How to config OCS server v2.11.1 with CVE-Search?

Question

Hello guys,

I have an OCS server running on Oracle Linux 8.6 and a CVE-Search running on Ubuntu 20.04.
Both configured according to the OCS manual at https://wiki.ocsinventory-ng.org/ and the CVE-Search manual at https://cve-search.github.io/cve-search/

But I don't know why OCS doesn't show the vulnerabilities when I run the cron_cve.php script. It doesn't show any errors either, I've already checked the logs and I didn't find the problem. I manage a fleet of more than 2000 machines and the integration with CVE as the manual presents would be very good if I could really make it work. Does this feature only work on the paid version of OCS or should it work on the free version as well?
Could someone help me solve this integration problem?

I thank you for your help.

Answer 1

Hi @Will,

cve-search works with all versions of the OCS server from v. 2.7 and you won't get better by paying...

Did you run the 2 CVE cron scripts correctly ? Have you enabled verbose mode in the OCS's GUI ?

In the configuration of OCS (VULN_CVESEARCH_HOST), is the access to the cve-search server in the form 192.168.1.1:5000 ?

Note : You need to be able to access the GUI cve-search server the same way (192.168.1.1:5000)

Answer 2

Hi Steph,

Thank you very much for your attention and your answer.

I ran the 2 CVE cron scripts correctly. First the cron_all_software.php and cron_cve.php according to manual at wiki ocs and enabled verbose mode in OCS's GUI. I revised all the settings and realized that the problem was with the cve-search configuration. I could not access the server IP on port 5000.
I adjusted the configuration in cve-search: <<install_dir>>/etc/configuration.ini

[Webserver]
Host: 127.0.0.1
Port: 5000
Debug: True
PageLength: 50
LoginRequired: False
OIDC: False
CLIENT_ID: xx
CLIENT_SECRET: xx
IDP_DISCOVERY_URL: xx
SSL_VERIFY: False
SSL: True
Certificate: ssl/cve-search.crt
Key: ssl/cve-search.key
WebInterface: Full
MountPath: /MOUNTY/MC/MOUNT

and in OCS (VULN_CVESEARCH_HOST) as you informed and then the communication between OCS and CVESearch server which is configured locally worked.

Now I found another problem. I have nine OCS servers as slaves and one as master. All slaves communicate with CVESearch server and process the vulnerabilities but the master is not working. I revised all the settings on the master, they are the same as the slaves settings but it doesn't work. What could it be this time? Can you help me again?

Once again thank you very much, as your answer helped a lot to solve the first problem.

Thanks!

Answer 3

The cron_cve_computer.php file is also to be executed (it is especially of him that I was thinking)

Is the master CVE-Search server in the same network as the 9 others ?

Note: The CVE-Search server on a remote link can take several hours (even several days) to report vulnerabilities from ~2000 machines... how much softwares ?

> The manual execution (in SSH) of the cron_cve.php file by activating the verbose mode allows to observe the steps until the end and the duration...

Answer 4

Very nice, very cool, excellent...

I believe that only the execution of this file was missing. All servers are on the same network. Now it's all right. Very very good. Great!

It is reporting CVE from ADOBE AIR and OPENVPN but from MOZILLA FIREFOX it does not report anything. How to make some rules or create a regex to find all Firefox CVEs?

I tried to do as in (https://wiki.ocsinventory-ng.org/04.Management-console-and-its-advanced-features/CVE-Search-match-regex/) but without success.

Thank you very much Steph!

Answer 5

Good if it works better now for you !

I too have created several RegEx rules in OCS Inventory (especially for Microsoft Office) but without success.

I have serious doubts about the effectiveness of this feature (perhaps it has been fixed in the latest versions of the server ?)

Answer 6

Thank you very much Steph, your answers helped me a lot.

Thank you for your help in this question.

Very nice!