NVD CVE Data in Disconnected Setup

SUSE Manager
1

I am trailing SUSE manager 3.1 in a disconnected (air-gapped) setup.

I can use an internet facing SMT server to pull in the required software channels and patches and manually move the date to the air-gapped SUSE Manager server for import.

One thing I cannot figure out how to do is to update the NVD CVE data to run patch audits. I can see the task to refesh the data, but obviously without being internet facing this doesn’t do much. I also download the latest NVD CVE json files directly from NIST, but how/where do the files get imported.

I’m really keen to be able to audit the servers managed by SUSE Manager for the applicability of patches etc.

Does anyone know how to accomplish this ?

Many Thanks,

2

All information required for a “CVE audit” in SUSE Manager is contained in the patch data synced by SMT from update.suse.com.

The link to NVD is just for information purposes. SUSE Manager does not need or download any data from NVD.

3

[QUOTE=SteveBaker_ADS;40089]I am trailing SUSE manager 3.1 in a disconnected (air-gapped) setup.

I can use an internet facing SMT server to pull in the required software channels and patches and manually move the date to the air-gapped SUSE Manager server for import.

One thing I cannot figure out how to do is to update the NVD CVE data to run patch audits. I can see the task to refesh the data, but obviously without being internet facing this doesn’t do much. I also download the latest NVD CVE json files directly from NIST, but how/where do the files get imported.

I’m really keen to be able to audit the servers managed by SUSE Manager for the applicability of patches etc.

Does anyone know how to accomplish this ?

Many Thanks,[/QUOTE]

Firstly, Thanks for the reply.

When I look in SUSE Manager, and query (under Audit >> CVE Audit) for a CVE I know I have a patch for (e.g. 2017-1770) I get nothing from the search. Its almost like I have no data to audit against.

Can you advise which channels I should be syncronising in SMT to ensure I am getting this feed ?
At the moment I am only synchronising;
[LIST]
[]SLES12-SP3-Pool
[]SLES12-SP3-Updates
[]SLE-Manager-Tools12-Pool
[]SLE-Manager-Tools12-Updates
[]SUSE-Manager-Server-3.1-Pool
[]SUSE-Manager-Server-3.1-Source-Pool
[*]SUSE-Manager-Server-3.1-Updates
[/LIST]

Many Thanks,

4

cve-2017-1770 is an unassigned cve and our SUSE Manager reference server also shows “The specified CVE number was not found. This can happen for very old or yet-unknown numbers, please also check it for possible typing errors.”

However, 2017:1770 shows up as a SUSE security id for Xen on SLES11: https://www.suse.com/de-de/support/update/announcement/2017/suse-su-20171770-1/

CVE numbers are assigned by nist.gov, SUSE security ids are assigned by suse.com. Both numbers are independently assigned.

5

Again, thanks for the reply.

I can see where I was going wrong (with my searching) and can now see successful audit output.

Many Thanks for your help with this.