Posted On: Jan 11, 2018
Amazon Inspector has released an enhancement to the Inspector Agent that will allow it to perform assessments for Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) Benchmarks, and AWS Security Best Practices on supported operating systems, regardless of the kernel version installed. Prior to this release, the Inspector Agent was dependent on an internal kernel module that supported specific Linux OS kernel versions. The Inspector Agent could not be installed or used to run any security assessments for supported Linux operating systems that were using non-default, older, or custom kernels. With this update, you can use any kernel and run those assessments.
You will still need a compatible kernel to run the Runtime Behavior Analysis rules package due to the nature of that assessment. Runtime Behavior Analysis actively monitors the OS and installed applications behavior over a defined period, which requires access to the operating system kernel in order to gather the required telemetry data. To see a list of compatible kernel versions, go here. If your assessment template includes Runtime Behavior Analysis, and any of your instances have an unsupported kernel version, Inspector will complete the assessment and issue an informational finding for those instances letting you know that the Runtime Behavioral Analysis rules package is not supported for that kernel version.
To learn more about Amazon Inspector or to start your free trial, please visit Amazon Inspector.