The Qualys vulnerability signatures team has released a new series of signatures (detections) for EulerOS, allowing security teams to identify EulerOS hosts and detect their vulnerabilities.
EulerOS is a Linux distribution developed by Huawei Technologies and widely adopted by customers in Asia, specifically China. It is based on CentOS source code for enterprise applications and integrates with advanced Linux technologies meeting the requirements of Linux OS for these applications.
The newly released set of 58 signatures (QIDs) covers the most recent 2020 EulerOS advisories. Qualys plans to release another 87 QIDs covering the rest of the 2020 advisories later this quarter, followed by QIDs for previous years’ advisories in the coming months.
Security teams should use Qualys Vulnerability Management, Detection and Response (VMDR) to discover, assess, prioritize, and patch critical vulnerabilities in real time, including for EulerOS, as part of your security and compliance programs.
Identify EulerOS Assets & Vulnerabilities
Qualys VMDR enables easy identification of EulerOS systems:
Once the hosts are identified, they can be grouped together with a ‘dynamic tag’, let’s say – “EulerOS”. This helps in automatically grouping existing EulerOS hosts as well as any new host that spins up in your environment. Tagging makes these grouped assets available for querying, reporting and management throughout the Qualys Cloud Platform.
In order to identify EulerOS hosts and detect their vulnerabilities, Qualys recommends running an authenticated scan using a Qualys scanner.
EulerOS QIDs are included in signature version VULNSIGS-2.4.964-1 and above.
Customers can search for all EulerOS vulnerabilities using the following QQL query :
Using VMDR, the EulerOS vulnerabilities can also be prioritized in your environment:
Configure Unix Authentication Record
Authenticated scanning should be configured via a standard Unix auth record, which is similar to auth records for other Linux OSes, like Redhat, Ubuntu, and others.
As seen below, simply go to :
Scans -> Authentication -> New > Unix Record.
Enter the Unix login credentials (user name, password) that the Qualys service should use to log in to Unix hosts at scan time. Target Type is “Auto” for Linux OS distributions. Online help is always available to assist you.
Scan EulerOS Hosts
Scanning for EulerOS vulnerabilities does not require root privileges; however, the account must be able to perform following commands:
1) execute “uname” to detect the platform for packages,
2) read “/etc/os-release” and “/etc/system-release-cpe”, and execute “rpm” commands
Scan reports identify EulerOS as:
Qualys VMDR automatically detects new EulerOS vulnerabilities as their associated detections (QIDs) are added to the KnowledgeBase. As with all detections, EulerOS QIDs contain recommended steps to address the vulnerability.