Security Controls

Creating and Editing a Linux Patch Scan Configuration

A Linux patch scan configuration defines how a patch scan will be performed. Security Controls provides two predefined configurations.

All Patches: Specifies that the agent will scan for all patch types. A patch group will not be used.

Security Patches: Specifies that the agent will scan for only security patches. The agent will not scan for bug fixes or enhancements, and a patch group will not be used.

You cannot edit the predefined configurations. If the predefined configurations are not adequate for your needs, you can create a custom configuration.

To work with a custom Linux patch scan configuration, do one of the following:

To create a new patch scan configuration, click New > Linux Patch > Linux Patch Scan Configuration.

To edit an existing patch scan configuration, in the Linux Patch Configurations and Groups list, double-click the configuration name.

Name

The name that you wish to assign to this configuration.

Path

This box is used to specify the folder path that this configuration will reside in within the Linux Patch Scan Configurations list in navigation pane. If you do not specify a path, the configuration will reside at the root level of the My Linux Patch Scan Configurations list. For more details, see Organizing Linux Patch Groups and Configurations.

Description

A description of the configuration.

Filtering tab

There are two different options available on this tab: Scan by patch type and Scan by patch group. You can select one or both options.

Scan by patch type: Specify the types of patches and the vendor severity level of those patches that should be included in the scan. The patch type options are:

Security : Security bulletin related patches. You can choose to scan for one or more specific severity levels.

Critical: Vulnerabilities that can be exploited by an unauthenticated remote attacker or vulnerabilities that break guest/host operating system isolation. The exploitation results in the compromise of confidentiality, integrity, availability user data, or processing resources without user interaction. Exploitation could be leveraged to propagate an Internet worm or execute arbitrary code between virtual machines and the host.

Important: Vulnerabilities whose exploitation results in the compromise of confidentiality, integrity, or availability of user data and processing resources. Such flaws could allow local users to gain privileges, allow authenticated remote users to execute arbitrary code, or allow local or remote users to easily cause a denial of service.

Moderate: Flaws where the ability to exploit is mitigated to a significant degree by configuration or difficulty of exploitation, but in certain deployment scenarios could still lead to some compromise of the confidentiality, integrity, or availability of user data and processing resources. These are the types of vulnerabilities that could have had a critical impact or important impact but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations.

Low: All other issues that have a security impact. Vulnerabilities where exploitation is believed to be extremely difficult, or where successful exploitation would have minimal impact.

Unassigned: Security patches that have not been assigned a severity level.

Bug fix: Patches that fix known bugs.

Enhancement: Patches that provide product enhancements.

Scan by patch group: Specify one or more Linux patch groups that contain the patches you want to use as a baseline.

Used By tab

This tab shows you the agent policies that are currently using this configuration. This is important to know if you are considering modifying the configuration, as it tells you which agents are affected.

 


Was this article useful?