Ansible AWX Vulnerability Scanning and Fixing.
168 views
Skip to first unread message
GAURAV Pande
Dec 2, 2020, 8:43:45 AM12/2/20
to AWX Project
Hi Team ,
We have implemented AWX 14.0.0 on our Localhost via docker containerisation (docker-compose) concept . Could you please guide me on the process of how we can solve vulnerabilities that exist on container images say for example for Version 14.0.0 images awx , redis and postgres ?
GAURAV Pande
Dec 3, 2020, 1:32:22 AM12/3/20
to AWX Project
Hi Team ,
Could you please point to me right direction on this ?
Michael Mullay
Dec 3, 2020, 1:40:25 AM12/3/20
to GAURAV Pande, AWX Project
This isn't really an Ansible or AWX question, but more of a docker/security/OS type question. There are many tools out there specifically made for docker security, and of course you could always scan them with other common security tools like Qualys, clamav, etc., or whatever other tools you are willing and able to install in those containers (or in the images themselves if you build them yourself). That they happen to be running Ansible/awx/redis/postgres, etc., make them no different than any other container IMHO.
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/426e0dca-b1dd-406d-977e-167a40c0c71cn%40googlegroups.com.
GAURAV Pande
Dec 3, 2020, 7:20:59 AM12/3/20
to AWX Project
Hi Team ,
Let me reframe my question , Let say we have docker images security scanning tool available in our Environment now the question is if any vulnerabilities are detected lets say on ansibl/awx image then is there any support process for tracking and helping in remediating these from AWX side ? Any process invloved for reporting those as well ?
wme...@why-me.com
Dec 3, 2020, 9:14:56 AM12/3/20
to GAURAV Pande, AWX Project
So AWX is an open
source solution, thus there is no "support" beyond submitting
a bug report on the project itself, but don't expect a vulnerability to
be considered a high priority issue.
.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/0eeee28f-da8c-478a-ad88-0da10c8bb301n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/0eeee28f-da8c-478a-ad88-0da10c8bb301n%40googlegroups.com.
Ankit Vashistha
Dec 7, 2020, 8:44:02 AM12/7/20
to GAURAV Pande, AWX Project
We have a container scanning solution which points out new vulnerabilities every 15 days or so. Since AWX is open source, what we do is fix the vulnerabilities on our own. There are either related to modules used by AWX which can be submitted as vulnerabilities and the engineers address them in the next release but there are many which are related to the CentOS image and are out of scope. I believe the best way is to fix vulnerabilities is to build your own images (with the fixes). That's what we have been doing for a long time now. Our container/image scanning tool points out the vulnerability and their fixes for RedHat which are pushed after a long time in CentOS images. In that case, we re-create the packages with their fixes on our own. It might be painful process sometimes but hey, the great product is available for free.
Regards,
Ankit
On Thu, Dec 3, 2020 at 5:51 PM GAURAV Pande <gaupa...@gmail.com> wrote:
Hi Team ,Let me reframe my question , Let say we have docker images security scanning tool available in our Environment now the question is if any vulnerabilities are detected lets say on ansibl/awx image then is there any support process for tracking and helping in remediating these from AWX side ? Any process invloved for reporting those as well ?--On Thursday, December 3, 2020 at 12:10:25 PM UTC+5:30 mcmpdx wrote:This isn't really an Ansible or AWX question, but more of a docker/security/OS type question. There are many tools out there specifically made for docker security, and of course you could always scan them with other common security tools like Qualys, clamav, etc., or whatever other tools you are willing and able to install in those containers (or in the images themselves if you build them yourself). That they happen to be running Ansible/awx/redis/postgres, etc., make them no different than any other container IMHO.On Wed, Dec 2, 2020 at 10:32 PM GAURAV Pande <gaupa...@gmail.com> wrote:Hi Team ,Could you please point to me right direction on this ?On Wednesday, December 2, 2020 at 7:13:45 PM UTC+5:30 GAURAV Pande wrote:Hi Team ,We have implemented AWX 14.0.0 on our Localhost via docker containerisation (docker-compose) concept . Could you please guide me on the process of how we can solve vulnerabilities that exist on container images say for example for Version 14.0.0 images awx , redis and postgres ?--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/426e0dca-b1dd-406d-977e-167a40c0c71cn%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/0eeee28f-da8c-478a-ad88-0da10c8bb301n%40googlegroups.com.
GAURAV Pande
Dec 8, 2020, 2:04:24 PM12/8/20
to Ankit Vashistha, AWX Project
Hi Ankit,Team
Thanks for below info .Could you please let me know how you fix the vulnerability that are for Centos8 or lets say postgres10 image?
Also could you guide me how we can built our own image in AWX with the fixes?
Hoping to hear from you on this .
Thanks
Gaurav Pande
Reply all
Reply to author
Forward
0 new messages