The latest articles on DEV Community by segatomo (@segatomo). https://dev.to/segatomo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F231765%2Fb1aaf3a4-b7a2-480c-90fa-f06d514659d8.JPG https://dev.to/segatomo en segatomo Thu, 19 Sep 2019 06:54:08 +0000 https://dev.to/segatomo/vuls-agentless-vulnerability-scanner-for-beginners-scan-ubuntu-container-in-remote-host-from-macos-41ef https://dev.to/segatomo/vuls-agentless-vulnerability-scanner-for-beginners-scan-ubuntu-container-in-remote-host-from-macos-41ef <h2> Overview </h2> <p>I'll tell you how to deploy <a href="https://github.com/future-architect/vuls">Vuls</a> and how to build development environment of it. <br> I used <a href="https://vuls.io/docs/en/tutorial.html">https://vuls.io/docs/en/tutorial.html</a> as a reference. </p> <h2> Set up </h2> <h3> 1. Docker container </h3> <p>Pull the CentOS 7 official Docker image and run an interactive terminal session. Then, get into docker container.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker pull centos:centos7 <span class="nv">$ </span>docker run <span class="nt">-it</span> <span class="nt">-d</span> <span class="nt">--name</span> mycentos centos:centos7 <span class="nv">$ </span>docker <span class="nb">exec</span> <span class="nt">-it</span> mycentos /bin/bash </code></pre> </div> <h3> 2. Set up Vuls environment on CentOS </h3> <p>See <a href="https://vuls.io/docs/en/install-manually-centos.html">Manual</a>.</p> <h2> Local Scan </h2> <p>Scan CentOS itself.</p> <h3> 1. Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# <span class="nb">cd</span> <span class="nv">$HOME</span> <span class="o">[</span>root@c385c6f70094 /]# vi config.toml </code></pre> </div> <p>Create <code>config.toml</code> like this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[servers]</span> <span class="nn">[servers.localhost]</span> <span class="py">host</span> <span class="p">=</span> <span class="s">"localhost"</span> <span class="py">port</span> <span class="p">=</span> <span class="s">"local"</span> </code></pre> </div> <h3> 2. Check config.toml and settings on the server before scanning </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# vuls configtest <span class="o">[</span>Sep 18 12:03:34] INFO <span class="o">[</span>localhost] Validating config... <span class="o">[</span>Sep 18 12:03:34] INFO <span class="o">[</span>localhost] Detecting Server/Container OS... ... <span class="o">[</span>Sep 18 12:03:34] INFO <span class="o">[</span>localhost] Scannable servers are below... localhost </code></pre> </div> <h3> 3. Start Scanning </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# vuls scan <span class="o">[</span>Sep 18 12:03:37] INFO <span class="o">[</span>localhost] Start scanning ... One Line Summary <span class="o">================</span> localhost centos7.6.1810 200 installed, 74 updatable </code></pre> </div> <h3> 4. Report </h3> <p>Display the scan result simply.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# vuls report <span class="nt">-format-one-line-text</span> <span class="o">[</span>Sep 18 12:10:18] INFO <span class="o">[</span>localhost] Validating config... <span class="o">[</span>Sep 18 12:10:18] INFO <span class="o">[</span>localhost] Loaded: /root/go/src/github.com/future-architect/vuls/results/2019-09-18T12:10:07Z ... One Line Summary <span class="o">================</span> localhost Total: 72 <span class="o">(</span>High:14 Medium:48 Low:10 ?:0<span class="o">)</span> 32/72 Fixed 200 installed, 74 updatable 0 exploits en: 4, ja: 2 alerts </code></pre> </div> <h3> 5. TUI </h3> <p>TUI(Terminal-Based User Interface) enables us to see the scan result in more detail.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[root@c385c6f70094 /]# vuls tui </code></pre> </div> <p><a href="https://camo.githubusercontent.com/c9fff155bc67c62c7fc5f9642f2a9066066d8c6d/68747470733a2f2f76756c732e696f2f696d672f646f63732f68656c6c6f2d76756c732d7475692e706e67" class="article-body-image-wrapper"><img src="https://camo.githubusercontent.com/c9fff155bc67c62c7fc5f9642f2a9066066d8c6d/68747470733a2f2f76756c732e696f2f696d672f646f63732f68656c6c6f2d76756c732d7475692e706e67" alt="Vuls-TUI" width="1913" height="1035"></a><br> Leave TUI mode by typing Ctrl+C. </p> <h2> Remote Scan </h2> <p>Scan Ubuntu</p> <h3> Set up Ubuntu container </h3> <p>Pull Ubuntu image and run an interactive terminal session.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker pull ubuntu:18.04 <span class="nv">$ </span>docker run <span class="nt">-it</span> <span class="nt">-d</span> <span class="nt">--name</span> myubuntu <span class="nt">-p</span> 22 ubuntu </code></pre> </div> <p>Check IP address.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker inspect <span class="nt">--format</span><span class="o">=</span><span class="s1">'{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'</span> CONTAINER ID 172.17.0.3 </code></pre> </div> <p>Use container ID of your ubuntu container instead of <code>CONTAINER ID</code>. (You can check it by executing <code>docker ps</code> command.)<br> Then, get into docker container.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker <span class="nb">exec</span> <span class="nt">-it</span> myubuntu /bin/bash </code></pre> </div> <h3> Start sshd on Ubuntu </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@b4d4062be0a8:/# apt-get update root@b4d4062be0a8:/# apt <span class="nt">-y</span> <span class="nb">install </span>openssh-server root@b4d4062be0a8:/# <span class="nb">rm</span> /etc/ssh/ssh_host_<span class="k">*</span>key<span class="k">*</span> root@b4d4062be0a8:/# dpkg-reconfigure openssh-server root@b4d4062be0a8:/# /etc/init.d/ssh start </code></pre> </div> <p>Create a keypair on CentOS. Then, copy public key to clipboard.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# ssh-keygen <span class="nt">-t</span> rsa <span class="o">[</span>root@c385c6f70094 /]# <span class="nb">cat</span> ~/.ssh/id_rsa.pub </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@b4d4062be0a8:/# <span class="nb">mkdir</span> ~/.ssh root@b4d4062be0a8:/# <span class="nb">chmod </span>700 ~/.ssh root@b4d4062be0a8:/# <span class="nb">touch</span> ~/.ssh/authorized_keys root@b4d4062be0a8:/# <span class="nb">chmod </span>600 ~/.ssh/authorized_keys root@b4d4062be0a8:/# vim ~/.ssh/authorized_keys </code></pre> </div> <p>Paste the content of the clipboard to <code>~/.ssh/authorized_keys</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 /]# ssh 172.17.0.3 Welcome to Ubuntu 18.04.3 LTS <span class="o">(</span>GNU/Linux 4.9.184-linuxkit x86_64<span class="o">)</span> ... </code></pre> </div> <p>Remote host's Host Key is added to <code>$HOME/.ssh/known_hosts</code>.</p> <p>Create <code>config.toml</code> under <code>vuls</code> directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[servers]</span> <span class="nn">[servers.ubuntu]</span> <span class="py">host</span> <span class="p">=</span> <span class="s">"172.17.0.3"</span> <span class="py">port</span> <span class="p">=</span> <span class="s">"22"</span> <span class="py">user</span> <span class="p">=</span> <span class="s">"root"</span> <span class="py">keyPath</span> <span class="p">=</span> <span class="s">"/path/to/.ssh/id_rsa"</span> </code></pre> </div> <p>Then, make sure that configuration is correct.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 vuls]# vuls configtest </code></pre> </div> <p>You should now be able to scan remote host(Ubuntu) form CentOS.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@c385c6f70094 vuls]# vuls scan <span class="o">[</span>Sep 19 04:56:51] INFO <span class="o">[</span>localhost] Start scanning ... One Line Summary <span class="o">================</span> ubuntu ubuntu18.04 154 installed </code></pre> </div> <h2> Scan remote host from macOS </h2> <h3> Deploy Vuls </h3> <p>Deploy Vuls in the same way as shown above on your local machine.</p> <h3> Enable ssh </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cat</span> ~/.ssh/id_rsa.pub </code></pre> </div> <p>Copy public key to clipboard.</p> <p>Ubuntu<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@b4d4062be0a8:/# vi ~/.ssh/authorized_keys </code></pre> </div> <p>Add the copied text to <code>~/.ssh/authorized_keys</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b4d4062be0a8 ubuntu <span class="s2">"/bin/bash"</span> 2 days ago Up 2 days 0.0.0.0:32768-&gt;22/tcp myubuntu c385c6f70094 centos <span class="s2">"/bin/bash"</span> 2 days ago Up 2 days mycentos </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ssh root@localhost <span class="nt">-p</span> 32768 </code></pre> </div> <p>Remote host's Host Key is added to <code>$HOME/.ssh/known_hosts</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vi config.toml </code></pre> </div> <p>Touch <code>config.toml</code> as shown below.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight toml"><code><span class="nn">[servers]</span> <span class="nn">[servers.ubuntu]</span> <span class="py">host</span> <span class="p">=</span> <span class="s">"localhost"</span> <span class="py">port</span> <span class="p">=</span> <span class="s">"32768"</span> <span class="py">user</span> <span class="p">=</span> <span class="s">"root"</span> <span class="py">keyPath</span> <span class="p">=</span> <span class="s">"/path/to/id_rsa"</span> </code></pre> </div> <p>Now you can scan remote host from local machine!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vuls configtest ubuntu <span class="o">[</span>Sep 18 22:14:42] INFO <span class="o">[</span>localhost] Validating config... <span class="o">[</span>Sep 18 22:14:42] INFO <span class="o">[</span>localhost] Detecting Server/Container OS... ... <span class="o">[</span>Sep 18 22:14:42] INFO <span class="o">[</span>localhost] Scannable servers are below... ubuntu </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vuls scan <span class="o">[</span>Sep 18 22:15:25] INFO <span class="o">[</span>localhost] Start scanning ... One Line Summary <span class="o">================</span> ubuntu ubuntu18.04 154 installed </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>vuls report <span class="nt">-format-one-line-text</span> <span class="o">[</span>Sep 18 22:16:03] INFO <span class="o">[</span>localhost] Validating config... ... One Line Summary <span class="o">================</span> ubuntu Total: 46 <span class="o">(</span>High:8 Medium:31 Low:7 ?:0<span class="o">)</span> 0/46 Fixed 177 installed 1 exploits en: 0, ja: 0 alerts </code></pre> </div> vuls security opensource