• Topic ID: id_2030489
  • Version: 2.0
  • Date: Dec 22, 2021 11:15:01 PM

PROCEDURE TO RUN VULNERABILITY SCAN

Security Vulnerability scanning is done on the CT System using Nessus Security Center before release of the product. All Identified vulnerabilities are mitigated as appropriate based on risk they pose to the product. Critical and High-risk vulnerabilities, if any, are mitigated before the software is released. CT system in the target configuration would not allow any connections other than those from pre-configured IP address and ports/protocols. This will prevent vulnerability scanning on the CT system. To generate a good vulnerability scan report, following steps are to be followed:

Procedure

  1. Login as Admin user from EA3 Login UI.
  2. Open a Xterm.
  3. Become OS root user by executing "su – ".
  4. Execute the following command

    #/usr/g/.security/mc3/legacy_security/scripts/configVulnerabilityScan.sh --enable

    note: If this command runs failure, need to create /usr/g/scripts/.security/vulnerabilityScanConfig.log.
  5. Above command creates a temporary user called “vsuser” and password for that user account will be displayed at the command prompt.
  6. Use the vsuser and the password for configure the vulnerability scanner for vulnerability scanning.
  7. Once Vulnerability Scan is complete, run the following command to remove the user and put system back to the original/factory settings
    note: Please note that above user's credentials will be valid for 2 days from the time of creation.

    #/usr/g/.security/mc3/legacy_security/scripts/configVulnerabilityScan.sh --disable

    GE HC service engineer should contact GE if any critical issues are found.

    For privacy and security concerns regarding GE products, please see http://www.ge.com/security