icingaweb2-module-x509 icon indicating copy to clipboard operation
icingaweb2-module-x509 copied to clipboard

Published 20 hours ago verified publisher icon Icinga

Exclude specific targets from scans

Open GalipoliX opened this issue 6 years ago • 2 comments

It would be really nice to have an option to Blacklist certificates/Systems. I have for example some NAS systems where i don't care about the used Certificates, but they show up in the Scan results.

Thanks!

GalipoliX avatar Nov 28 '18 12:11 GalipoliX

Hi,

Thanks for the report. First, this makes sense to me. But I'm not quite sure how to implement this best.

I think it would be good to implement excludes in our job definitions. If you know which targets you want to exclude from a range, you should be able to do that.

Then we would need a mechanism to exclude/remove already scanned targets and the related certificates. At the moment you have to build SQL statements for that. But we could add some CLI commands for that.

What do you think?

Best, Eric

lippserd avatar Nov 29 '18 12:11 lippserd

It should blacklist on "IP" or "name": we have some IPs resolving to different names, but only one of them has a certificate. Currently the other ones show up with a red sign for wrong certificate name. So blocking the wrong "names" would be great!

Tuxdiver avatar Nov 30 '18 12:11 Tuxdiver