I have some questions about hosting the urls for t...
# fleetb
benbass
02/11/2022, 3:36 PMI have some questions about hosting the urls for the vulnerability scanning. Right now we are mirroring the “https://github.com/fleetdm/nvd/releases” and I am not sure to what depth I should put in as my FLEET_VULNERABILITIES_CPE_DATABASE_URL. The one file that we have there is “…/nvd/releases/download/80f3e7909fed710/cpe-80f3e7909fed710.sqlite.gz”
t
Tomas Touceda
02/11/2022, 3:55 PMthat URL should be the full URL to download the cpe database, if it's defined, we use it directly
b
benbass
02/11/2022, 3:57 PMSo it would be that last one, that expands out to the full sqlite.gz? I was hoping to grab the files in the same manner fleet does from github, so I don’t have to go and update that url when that db changes.
t
Tomas Touceda
02/11/2022, 4:09 PMyeah, the problem is that we use github's API if we handle it, and otherwise assume it's something else entirely, so we rely on the user defining the paths
Tomas Touceda
02/11/2022, 4:09 PMyou can also use a proxy, alternatively
b
benbass
02/11/2022, 4:10 PMNo worries, I’m just trying to get things working and totally expect to run into problem. Thank you for answering my question!
👍 1
benbass
02/11/2022, 4:23 PMI was able to get the nvd sql file working, however I am running into issues with how the FLEET_VULNERABILITIES_CVE_FEED_PREFIX_URL is working.
benbass
02/11/2022, 4:25 PMI have it set to https://XXX.XXX.com/artifactory/nist-nvd-remote/, and in the journelctl output I am seeing “synchronisation error:\n\tunexpected http response from \“https://XXX.XXX.com/feeds/json/cve/1.1/nvdcve-1.1-2002.meta\” (\“404 Not Found\“).
benbass
02/11/2022, 4:25 PMWhich means it isn’t using the full prefix url and just the host name from the prefix url.
t
Tomas Touceda
02/11/2022, 4:29 PMah, yes, it's getting the host and scheme
Tomas Touceda
02/11/2022, 4:30 PMwe are not setting the path part
Tomas Touceda
02/11/2022, 4:55 PMTomas Touceda
02/11/2022, 4:55 PMwill see if we can include that in the current release
b
benbass
02/11/2022, 4:56 PMAwesome!
benbass
02/11/2022, 5:00 PMIf so, that will make my current plan much easier to implement.
t
Tomas Touceda
02/11/2022, 5:01 PMsounds like 4.10 will have it, still needs to go through review though
b
benbass
02/11/2022, 5:03 PMVery nice! I totally get the need for review. I am impressed you were able to get a potential fix written so fast.
t
Tomas Touceda
02/11/2022, 5:10 PMwell... it was a lucky shot, they aren't always this straight forward 🙂
👍 1
Tomas Touceda
02/11/2022, 5:11 PMit's merged to main, keep an eye out for 4.10!
🎉 1
👍 1
b
benbass
02/11/2022, 5:24 PMExcellent!
7 Views