PackInfo not found error when vuls scan.

[hogehuga]

Environment

RHEL6.5 provided by cloud provider.

Vuls

Unknown

To check the commit hash of HEAD

OS

• Target Server: Self scan ; The repository provided by cloud provider.
• Vuls Server: RHEL6.5

Addition Details

I got the following information

• When I scanned, we got an error like the following.
  • Failed to scan. err: xxx@xxx.xxx.xxx: PackInfo not found. packInfo:
• Temporarily avoided with the following setting.
  • remove available option from scan/redhat.go Line597, and compile.

I do not have the following information. Give me some information.

• Where is the "cloud provider"?
  • It could be caused by a repository of cloud providers.
• Seems to have occurred in several people.

[hogehuga]

Workaround seems to be successful.

[vuls:~]$ vi go/src/github.com/future-architect/vuls/scan/redhat.go
# 597行名からabailableを削除
- cmd = "yum --color=never updateinfo list available --security"
+ cmd = "yum --color=never updateinfo list --security"
[vuls:~]$ cd go/src/github.com/future-architect/vuls
[vuls:vuls]$ rm -rf vendor
[vuls:vuls]$ make install
[vuls:vuls]$ cd 
[vuls:~]$ vuls scan ....

RHEL installed with ISO does not cause problems.
It seems to be a 'Cloud provider custom repository' problem.

I think "yum updateinof list available --security" and "rpm -qa" have a mismatch.
I ask the thi probrem reporter to report both results.

[YokoKawasaki]

After modified the program and re-executing the vuls scan command, it succeeded.
I appreciate your prompt response.

Cloud service provider： IDC Frontier Inc.
Template Name： Red Hat Enterprise Linux 6.5 64-bit

rpm-qa_PaaS_RHEL65.txt
yum-updateinfoListAvailable--security_PaaS_RHEL65.txt
yum-updateinfoList--security_PaaS_RHEL65.txt

[YokoKawasaki]

I created a new VirtualMachine using the same OS template on IDCF cloud.
There is no difference in the result of the ”yum updateinfo list available --security” and "updateinfo list --security" before and after executing the following command.
(executing the command)
yum clean metadata
yum clear dbcache
yum clean all
rpm --rebuilddb

I modifiel redhat.go and excecuted vuls scan, The same error occured again.

$ vi go/src/github.com/future-architect/vuls/scan/redhat.go
# 597行目を元に戻す
- cmd = "yum --color=never updateinfo list --security"
+ cmd = "yum --color=never updateinfo list available --security"

[Dec 16 14:54:56] ERROR [xxx-xxx-xxx-xxx] Failed to scan vulnerable packages
[Dec 16 14:54:56] ERROR [localhost] Failed to scan. err: root@xxxxx: PackInfo not found. packInfo: "389-ds-base"

rpm-qa-NewVM.txt
yum-updateinfoListAvailable--security_NewVM_after.txt
yum-updateinfoListAvailable--security_NewVM_before.txt
yum-updateinfoList--security_NewVM_after.txt
yum-updateinfoList--security_NewVM_before.txt

[YokoKawasaki]

IDCF Support contacted Redhat for support.
I received reply from IDCF support and I will reprint it.

"Yum updateinfo list available --security" and "yum updateinfo list --security"
The difference in output results with "available".
It is assumed behavior.

---- Below answer from RedHat ----
The subcommand "list" of yum updateinfo, if you do not specify otherwise,
only update information available for installed packages will be output.
In addition "available", in addition to those packages,
We will refer to the errata information of installable packages,
Package errata information includes not installed packages.
For details, please refer to the online manual of yum-security.
reference:
  # Man yum-security

I am currently inquiring about the reason why there will be no difference when building from ISO.
Since it is assumed that it takes time to answer about here, wait for a while now.

[kotakanbe]

https://access.redhat.com/solutions/10021

[kotakanbe]

Fixed. Please try it out :)