红帽全球峰会5.3. Updating Scanner definitions in offline mode
Scanner maintains a database of vulnerabilities. When Red Hat Advanced Cluster Security for Kubernetes (RHACS) runs in normal mode, Central retrieves the latest vulnerability data from the internet, and Scanner retrieves vulnerability data from Central.
However, if you are using RHACS in offline mode, you must manually update the vulnerability data. To manually update the vulnerability data, you must upload a definitions file to Central, and Scanner then retrieves the vulnerability data from Central.
In both online and offline mode, Scanner checks for new data from Central every 5 minutes by default. In online mode, Central also checks for new data from the internet approximately every 5-20 minutes.
The offline data source is updated approximately every 3 hours. After the data has been uploaded to Central, Scanner downloads the data and updates its local vulnerability database.
To update the definitions in offline mode, perform the following steps:
- Download the definitions.
- Upload the definitions to Central.
5.3.1. Downloading Scanner definitions
If you are running Red Hat Advanced Cluster Security for Kubernetes in offline mode, you can download the vulnerability definitions database that Scanner uses and then upload it to Central.
Prerequisites
- To download Scanner definitions, you need a system with internet access.
Procedure
To download the definitions, perform one of the following actions:
-
Recommended: Beginning with RHACS version 4.4, use the
roxctl scanner download-db --scanner-db-file scanner-vuln-updates.zipcommand to download the definitions. - Go to https://install.stackrox.io/scanner/scanner-vuln-updates.zip to download the definitions.
-
Recommended: Beginning with RHACS version 4.4, use the
5.3.2. Uploading definitions to Central
To upload Scanner definitions to Central, you can either use an API token or your administrator password. Red Hat recommends using an authentication token in a production environment because each token is assigned specific access control permissions.
You can upload the vulnerability definitions database that Scanner uses to Central by using an API token.
Prerequisites
- You must have an API token with the administrator role.
-
You must have installed the
roxctlcommand-line interface (CLI).
Procedure
Set the
ROX_API_TOKENand theROX_CENTRAL_ADDRESSenvironment variables:$ export ROX_API_TOKEN=<api_token>$ export ROX_CENTRAL_ADDRESS=<address>:<port_number>Run the following command to upload the definitions file:
$ roxctl scanner upload-db \ -e "$ROX_CENTRAL_ADDRESS" \ --scanner-db-file=<compressed_scanner_definitions.zip>
You can upload the vulnerability definitions database that Scanner uses to Central by using your Red Hat Advanced Cluster Security for Kubernetes administrator password.
Prerequisites
- You must have the administrator password.
-
You must have installed the
roxctlcommand-line interface (CLI).
Procedure
Set the
ROX_CENTRAL_ADDRESSenvironment variable:$ export ROX_CENTRAL_ADDRESS=<address>:<port_number>Run the following command to upload the definitions file:
$ roxctl scanner upload-db \ -p <your_administrator_password> \ -e "$ROX_CENTRAL_ADDRESS" \ --scanner-db-file=<compressed_scanner_definitions.zip>
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}