Understanding How Remediation from SanerCVEM Works on Linux

Overview

This document is intended to give you a clear understanding of how patching works when a remediation job is triggered through SanerCVEM on Linux systems.

It also explains the role of apt-get update, how updates are downloaded, and how SanerCVEM uses native Linux mechanisms to carry out patching efficiently and securely.

SanerCVEM Remediation Flow – Step-by-Step

1. Remediation Job is Triggered

Once a remediation job is initiated from the SanerNow console, the agent on the Linux system begins executing a defined sequence of tasks to detect and fix vulnerabilities.

2. Asset and Patch Data is Collected

The agent first collects data about installed and missing patches. This is the same mechanism used during regular asset scanning and vulnerability assessment.

3. System Package List is Refreshed

The agent runs the following command to refresh the package index:

apt-get update 2>&1

What does this do?

• apt-get update: Updates the local package list to reflect the latest available versions.

4. Required Patches are Identified 

Based on the refreshed package list, the agent identifies which patches are missing and should be applied according to the remediation policy.

5. Installation of Updates Begins

The agent then proceeds to install the required patches using the package manager.

6. Packages are Fetched Using HTTP GET Protocol

The required update files are fetched using the GET protocol from the repository URLs configured on the system.(sources.list)

7. Remediation is Completed

Once all necessary packages are downloaded and installed, the remediation process is completed successfully, leaving the system up-to-date and secure.

Conclusion

By following the steps outlined in this guide, you gain full visibility into how SanerCVEM leverages native Linux tools to refresh package indices, identify missing patches, and apply updates securely.