For months we haven't seen a working version of the ASL web application inventory scanner. Is there something we should configure to make it work?
We have configured 'APPINV_CRON' as 'weekly' in /etc/asl/config.
The file /var/asl/data/webapp.db does seem to get touched weekly, but is contains nothing more than a single new line.
Web application inventory scanner not working?
Web application inventory scanner not working?
Lemonbit Internet Dedicated Server Management
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Web application inventory scanner not working?
Its only designed to find old known vulnerable applications. If its not turning anything up, then theres no known old web applications on the system.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Web application inventory scanner not working?
We have recently manually made an inventory of web applications for a large web hosting company which does lots of shared hosting, and found several out-dated vulnerable web applications (such as Joomla 1.5, ZenCart, Wordpress 2.x etc.). On these servers the ASL web application inventory scanner gives no results at all.mikeshinn wrote:Its only designed to find old known vulnerable applications. If its not turning anything up, then theres no known old web applications on the system.
Surely something must be wrong, right? Is there anything we can do to further debug the working of the ASL web application inventory scanner?
Lemonbit Internet Dedicated Server Management
Re: Web application inventory scanner not working?
*bump*
We haven't encountered a single ASL machine where the web application inventory scanner actually reported something. Is there anything we can do to further debug this component? Or can you take a look?
We haven't encountered a single ASL machine where the web application inventory scanner actually reported something. Is there anything we can do to further debug this component? Or can you take a look?
Lemonbit Internet Dedicated Server Management
Re: Web application inventory scanner not working?
This post from June 2014 never got a reply. I also noted that the APPINV rules are over a year old.prupert wrote:*bump*
We haven't encountered a single ASL machine where the web application inventory scanner actually reported something. Is there anything we can do to further debug this component? Or can you take a look?
Is the ASL web inventory scanner dead?
Lemonbit Internet Dedicated Server Management