now. His fields of operation include Virtualization (VMware), Linux System Administration and Automation (RHEL), Firewalling (Forcepoint), and Loadbalancing (F5). He is a member of the Red Hat Accelerators Community and author of his personal blog at https://www.my-it-brain.de.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Browse by channel

automation icon

Automation

The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon

Security

The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon

Infrastructure

The latest on the world’s leading enterprise Linux platform

application development icon

Applications

Inside our solutions to the toughest application challenges

Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech