VULSとは
VULSは脆弱性検知ツールです。システムに内在している脆弱性を検索しレポートを表示することが出来るツールです。
今回はVULSのインストールとローカルSCAN、その後にリモートSCANの設定をしましたのでそのメモを公開します。
検証構成
Vuls-local/remote 共にCentOS7を実施。Vuls-localにvulsをインストールして、その後vuls-remoteもSCAN対象に加えます。
アカウントはvulsを作成してインストール進めていきます。
vuls-localインストール手順
vuls アカウント追加
|
1 2 |
useradd vuls passwd vuls |
必要なソフトウェアをインストール.
|
1 2 3 4 5 6 7 8 |
$ ssh vuls@vuls-local [vuls@vuls-local ~]$ su - [root@vuls-local ~]# yum -y install sqlite git gcc make wget [root@vuls-local ~]# wget https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz [root@vuls-local ~]# tar -C /usr/local -xzf go1.8.3.linux-amd64.tar.gz [root@vuls-local ~]# exit ログアウト [vuls@vuls-local ~]$ mkdir $HOME/go |
環境変数の設定 /etc/profile.d/goenv.sh を作成
|
1 2 3 |
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin |
上記環境変数を読み込む。
|
1 |
[vuls@vuls-local ~]$ source /etc/profile.d/goenv.sh |
go-cve-dictionary 構築
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[vuls@vuls-local ~]$ su - パスワード: 最終ログイン: 2017/12/12 (火) 05:19:08 JST日時 pts/0 [root@vuls-local ~]# mkdir /var/log/vuls [root@vuls-local ~]# chown vuls /var/log/vuls/ [root@vuls-local ~]# chmod 700 /var/log/vuls/ [root@vuls-local ~]# exit ログアウト [vuls@vuls-local ~]$ mkdir -p $GOPATH/src/github.com/kotakanbe [vuls@vuls-local ~]$ cd $GOPATH/src/github.com/kotakanbe [vuls@vuls-local kotakanbe]$ git clone https://github.com/kotakanbe/go-cve-dictionary.git [vuls@vuls-local kotakanbe]$ cd go-cve-dictionary [vuls@vuls-local go-cve-dictionary]$ make install |
NVD/JVNの脆弱性データベースを取得
|
1 2 3 |
[vuls@vuls-local go-cve-dictionary]$ cd $HOME [vuls@vuls-local ~]$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done [vuls@vuls-local ~]$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done |
goval-dictionary 構築 CentOS7用
|
1 2 3 4 5 6 |
[vuls@vuls-local ~]$ mkdir -p $GOPATH/src/github.com/kotakanbe [vuls@vuls-local ~]$ cd $GOPATH/src/github.com/kotakanbe [vuls@vuls-local kotakanbe]$ git clone https://github.com/kotakanbe/goval-dictionary.git [vuls@vuls-local kotakanbe]$ cd goval-dictionary [vuls@vuls-local goval-dictionary]$ make install [vuls@vuls-local goval-dictionary]$ goval-dictionary fetch-redhat 7 |
Vuls 構築
|
1 2 3 4 5 |
[vuls@vuls-local ~]$ mkdir -p $GOPATH/src/github.com/future-architect [vuls@vuls-local ~]$ cd $GOPATH/src/github.com/future-architect [vuls@vuls-local future-architect]$ git clone https://github.com/future-architect/vuls.git [vuls@vuls-local future-architect]$ cd vuls [vuls@vuls-local vuls]$ make install |
localhost scan用 configファイル作成
|
1 2 3 4 5 6 7 8 |
[vuls@vuls-local vuls]$ cd $HOME [vuls@vuls-local ~]$ cat config.toml [servers] [servers.localhost] host = "localhost" port = "local" [vuls@vuls-local ~]$ |
vuls configtest yum-utilsが入っていないのでエラーが発生したのでインストールして再度チェックしてパスしています。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[vuls@vuls-local ~]$ vuls configtest --deep [Dec 12 05:54:30] INFO [localhost] Validating config... [Dec 12 05:54:30] INFO [localhost] Detecting Server/Container OS... [Dec 12 05:54:30] INFO [localhost] Detecting OS of servers... [Dec 12 05:54:30] INFO [localhost] (1/1) Detected: localhost: centos 7.4.1708 [Dec 12 05:54:30] INFO [localhost] Detecting OS of containers... [Dec 12 05:54:30] INFO [localhost] Checking dependencies... [Dec 12 05:54:30] ERROR [localhost] yum-utils is not installed [Dec 12 05:54:30] ERROR [localhost] Error: localhost, err: [yum-utils is not installed] [Dec 12 05:54:30] INFO [localhost] Checking sudo settings... [Dec 12 05:54:30] INFO [localhost] Scannable servers are below... [vuls@vuls-local ~]$ [vuls@vuls-local ~]$ su - [root@vuls-local ~]# yum install yum-utils yum-plugin-changelog -y [root@vuls-local ~]# exit ログアウト [vuls@vuls-local ~]$ vuls configtest --deep [Dec 12 05:57:51] INFO [localhost] Validating config... [Dec 12 05:57:51] INFO [localhost] Detecting Server/Container OS... [Dec 12 05:57:51] INFO [localhost] Detecting OS of servers... [Dec 12 05:57:51] INFO [localhost] (1/1) Detected: localhost: centos 7.4.1708 [Dec 12 05:57:51] INFO [localhost] Detecting OS of containers... [Dec 12 05:57:51] INFO [localhost] Checking dependencies... [Dec 12 05:57:51] INFO [localhost] Dependencies ... Pass [Dec 12 05:57:51] INFO [localhost] Checking sudo settings... [Dec 12 05:57:51] INFO [localhost] sudo ... No need [Dec 12 05:57:51] INFO [localhost] Scannable servers are below... localhost [vuls@vuls-local ~]$ |
scanを実行
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
[vuls@vuls-local ~]$ vuls scan -deep [Dec 12 05:59:58] INFO [localhost] Start scanning [Dec 12 05:59:58] INFO [localhost] config: /home/vuls/config.toml [Dec 12 05:59:58] INFO [localhost] Validating config... [Dec 12 05:59:58] INFO [localhost] Detecting Server/Container OS... [Dec 12 05:59:58] INFO [localhost] Detecting OS of servers... [Dec 12 05:59:58] INFO [localhost] (1/1) Detected: localhost: centos 7.4.1708 [Dec 12 05:59:58] INFO [localhost] Detecting OS of containers... [Dec 12 05:59:58] INFO [localhost] Detecting Platforms... [Dec 12 06:00:09] INFO [localhost] (1/1) localhost is running on other [Dec 12 06:00:09] INFO [localhost] Scanning vulnerabilities... [Dec 12 06:00:09] INFO [localhost] Scanning vulnerable OS packages... [Dec 12 06:00:14] INFO [localhost] (1/29) Fetched Changelogs nss-sysinit [Dec 12 06:00:15] INFO [localhost] (2/29) Fetched Changelogs openssh-server [Dec 12 06:00:15] INFO [localhost] (3/29) Fetched Changelogs nss-tools [Dec 12 06:00:15] INFO [localhost] (4/29) Fetched Changelogs grub2-tools-extra [Dec 12 06:00:15] INFO [localhost] (5/29) Fetched Changelogs selinux-policy [Dec 12 06:00:15] INFO [localhost] (6/29) Fetched Changelogs libuuid [Dec 12 06:00:15] INFO [localhost] (7/29) Fetched Changelogs grub2-tools-minimal [Dec 12 06:00:16] INFO [localhost] (8/29) Fetched Changelogs python-perf [Dec 12 06:00:16] INFO [localhost] (9/29) Fetched Changelogs kernel [Dec 12 06:00:16] INFO [localhost] (10/29) Fetched Changelogs systemd [Dec 12 06:00:16] INFO [localhost] (11/29) Fetched Changelogs bind-license [Dec 12 06:00:16] INFO [localhost] (12/29) Fetched Changelogs openssh [Dec 12 06:00:16] INFO [localhost] (13/29) Fetched Changelogs NetworkManager [Dec 12 06:00:17] INFO [localhost] (14/29) Fetched Changelogs kernel-tools [Dec 12 06:00:17] INFO [localhost] (15/29) Fetched Changelogs libblkid [Dec 12 06:00:17] INFO [localhost] (16/29) Fetched Changelogs grub2-common [Dec 12 06:00:17] INFO [localhost] (17/29) Fetched Changelogs NetworkManager-libnm [Dec 12 06:00:17] INFO [localhost] (18/29) Fetched Changelogs NetworkManager-wifi [Dec 12 06:00:17] INFO [localhost] (19/29) Fetched Changelogs kmod-libs [Dec 12 06:00:18] INFO [localhost] (20/29) Fetched Changelogs systemd-sysv [Dec 12 06:00:18] INFO [localhost] (21/29) Fetched Changelogs curl [Dec 12 06:00:18] INFO [localhost] (22/29) Fetched Changelogs libmount [Dec 12 06:00:18] INFO [localhost] (23/29) Fetched Changelogs grub2 [Dec 12 06:00:18] INFO [localhost] (24/29) Fetched Changelogs ncurses [Dec 12 06:00:18] INFO [localhost] (25/29) Fetched Changelogs ncurses-base [Dec 12 06:00:18] INFO [localhost] (26/29) Fetched Changelogs nss-softokn-freebl [Dec 12 06:00:19] INFO [localhost] (27/29) Fetched Changelogs grub2-pc [Dec 12 06:00:19] INFO [localhost] (28/29) Fetched Changelogs grub2-pc-modules [Dec 12 06:00:19] INFO [localhost] (29/29) Fetched Changelogs NetworkManager-team One Line Summary ================ localhost centos7.4.1708 54 updatable packages To view the detail, vuls tui is useful. To send a report, run vuls report -h. [vuls@vuls-local ~]$ |
report表示 one-line 表示
|
1 2 3 4 5 6 7 8 9 10 11 12 |
[vuls@vuls-local ~]$ vuls report -lang=ja -format-one-line-text [Dec 12 06:05:07] INFO [localhost] Validating config... [Dec 12 06:05:07] INFO [localhost] cve-dictionary: /home/vuls/cve.sqlite3 [Dec 12 06:05:07] INFO [localhost] Loaded: /home/vuls/results/2017-12-12T06:00:09+09:00 One Line Summary ================ localhost Total: 23 (High:6 Medium:7 Low:7 ?:3) 54 updatable packages [vuls@vuls-local ~]$ |
Report short summay
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[vuls@vuls-local ~]$ vuls report -lang=ja -format-short-text |more [Dec 12 06:06:10] INFO [localhost] Validating config... [Dec 12 06:06:10] INFO [localhost] cve-dictionary: /home/vuls/cve.sqlite3 [Dec 12 06:06:10] INFO [localhost] Loaded: /home/vuls/results/2017-12-12T06:00:09+09:00 localhost (centos7.4.1708) ========================== Total: 23 (High:6 Medium:7 Low:7 ?:3) 54 updatable packages CVE-2017-11176 10.0 HIGH (nvd) Linux Kernel の mq_notify 関数におけるサービス運用妨害 (DoS) の脆弱性 Linux Kernel の mq_notify 関数は、リトライロジックへのエントリの際に sock ポインタを NULL に設定しないため、ユーザ空間の Netlink ソケットのクローズ中に、サービス運用妨害 (解放済みメモリの使用 (use-after-free)) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 --- http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-005533.html https://access.redhat.com/security/cve/CVE-2017-11176 (RHEL-CVE) 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (nvd) 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (jvn) https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-11176 Confidence: 95 / ChangelogExactMatch /snip/ |
Report Full view
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[vuls@vuls-local ~]$ vuls report -lang=ja -format-full-text | more [Dec 12 06:08:57] INFO [localhost] Validating config... [Dec 12 06:08:57] INFO [localhost] cve-dictionary: /home/vuls/cve.sqlite3 [Dec 12 06:08:57] INFO [localhost] Loaded: /home/vuls/results/2017-12-12T06:00:09+09:00 localhost (centos7.4.1708) ========================== Total: 23 (High:6 Medium:7 Low:7 ?:3) 54 updatable packages CVE-2017-11176 ---------------- Max Score 10.0 HIGH (nvd) nvd 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C jvn 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Calc https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-11176 Summary Linux Kernel の mq_notify 関数におけるサービス運用妨害 (DoS) の脆弱性 Linux Kernel の mq_notify 関数は、リトライロジックへのエントリの際に sock ポインタを NULL に設定しないため、ユーザ空間の Netlink ソケットのクローズ中に、サービス運用妨害 (解放済みメモリの使用 (use-after-free)) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 Source http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-005533.html RHEL-CVE https://access.redhat.com/security/cve/CVE-2017-11176 CWE-416 (nvd) https://cwe.mitre.org/data/definitions/416.html Package/CPE kernel-3.10.0-693.el7 -> 3.10.0-693.11.1.el7 kernel-tools-3.10.0-693.el7 -> 3.10.0-693.11.1.el7 kernel-tools-libs-3.10.0-693.el7 -> 3.10.0-693.11.1.el7 Confidence 95 / ChangelogExactMatch /snip/ |
TUI
|
1 |
[vuls@vuls ~]$ vuls tui |
vula-remote インストール手順
vuls ユーザアカウント追加
|
1 2 |
# useradd vuls # password vula |
|
1 2 3 |
$ ssh vuls@vuls-remote vuls@vuls-remote's password: [vuls@vuls-remote ~]$ |
vuls-localhost 公開鍵、秘密鍵を作成 ssh-keygen -t rsa その後問い合わせは全てエンターキーを押す
|
1 2 3 4 5 6 7 8 9 10 11 12 |
[vuls@vuls-local ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/vuls/.ssh/id_rsa): Created directory '/home/vuls/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vuls/.ssh/id_rsa. Your public key has been saved in /home/vuls/.ssh/id_rsa.pub. /snip/ [vuls@vuls-local ~]$ |
vuls-remoteへの公開鍵の設置
|
1 2 |
[vuls@vuls-remote ~]$ mkdir ~/.ssh [vuls@vuls-remote ~]$ chmod 700 ~/.ssh |
vuls-localからvuls-remoteへのコピー
|
1 |
[vuls@vuls-local .ssh]$ scp id_rsa.pub vuls-remote:~/.ssh/authorized_keys |
vuls-remoteの秘密鍵のパーティション変更
|
1 |
[vuls@vuls-remote ~]$ chmod 700 ~/.ssh/authorized_keys |
vuls-localからvuls-remoteへの接続確認
|
1 2 3 |
[vuls@vuls-local .ssh]$ ssh vuls@vuls-remote -i ~/.ssh/id_rsa Last login: Tue Dec 12 14:57:30 2017 from 172.27.1.8 [vuls@vuls-remote ~]$ |
vuls-remote config.toml の追記 [servers.vuls-remote]以下を追記
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[vuls@vuls-local ~]$ cat config.toml [servers] [servers.localhost] host = "localhost" port = "local" [servers.vuls-remote] host = "vuls-remote" port = "22" user = "vuls" keyPath = "/home/vuls/.ssh/id_rsa" [vuls@vuls-local ~]$ |
vuls-remote configtest yum-utilsが入っていないのでエラーが発生したのでインストールして再度チェックしてパスしています。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
[vuls@vuls-local ~]$ vuls configtest --deep vuls-remote [Dec 12 15:13:54] INFO [localhost] Validating config... [Dec 12 15:13:54] INFO [localhost] Detecting Server/Container OS... [Dec 12 15:13:54] INFO [localhost] Detecting OS of servers... [Dec 12 15:13:56] INFO [localhost] (1/1) Detected: vuls-remote: centos 7.4.1708 [Dec 12 15:13:56] INFO [localhost] Detecting OS of containers... [Dec 12 15:13:56] INFO [localhost] Checking dependencies... [Dec 12 15:13:56] ERROR [vuls-remote] yum-utils is not installed [Dec 12 15:13:56] ERROR [localhost] Error: vuls-remote, err: [yum-utils is not installed] [Dec 12 15:13:56] INFO [localhost] Checking sudo settings... [Dec 12 15:13:56] INFO [localhost] Scannable servers are below... [vuls@vuls-local ~]$ ssh vuls-remote Last login: Tue Dec 12 15:13:56 2017 from 172.30.80.1 [vuls@vuls-remote ~]$ su - パスワード: 最終ログイン: 2017/12/12 (火) 14:57:02 JST日時 tty1 [root@vuls-remote ~]# yum install yum install yum-utils yum-plugin-changelog -y /snip/ [root@vuls-remote ~]# exit ログアウト [vuls@vuls-remote ~]$ exit ログアウト Connection to vuls-remote closed. [vuls@vuls-local ~]$ vuls configtest --deep vuls-remote [Dec 12 15:16:01] INFO [localhost] Validating config... [Dec 12 15:16:01] INFO [localhost] Detecting Server/Container OS... [Dec 12 15:16:01] INFO [localhost] Detecting OS of servers... [Dec 12 15:16:02] INFO [localhost] (1/1) Detected: vuls-remote: centos 7.4.1708 [Dec 12 15:16:02] INFO [localhost] Detecting OS of containers... [Dec 12 15:16:02] INFO [localhost] Checking dependencies... [Dec 12 15:16:02] INFO [vuls-remote] Dependencies ... Pass [Dec 12 15:16:02] INFO [localhost] Checking sudo settings... [Dec 12 15:16:02] INFO [vuls-remote] sudo ... No need [Dec 12 15:16:02] INFO [localhost] Scannable servers are below... vuls-remote [vuls@vuls-local ~]$ |
vuls-remote scan 実行
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
[vuls@vuls-local ~]$ vuls scan --deep vuls-remote [Dec 12 15:17:33] INFO [localhost] Start scanning [Dec 12 15:17:33] INFO [localhost] config: /home/vuls/config.toml [Dec 12 15:17:33] ERROR [localhost] -depp is not in config [vuls@vuls-local ~]$ vuls scan vuls-remote --depp [Dec 12 15:17:36] INFO [localhost] Start scanning [Dec 12 15:17:36] INFO [localhost] config: /home/vuls/config.toml [Dec 12 15:17:36] ERROR [localhost] --depp is not in config [vuls@vuls-local ~]$ vuls scan -deep vuls-remote [Dec 12 15:17:45] INFO [localhost] Start scanning [Dec 12 15:17:45] INFO [localhost] config: /home/vuls/config.toml [Dec 12 15:17:45] INFO [localhost] Validating config... [Dec 12 15:17:45] INFO [localhost] Detecting Server/Container OS... [Dec 12 15:17:45] INFO [localhost] Detecting OS of servers... [Dec 12 15:17:47] INFO [localhost] (1/1) Detected: vuls-remote: centos 7.4.1708 [Dec 12 15:17:47] INFO [localhost] Detecting OS of containers... [Dec 12 15:17:47] INFO [localhost] Detecting Platforms... [Dec 12 15:17:58] INFO [localhost] (1/1) vuls-remote is running on other [Dec 12 15:17:58] INFO [localhost] Scanning vulnerabilities... [Dec 12 15:17:58] INFO [localhost] Scanning vulnerable OS packages... [Dec 12 15:18:04] INFO [vuls-remote] (1/33) Fetched Changelogs grub2-tools-extra [Dec 12 15:18:04] INFO [vuls-remote] (2/33) Fetched Changelogs systemd [Dec 12 15:18:05] INFO [vuls-remote] (3/33) Fetched Changelogs glibc-common [Dec 12 15:18:05] INFO [vuls-remote] (4/33) Fetched Changelogs openssh [Dec 12 15:18:06] INFO [vuls-remote] (5/33) Fetched Changelogs NetworkManager-libnm [Dec 12 15:18:06] INFO [vuls-remote] (6/33) Fetched Changelogs ncurses [Dec 12 15:18:07] INFO [vuls-remote] (7/33) Fetched Changelogs grub2-pc [Dec 12 15:18:07] INFO [vuls-remote] (8/33) Fetched Changelogs kernel-tools-libs [Dec 12 15:18:07] INFO [vuls-remote] (9/33) Fetched Changelogs python-gobject-base [Dec 12 15:18:08] INFO [vuls-remote] (10/33) Fetched Changelogs kmod [Dec 12 15:18:08] INFO [vuls-remote] (11/33) Fetched Changelogs ncurses-base [Dec 12 15:18:09] INFO [vuls-remote] (12/33) Fetched Changelogs grub2-pc-modules [Dec 12 15:18:09] INFO [vuls-remote] (13/33) Fetched Changelogs selinux-policy [Dec 12 15:18:10] INFO [vuls-remote] (14/33) Fetched Changelogs libgcc [Dec 12 15:18:10] INFO [vuls-remote] (15/33) Fetched Changelogs bind-license [Dec 12 15:18:10] INFO [vuls-remote] (16/33) Fetched Changelogs curl [Dec 12 15:18:11] INFO [vuls-remote] (17/33) Fetched Changelogs libuuid [Dec 12 15:18:11] INFO [vuls-remote] (18/33) Fetched Changelogs libmount [Dec 12 15:18:12] INFO [vuls-remote] (19/33) Fetched Changelogs NetworkManager-wifi [Dec 12 15:18:12] INFO [vuls-remote] (20/33) Fetched Changelogs NetworkManager-team [Dec 12 15:18:13] INFO [vuls-remote] (21/33) Fetched Changelogs nss-sysinit [Dec 12 15:18:13] INFO [vuls-remote] (22/33) Fetched Changelogs kernel-tools [Dec 12 15:18:13] INFO [vuls-remote] (23/33) Fetched Changelogs systemd-sysv [Dec 12 15:18:14] INFO [vuls-remote] (24/33) Fetched Changelogs libgomp [Dec 12 15:18:14] INFO [vuls-remote] (25/33) Fetched Changelogs openssh-server [Dec 12 15:18:15] INFO [vuls-remote] (26/33) Fetched Changelogs grub2-tools-minimal [Dec 12 15:18:15] INFO [vuls-remote] (27/33) Fetched Changelogs nss-tools [Dec 12 15:18:15] INFO [vuls-remote] (28/33) Fetched Changelogs libblkid [Dec 12 15:18:16] INFO [vuls-remote] (29/33) Fetched Changelogs kernel [Dec 12 15:18:16] INFO [vuls-remote] (30/33) Fetched Changelogs NetworkManager [Dec 12 15:18:17] INFO [vuls-remote] (31/33) Fetched Changelogs nss-softokn-freebl [Dec 12 15:18:17] INFO [vuls-remote] (32/33) Fetched Changelogs grub2 [Dec 12 15:18:18] INFO [vuls-remote] (33/33) Fetched Changelogs grub2-tools One Line Summary ================ vuls-remote centos7.4.1708 58 updatable packages To view the detail, vuls tui is useful. To send a report, run vuls report -h. [vuls@vuls-local ~]$ |
vuls report はコマンド同じなので省略
Slackへの通知
slack 通知への設定 [slack]以下を追加 hookURLは https://slack.com/services/new/incoming-webhookから取得
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[vuls@vuls-local ~]$ cat config.toml [servers] [servers.localhost] host = "localhost" port = "local" [servers.vuls-remote] host = "vuls-remote" port = "22" user = "vuls" keyPath = "/home/vuls/.ssh/id_rsa" [slack] hookURL = "https://hooks.slack.com/services/xxxxxxx/yyyyyyy/zzzzzzzzzzz" #legacyToken = "xoxp-11111111111-222222222222-3333333333" channel = "#vuls-report" #channel = "${servername}" iconEmoji = ":ghost:" authUser = "vuls-report" #notifyUsers = ["@username"] [vuls@vuls-local ~]$ |
slacへの通知 下記コマンドを実行すると slack へ下記のような通知がされる。
|
1 |
vuls report -to-slack -lang=ja |
Crontabによる自動更新および通知
vlan-local の /etc/cron.d/vuls を下記のように追加
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
HELL=/bin/bash HOME=/home/vuls MAILTO="" # Update CVE dict 27 03 * * * vuls ${HOME}/go/bin/go-cve-dictionary fetchnvd -last2y -dbpath=/home/vuls/cve.sqlite3 >/dev/null 2>&1 47 03 * * * vuls ${HOME}/go/bin/go-cve-dictionary fetchjvn -last2y -dbpath=/home/vuls/cve.sqlite3 >/dev/null 2>&1 # Scan 23 04 * * * vuls ${HOME}/go/bin/vuls scan --deep >/dev/null 2>&1 # Report Slack 30 07 * * * vuls ${HOME}/go/bin/vuls report -to-slack -lang=ja >/dev/null 2>&1 |
vulsの設定メモは以上です。