3 Replies Latest reply on Mar 30, 2010 11:52 AM by jhaynes

    Problems when scanning Solaris 10 Global Zones and child zones

      When performing scans of our Unix estate - Solaris 10 (Global Zones and "Child" zones) we get inconsistent results for the child zones.  Scanning the Global Zones works fine.  Now my understanding of how the child zones work is scant but I am lead to believe that it can be configured to use the Global Zones IP stack or not.  Where the IP stack is shared, we get consistent results.  Is the fix for this?

        • 1. Re: Problems when scanning Solaris 10 Global Zones and child zones
          jhaynes

          Hi Nivlek,

          I have to admit first off that I'm unfamiliar with the concept of Unix Estates, Global Zones and Child Zones.  In fact I'm not sure you are in  the right forum. Which product are you using for your scanning, McAfee Vulnerability Manager, formally Foundstone?

           

          If you are using McAfee Vulnerability Manager I can confirm that we can scan anything with an IP Address. We don't use the concept of zones though in our scanning. Let me know what product you are using and I'll see what I can do to help you.

           

          Jeff Haynes

          • 2. Re: Problems when scanning Solaris 10 Global Zones and child zones

            Hi Jeff

             

            I am using the McAfee Foundstone 6.5 scanners.  I have quite a large deployment - 2 x fs1000 and 4 x fs850.

             

            Solaris 10 allows you to build "vm" hosts (containers) on a platform - Global Zone.  When we scan the Global Zone and its VM hosts we encounter the problem.  For example we input 2 vm ips and the report returns 2 hosts with the same IP addresses.  When we scan only the Global Zones - we encounter no issues.  When we scan 1 Global Zone and 8 VM hosts we may get 4 hosts / results returned - Let me know if I need to attach any reports etc,

             

             

            See:  http://en.wikipedia.org/wiki/Solaris_Containers

             

            Regards

             

            Nivlek

            • 3. Re: Problems when scanning Solaris 10 Global Zones and child zones
              jhaynes

              When you scan a Global Zone do all of the VM targets have a unique IP Addresses that can be directly reached by the scanner?

               

              Does each VM have a unique MAC address?

               

              My guess is that either their is an issue with the Asset Identification rules or the VM's being scanned are not returning unique information (MAC, IP Address).

               

              My suggestion is to open a service request for this issue.

               

              For contact  details:

              -  Go to: http://www.mcafee.com/us/about/contact/index.html
              -  Non-US customers - select your country from the list of  Worldwide Offices.


              Alternatively:
              Log in to the  ServicePortal at: https://mysupport.mcafee.com:

              -   If you are a registered user, type your User Id and Password and click  OK.
              -  If you are not a registered user, click New User and complete  the required fields. Your password and login instructions will be  emailed to you.

               

              Jeff Haynes