...

View file

name	Robot_based_on_SSES_BP_Test_document.docxpdf
height	250

*The following word file is base file of the above pdf.

View file

name	Robot_based_on_SSES_BP_Test_document.pdfdocx
height	250

Pass (19/19 test cases)

...

There are 26 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

Release

...

7: Akraino CVE and KHV Vulnerability Exception Request

8.9

CVE-ID	CVSS	NVD	Fix/Notes	PACKAGES
CVE-2016-1585	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1585	No fix available	apparmor
CVE-2017-18201	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-18201	No fix available	libcdio17
CVE-2017-7827	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-7827	No fix availableUninstall firefox $ sudo apt remove firefox*	libmozjs-52-0
CVE-2018-5090	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5090	Reported fixed in 58 and later version (installed), but still reported by VulsUninstall firefox $ sudo apt remove firefox*	libmozjs-52-0
CVE-2018-5126	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5126	Uninstall firefox $ sudo apt remove firefox*Reported fixed in 58 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2018-5145	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5145	Uninstall firefox $ sudo apt remove firefox*Reported fixed in 1:52.7.0 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2018-5151	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5151	Reported fixed in 60 and later version (installed), but still reported by VulsUninstall firefox $ sudo apt remove firefox*	libmozjs-52-0
CVE-2019-17041	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-17041	No fix availableReported fixed in 8.19 and later version (installed), but still reported by Vuls	rsyslog
CVE-2019-17042	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-17042	No fix available	rsyslog	Reported fixed in 8.19 and later version (installed), but still reported by Vuls	rsyslog
CVE-CVE-2019-8287	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-8287	Uninstall tigervncserver $ sudo apt remove tigervnc* $ sudo apt-get remove tightvnc* -y	tightvncserver
CVE-2022-0318	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-0318	Uninstall vim $ sudo apt remove vim*	vim
CVE-2022-23852	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-23852	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	firefox, thunderbird
CVE-2022-24791	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-24791	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	firefox, thunderbird
CVE-2022-25235	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25235	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	firefox, thunderbird
CVE-2022-25236	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25236	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	firefox, thunderbird
CVE-2022-25315	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25315	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	firefox, thunderbird
CVE-2022-3649	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-3649	No fix available	linux-image-4.15.0-197-generic
CVE-2022-37609	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-37609	Uninstall firefox, thunderbird $ sudo apt remove firefox* thunderbird*	thunderbird
CVE-2022-39394	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-39394	Uninstall thunderbird $ sudo apt remove thunderbird*	thunderbird
CVE-2016-9180	9.1	https://nvd.nist.gov/vuln/detail/CVE-2016-9180	No fix available	libxml-twig-perl TODO: File exception request
CVE-2019-20433	9.1	https://nvd.nist.gov/vuln/detail/CVE-2019-20433	No fix available	aspell
CVE-2022-24303	9.1	https://nvd.nist.gov/vuln/detail/CVE-2022-24303	No fix available	python3-pil TODO: File exception request
CVE-2022-39319	9.1	https://ubuntu.com/securitysecurity-tracker.debian.org/tracker/CVE-2022-39319Reported fixed in 2.2.0+dfsg1-0ubuntu0.18.04.4 and later version (installed), but still reported by Vuls	No fix available	libfreerdp-client2-2, libfreerdp2-2, libwinpr2-2
CVE-2022-41877	9.1	https://nvd.nist.gov/vuln/detail/CVE-2022-41877	No fix available	libfreerdp-client2-2, libfreerdp2-2, libwinpr2-2TODO: File exception request	CVE-2019-11707

PC/Server for robot control

There are 40 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

Release 7: Akraino CVE and KHV Vulnerability Exception Request

CVE-ID	CVSS	NVD	Fix/Notes	PACKAGES
CVE-2016-1585	9.8	https://

nvd

nist.gov

vuln

detail/

2019

11707

1585	No fix available

libmozjs

apparmor

CVE-

52

2017-

0
TODO: File exception request

18201	9.8	https://ubuntu.com/security/CVE-2017-18201	No fix available	libcdio17
CVE-

2022

2017-

23960

7827

9.8

.9

nvd

nist.gov

vuln

detail/

2022

23960

7827	No fix available

linux

libmozjs-

image

52-

4.15.

0

CVE-

197-generic
TODO: File exception request

PC/Server for robot control

There are 40 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

Release 5: Akraino CVE Vulnerability Exception Request

2018-5090	9.8	https://ubuntu.com/security/CVE-2018-5090	No fix available	libmozjs-52-0
CVE-2018-5126	9.8

CVE-ID

CVSS

NVD

Fix/Notes

PACKAGES

CVE-2005-2541

10.0

nvd

nist.gov/vuln/detail

2005

2541

5126	No fix available

tar

libmozjs-52-0

CVE-

2014

2018-

2830

5145

10

9.

0

8

nvd

nist.gov/vuln/detail

2014

2830

5145	No fix available

cifs

libmozjs-52-

utils

0

CVE-

2016

2018-

1585

5151

9.8

nvd

nist.gov

vuln

detail/

2016

1585

5151	No fix available

libapparmor1

libmozjs-52-0

CVE-

2017

2019-

17479

17041

9.8

nvd

nist.gov/vuln/detail

2017

17479

No fix available

libopenjp2-7

rsyslog

CVE-

2017

2019-

9117

17042

9.8

nvd

nist.gov

vuln

detail/

2017

9117

No fix available

libtiff5

rsyslog

CVE-

2018

2022-

13410

0318

9.8

nvd

nist.gov/vuln/detail

2018

13410

0318	No fix available

zip

xxd

CVE-

2019

2022-

1010022

3649

9.8

nvd

nist.gov/vuln/detail

2019

1010022

3649	No fix available

libc

linux-

bin, libc-dev-bin, libc-devtools, libc-l10n, libc6, libc6-dbg, libc6-dev, locales

image-4.15.0-197-generic
CVE-2022-3890	9.6

CVE-2019-8341

9.8

nvd

nist.gov

vuln

detail/

2019

8341

3890	No fix available

python3

chromium-

jinja2

browser

CVE-

2020

2022-

27619

4135

9.

8

6

nvd

nist.gov/vuln/detail

2020

27619

4135	No fix available

python3.9

chromium-browser

CVE-

2021

2016-

29462

9180

9.

8

1

nvd

nist.gov

vuln

detail/

2021

29462

9180	No fix available

libixml10, libupnp13

libxml-twig-perl

CVE-

2021

2019-

29921

20433

9.

8

1

nvd

nist.gov

vuln

detail/

2021

29921Reported fixed in python3.9 (installed), but still reported by Vuls

20433

No fix available

aspell

python3.9

CVE-

2021

2022-

30473

24303

9.

8

1

nvd

nist.gov/vuln/detail

2021

30473

No fix available

libaom0

CVE-2021-30474

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-30474No fix available

libaom0

CVE-2021-30475

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-30475No fix available

libaom0

CVE-2021-3756

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-3756install libmysofa 1.2.1

libmysofa1

CVE-2021-37829.8https://nvd.nist.gov/vuln/detail/CVE-2021-3782No fix availablelibwayland-client0, libwayland-cursor0, libwayland-egl1, libwayland-server0
TODO: File exception request

CVE-2021-42377

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-42377No fix available

busybox

CVE-2021-45951

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45951No fix available

dnsmasq

CVE-2021-45952

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45952No fix available

dnsmasq

CVE-2021-45953

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45953No fix available

dnsmasq

CVE-2021-45954

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45954No fix available

dnsmasq

CVE-2021-45955

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45955No fix available

dnsmasq

CVE-2021-45956

9.8

https://nvd.nist.gov/vuln/detail/CVE-2021-45956No fix available

dnsmasq

CVE-2021-459579.8https://nvd.nist.gov/vuln/detail/CVE-2021-45957No fix availablednsmasq
TODO: File exception request

CVE-2022-0318

9.8

https://nvd.nist.gov/vuln/detail/CVE-2022-0318unistall vim
$ sudo apt remove vim*

vim-common, vim-runtime, vim-tiny, xxd

CVE-2022-12539.8https://nvd.nist.gov/vuln/detail/CVE-2022-1253No fix availablelibde265-0

CVE-2022-23303

9.8

https://nvd.nist.gov/vuln/detail/CVE-2022-23303No fix availablehostapd, wpasupplicant
TODO: File exception request

CVE-2022-23304

9.8

https://nvd.nist.gov/vuln/detail/CVE-2022-23304No fix available

hostapd, wpasupplicant

CVE-2022-374549.8https://nvd.nist.gov/vuln/detail/CVE-2022-37454No fix availablehostapd, wpasupplicant
TODO: File exception request
CVE-2022-39709.8https://nvd.nist.gov/vuln/detail/CVE-2022-3970No fix availablepython3.9
TODO: File exception requestCVE-2019-193919.1https://nvd.nist.gov/vuln/detail/CVE-2019-19391No fix availablelibtiff5
TODO: File exception request

CVE-2021-4048

9.1

https://nvd.nist.gov/vuln/detail/CVE-2021-4048No fix available

libblas3, liblapack3

CVE-2021-43400

9.1

https://nvd.nist.gov/vuln/detail/CVE-2021-43400No fix available

bluez

CVE-2021-468489.1https://nvd.nist.gov/vuln/detail/CVE-2021-46848No fix available

libtasn1-6

TODO: File exception requestCVE-2022-06709.1https://nvd.nist.gov/vuln/detail/CVE-2022-0670No fix available

librados2, librbd1

TODO: File exception requestCVE-2022-243039.1https://nvd.nist.gov/vuln/detail/CVE-2022-24303No fix available

python3-pil

TODO: File exception requestCVE-2022-262809.1https://nvd.nist.gov/vuln/detail/CVE-2022-26280No fix available

libarchive13

TODO: File exception requestCVE-2022-322139.1https://nvd.nist.gov/vuln/detail/CVE-2022-32213No fix availablenodejs
TODO: File exception requestCVE-2022-322149.1https://nvd.nist.gov/vuln/detail/CVE-2022-32214No fix available

nodejs

TODO: File exception requestCVE-2022-322159.1https://nvd.nist.gov/vuln/detail/CVE-2022-32215No fix available

nodejs

TODO: File exception request

Cloud/Edge Cloud

...

python3-pil

Cloud/Edge Cloud

There are 2 CVEs with a CVSS score >= 9.0.

Release 7: Akraino CVE and KHV Vulnerability Exception Request

CVE-ID	CVSS	NVD	Fix/Notes	PACKAGES
CVE-2016-1585	9.8	https://ubuntu.com/security/CVE-2016-1585	No fix available	apparmor
CVE-2022-3649	9.8	https://ubuntu.com/security/CVE-2022-3649	No fix available	linux-gcp

Lynis

...

Lynis

Nexus URL(before fix):

　https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/R7/sses-lynis/PDH/lynis_PDH_before.log

　https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/R7/sses-lynis/Robot/lynis_Robot_before.log

...

Nexus URL(after fix):
　https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/R7/2/sses-lynis/PDH/lynis_PDH_after.log
　https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/R7/sses-lynis/Robot/lynis_Robot_after.log
...
The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.

PDF,IoT Gateway

The Lynis Program Update test MUST pass with no errors.

...

The following list of tests MUST complete as passing

No.	Test	Result	Fix
1	Test: Checking PASS_MAX_DAYS option in /etc/login.defs	Result: password aging limits are not configured	Set PASS_MAX_DAYS 180 in /etc/login.defs
2	Performing test ID AUTH-9328 (Default umask values)	Test: Checking umask value in /etc/login.defs Result: found umask 022, which could be improved	Set UMASK 027 in /etc/login.defs
3	Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)	Result: AllowUsers is not set Result: AllowGroups is not set Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine. Hardening: assigned partial number of hardening points (0 of 1). Currently having 152 points (out of 223) Security check: file is normal Checking permissions of /home/ubuntu/lynis/include/tests_snmp File permissions are OK	Configure AllowUsers, AllowGroups in /etc/ssh/sshd_config If you run the lynis shell script as an ordinary user, it will output an error. So run the script as a privileged user. $ su root # whoami root # ./lynis audit system ※reference： https://github.com/CISOfy/lynis/blob/master/include/tests_ssh#L54
4	Test: checking for file /etc/network/if-up.d/ntpdate	Result: file /etc/network/if-up.d/ntpdate does not exist Result: Found a time syncing daemon/client. Hardening: assigned maximum number of hardening points for this item (3). Currently having 177 points (out of 168)	OK
5	Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) : Following sub-tests required	N/A	N/A
5a	sysctl key fs.suid_dumpable contains equal expected and current value (0)	sysctl key fs.suid_dumpable has a different value than expected in scan profile. Expected=0, Real=2 Hardening: assigned partial number of hardening points (0 of 1). Currently having 163 points (out of 253)	Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf echo 'fs.suid_dumpable=0' \| sudo tee -a /etc/sysctl.d/90-lynis-hardening.conf sudo /sbin/sysctl --system sudo sysctl -a \|grep suid
5b	sysctl key kernel.dmesg_restrict contains equal expected and current value (1)	Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0	Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf echo 'kernel.dmesg_restrict=1' \| sudo tee -a /etc/sysctl.d/90-lynis-hardening.conf sudo /sbin/sysctl --system sudo sysctl -a \|grep dmesg
5c	sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)	Result: sysctl key net.ipv4.conf.default.accept_source_route has a different value than expected in scan profile. Expected=0, Real=1	Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf echo 'net.ipv4.conf.default.accept_source_route=0' \| sudo tee -a /etc/sysctl.d/90-lynis-hardening.conf sudo /sbin/sysctl --system sudo sysctl -a \|grep ipv4.conf.default.accept_source_route
6	Test: Check if one or more compilers can be found on the system	Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler' Hardening: assigned partial number of hardening points (1 of 3). Currently having 180 points (out of 286 Found known binary: as (compiler) - /usr/bin/as Found known binary: cc (compiler) - /usr/bin/cc Found known binary: g++ (compiler) - /usr/bin/g++ Found known binary: gcc (compiler) - /usr/bin/gcc	Uninstall gcc and remove /usr/bin/as, /usr/bin/cc

Space shortcuts

Page tree

Versions Compared

Old Version 8

New Version Current

Key

PC/Server for robot control

PC/Server for robot control

Cloud/Edge Cloud

Cloud/Edge Cloud

Lynis

Lynis

PDF,IoT Gateway

The following list of tests MUST complete as passing

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 8

New Version Current

Key

PC/Server for robot control

PC/Server for robot control

Cloud/Edge Cloud

Cloud/Edge Cloud

Lynis

Lynis

PDF,IoT Gateway

The following list of tests MUST complete as passing