We have agents deployed on our Linux servers. These agent processes seem to be running in host environment with root access.
The agent scans are reporting several vulnerabilities for our Linux server. For instance CVE-2020-26116 is being reported for servers with only version Python 2. Investigating this vulnerability fails due to ‘No credentials were supplied’.
Is there a way to do investigation on these Linux hosts without supplying a separate credential for SSH
but via the R7 agent that is already installed?
Unfortunately the answer is no, the agent only runs it’s scheduled assessment every 6 hours. There is no way for you to use the agent through IVM to kick off manual or ad-hoc activities.
If you have InsightIDR you could technically use Forensic jobs to gain some information but it’s not to the extent that will answer the question that you are looking for.
Investigating the vulnerability is done through a generic scan template and using the scan engine so there has to be some form of authentication. With Linux devices of course this requires SSH (Soon we may have Scan Assistant for Linux though).