From ebc92215a7e52bde5f24c79e25bcc43fe608d70a Mon Sep 17 00:00:00 2001 From: Peter Burkholder Date: Fri, 3 Nov 2023 10:17:37 -0400 Subject: [PATCH] Fixes findings for conmon --- parse-nessus-xml.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/parse-nessus-xml.py b/parse-nessus-xml.py index 4d3d107..e89d205 100755 --- a/parse-nessus-xml.py +++ b/parse-nessus-xml.py @@ -99,6 +99,7 @@ def remediation_plan(vuln): doomsday doppler elasticsearch_exporter + eventgenerator file.server firehose_exporter forwarder-agent @@ -118,6 +119,7 @@ def remediation_plan(vuln): loggregator_trafficcontroller metrics-agent metrics-discovery-registrar + metricsforwarder netmon nginx nginx_prometheus @@ -125,7 +127,7 @@ def remediation_plan(vuln): node_exporter ntp oauth2.proxy - opt + operator policy-server policy-server-internal prom.scraper @@ -139,6 +141,7 @@ def remediation_plan(vuln): rlp rlp-gateway route.emitter + scalingengine secureproxy service-discovery-controller silk-controller @@ -205,11 +208,14 @@ def remediation_plan(vuln): if re.search(rf'/var/vcap/bosh/bin/(bosh-agent|monit)', line): daemon_count += 1 continue - if re.search(rf'^/var/vcap/data/packages/({DAEMONS})2?/[0-9a-f]+/(s?bin/)?({DAEMONS})(-server|-asg-syncer)?$', line): + if re.search(rf'^/var/vcap/data/packages/({DAEMONS})(2|-attic)?/[0-9a-f]+/(s?bin/)?({DAEMONS})(-server|-asg-syncer)?$', line): + daemon_count += 1 + continue + if re.search(rf'^/var/vcap/data/packages/golangapiserver/[0-9a-f]+/api$', line): daemon_count += 1 continue # allow java and node for idp, ELK - if re.search(rf'^/var/vcap/data/packages/(elasticsearch|idp|kibana|kibana-platform|openjdk_1.8.0|openjdk-11|uaa)/[/[0-9a-z]+/bin/(java|node)$', line): + if re.search(rf'^/var/vcap/data/packages/(elasticsearch|idp|kibana|kibana-platform|openjdk_1.8.0|openjdk[-_]11(.0)?|openjdk-17|uaa)/[/[0-9a-z]+/bin/(java|node)$', line): daemon_count += 1 continue # nats daemons are OK on nats and bosh