DEV Community

Cover image for Vuls(Agentless vulnerability scanner) for beginners: Scan Ubuntu container in remote host from macOS
segatomo
segatomo

Posted on • Edited on

Vuls(Agentless vulnerability scanner) for beginners: Scan Ubuntu container in remote host from macOS

Overview

I'll tell you how to deploy Vuls and how to build development environment of it.
I used https://vuls.io/docs/en/tutorial.html as a reference.

Set up

1. Docker container

Pull the CentOS 7 official Docker image and run an interactive terminal session. Then, get into docker container.

$ docker pull centos:centos7
$ docker run -it -d --name mycentos centos:centos7 
$ docker exec -it mycentos /bin/bash
Enter fullscreen mode Exit fullscreen mode

2. Set up Vuls environment on CentOS

See Manual.

Local Scan

Scan CentOS itself.

1. Configuration

[root@c385c6f70094 /]# cd $HOME
[root@c385c6f70094 /]# vi config.toml
Enter fullscreen mode Exit fullscreen mode

Create config.toml like this.

[servers]

[servers.localhost]
host = "localhost"
port = "local"
Enter fullscreen mode Exit fullscreen mode

2. Check config.toml and settings on the server before scanning

[root@c385c6f70094 /]# vuls configtest
[Sep 18 12:03:34]  INFO [localhost] Validating config...
[Sep 18 12:03:34]  INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 12:03:34]  INFO [localhost] Scannable servers are below...
localhost
Enter fullscreen mode Exit fullscreen mode

3. Start Scanning

[root@c385c6f70094 /]# vuls scan
[Sep 18 12:03:37]  INFO [localhost] Start scanning
...

One Line Summary
================
localhost   centos7.6.1810  200 installed, 74 updatable

Enter fullscreen mode Exit fullscreen mode

4. Report

Display the scan result simply.

[root@c385c6f70094 /]# vuls report -format-one-line-text
[Sep 18 12:10:18]  INFO [localhost] Validating config...
[Sep 18 12:10:18]  INFO [localhost] Loaded: /root/go/src/github.com/future-architect/vuls/results/2019-09-18T12:10:07Z
...

One Line Summary
================
localhost   Total: 72 (High:14 Medium:48 Low:10 ?:0)    32/72 Fixed 200 installed, 74 updatable 0 exploits      en: 4, ja: 2 alerts
Enter fullscreen mode Exit fullscreen mode

5. TUI

TUI(Terminal-Based User Interface) enables us to see the scan result in more detail.

[root@c385c6f70094 /]# vuls tui
Enter fullscreen mode Exit fullscreen mode

Vuls-TUI
Leave TUI mode by typing Ctrl+C.

Remote Scan

Scan Ubuntu

Set up Ubuntu container

Pull Ubuntu image and run an interactive terminal session.

$ docker pull ubuntu:18.04
$ docker run -it -d --name myubuntu -p 22 ubuntu
Enter fullscreen mode Exit fullscreen mode

Check IP address.

$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' CONTAINER ID
172.17.0.3
Enter fullscreen mode Exit fullscreen mode

Use container ID of your ubuntu container instead of CONTAINER ID. (You can check it by executing docker ps command.)
Then, get into docker container.

$ docker exec -it myubuntu /bin/bash
Enter fullscreen mode Exit fullscreen mode

Start sshd on Ubuntu

root@b4d4062be0a8:/# apt-get update
root@b4d4062be0a8:/# apt -y install openssh-server
root@b4d4062be0a8:/# rm /etc/ssh/ssh_host_*key*
root@b4d4062be0a8:/# dpkg-reconfigure openssh-server
root@b4d4062be0a8:/# /etc/init.d/ssh start
Enter fullscreen mode Exit fullscreen mode

Create a keypair on CentOS. Then, copy public key to clipboard.

[root@c385c6f70094 /]# ssh-keygen -t rsa
[root@c385c6f70094 /]# cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode
root@b4d4062be0a8:/# mkdir ~/.ssh
root@b4d4062be0a8:/# chmod 700 ~/.ssh
root@b4d4062be0a8:/# touch ~/.ssh/authorized_keys
root@b4d4062be0a8:/# chmod 600 ~/.ssh/authorized_keys
root@b4d4062be0a8:/# vim ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Paste the content of the clipboard to ~/.ssh/authorized_keys.

[root@c385c6f70094 /]# ssh 172.17.0.3
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.9.184-linuxkit x86_64)
...
Enter fullscreen mode Exit fullscreen mode

Remote host's Host Key is added to $HOME/.ssh/known_hosts.

Create config.toml under vuls directory.

[servers]

[servers.ubuntu]
host         = "172.17.0.3"
port        = "22"
user        = "root"
keyPath     = "/path/to/.ssh/id_rsa"
Enter fullscreen mode Exit fullscreen mode

Then, make sure that configuration is correct.

[root@c385c6f70094 vuls]# vuls configtest
Enter fullscreen mode Exit fullscreen mode

You should now be able to scan remote host(Ubuntu) form CentOS.

[root@c385c6f70094 vuls]# vuls scan 
[Sep 19 04:56:51]  INFO [localhost] Start scanning
...

One Line Summary
================
ubuntu  ubuntu18.04 154 installed


Enter fullscreen mode Exit fullscreen mode

Scan remote host from macOS

Deploy Vuls

Deploy Vuls in the same way as shown above on your local machine.

Enable ssh

$ cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

Copy public key to clipboard.

Ubuntu

root@b4d4062be0a8:/# vi ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Add the copied text to ~/.ssh/authorized_keys.

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
b4d4062be0a8        ubuntu              "/bin/bash"         2 days ago          Up 2 days           0.0.0.0:32768->22/tcp   myubuntu
c385c6f70094        centos              "/bin/bash"         2 days ago          Up 2 days                                   mycentos
Enter fullscreen mode Exit fullscreen mode
$ ssh root@localhost -p 32768
Enter fullscreen mode Exit fullscreen mode

Remote host's Host Key is added to $HOME/.ssh/known_hosts.

$ vi config.toml
Enter fullscreen mode Exit fullscreen mode

Touch config.toml as shown below.

[servers]

[servers.ubuntu]
host         = "localhost"
port        = "32768"
user        = "root"
keyPath     = "/path/to/id_rsa"
Enter fullscreen mode Exit fullscreen mode

Now you can scan remote host from local machine!

$ vuls configtest ubuntu
[Sep 18 22:14:42]  INFO [localhost] Validating config...
[Sep 18 22:14:42]  INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 22:14:42]  INFO [localhost] Scannable servers are below...
ubuntu
Enter fullscreen mode Exit fullscreen mode
$ vuls scan
[Sep 18 22:15:25]  INFO [localhost] Start scanning
...


One Line Summary
================
ubuntu  ubuntu18.04 154 installed

Enter fullscreen mode Exit fullscreen mode
$ vuls report -format-one-line-text
[Sep 18 22:16:03]  INFO [localhost] Validating config...
...

One Line Summary
================
ubuntu  Total: 46 (High:8 Medium:31 Low:7 ?:0)  0/46 Fixed  177 installed   1 exploits  en: 0, ja: 0 alerts
Enter fullscreen mode Exit fullscreen mode

Top comments (0)