ClickCease KernelCare Enterprise Integration With Qualys | tuxcare.com

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Tips for TuxCare’s KernelCare Enterprise integration with Qualys

August 27, 2021 - TuxCare PR Team

Qualys provides visibility into the IT infrastructure, with comprehensive reporting on the state of systems and vulnerabilities that may be present in them.

TuxCare’s KernelCare Enterprise provides Live Patching for the Linux Kernel and important shared libraries like OpenSSL and glibc (functionality provided with LibraryCare Add-on).

It is possible to integrate KernelCare specific information into Qualys reports having the best of both worlds and accurately reflect the patched state of running kernels. This article shows you how to achieve this.

 

There is already an integration between Qualys and KernelCare, which lets “Information gathering” operations return the correct information. When KernelCare is deployed onto a system, Qualys will provide the following output for an “Information gathering” operation:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot1

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot2

And this is as expected. When digging into the details, you can see the effective version of the currently running kernel:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot3

And

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot4

This is the result of “/usr/bin/kcare-uname -r”. This command provides the correct output version for a system running a kernel that has received live patches, as opposed to “uname -r”, which will only show the installed kernel version.

So, for “Information gathering” operations, Qualys is KernelCare-aware and provides the correct output.

However, when scanning for kernel-related package versions, “Outdated packages” will still report the older kernel version, and this will artificially inflate the number of vulnerabilities present:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot5

To correct this, there is an option under “Report Template” in Qualys to specifically ignore older versions:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot6

This filter will correctly ignore older kernel versions in the report. In our test example, the change made this:

Go to this:

Tips for TuxCare’s KernelCare Enterprise integration with Qualys - Screenshot7

This isn’t just a trick to ignore some issues – it’s a way to ensure the Qualys’ report reflects accurate vulnerabilities when systems are protected with TuxCare’s KernelCare Enterprise.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

TuxCare Expands KernelCare Live Patching...

PALO ALTO, Calif. – December 14, 2022 – TuxCare, a...

December 14, 2022

Checking the Status of KernelCare...

TuxCare’s KernelCare Enterprise provides live patches for various enterprise-grade Linux...

September 22, 2022

KernelCare Enterprise Changelog is...

The TuxCare team has improved the accessibility of our KernelCare...

June 24, 2022

Key points to consider during...

Proof of value (POV) is a key step in the...

March 6, 2022

KernelCare for IoT adds support...

So, you have your shiny new Raspberry Pi, a great...

April 14, 2021