Overview
I'll tell you how to deploy Vuls and how to build development environment of it.
I used https://vuls.io/docs/en/tutorial.html as a reference.
Set up
1. Docker container
Pull the CentOS 7 official Docker image and run an interactive terminal session. Then, get into docker container.
$ docker pull centos:centos7
$ docker run -it -d --name mycentos centos:centos7
$ docker exec -it mycentos /bin/bash
2. Set up Vuls environment on CentOS
See Manual.
Local Scan
Scan CentOS itself.
1. Configuration
[root@c385c6f70094 /]# cd $HOME
[root@c385c6f70094 /]# vi config.toml
Create config.toml
like this.
[servers]
[servers.localhost]
host = "localhost"
port = "local"
2. Check config.toml and settings on the server before scanning
[root@c385c6f70094 /]# vuls configtest
[Sep 18 12:03:34] INFO [localhost] Validating config...
[Sep 18 12:03:34] INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 12:03:34] INFO [localhost] Scannable servers are below...
localhost
3. Start Scanning
[root@c385c6f70094 /]# vuls scan
[Sep 18 12:03:37] INFO [localhost] Start scanning
...
One Line Summary
================
localhost centos7.6.1810 200 installed, 74 updatable
4. Report
Display the scan result simply.
[root@c385c6f70094 /]# vuls report -format-one-line-text
[Sep 18 12:10:18] INFO [localhost] Validating config...
[Sep 18 12:10:18] INFO [localhost] Loaded: /root/go/src/github.com/future-architect/vuls/results/2019-09-18T12:10:07Z
...
One Line Summary
================
localhost Total: 72 (High:14 Medium:48 Low:10 ?:0) 32/72 Fixed 200 installed, 74 updatable 0 exploits en: 4, ja: 2 alerts
5. TUI
TUI(Terminal-Based User Interface) enables us to see the scan result in more detail.
[root@c385c6f70094 /]# vuls tui
Leave TUI mode by typing Ctrl+C.
Remote Scan
Scan Ubuntu
Set up Ubuntu container
Pull Ubuntu image and run an interactive terminal session.
$ docker pull ubuntu:18.04
$ docker run -it -d --name myubuntu -p 22 ubuntu
Check IP address.
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' CONTAINER ID
172.17.0.3
Use container ID of your ubuntu container instead of CONTAINER ID
. (You can check it by executing docker ps
command.)
Then, get into docker container.
$ docker exec -it myubuntu /bin/bash
Start sshd on Ubuntu
root@b4d4062be0a8:/# apt-get update
root@b4d4062be0a8:/# apt -y install openssh-server
root@b4d4062be0a8:/# rm /etc/ssh/ssh_host_*key*
root@b4d4062be0a8:/# dpkg-reconfigure openssh-server
root@b4d4062be0a8:/# /etc/init.d/ssh start
Create a keypair on CentOS. Then, copy public key to clipboard.
[root@c385c6f70094 /]# ssh-keygen -t rsa
[root@c385c6f70094 /]# cat ~/.ssh/id_rsa.pub
root@b4d4062be0a8:/# mkdir ~/.ssh
root@b4d4062be0a8:/# chmod 700 ~/.ssh
root@b4d4062be0a8:/# touch ~/.ssh/authorized_keys
root@b4d4062be0a8:/# chmod 600 ~/.ssh/authorized_keys
root@b4d4062be0a8:/# vim ~/.ssh/authorized_keys
Paste the content of the clipboard to ~/.ssh/authorized_keys
.
[root@c385c6f70094 /]# ssh 172.17.0.3
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.9.184-linuxkit x86_64)
...
Remote host's Host Key is added to $HOME/.ssh/known_hosts
.
Create config.toml
under vuls
directory.
[servers]
[servers.ubuntu]
host = "172.17.0.3"
port = "22"
user = "root"
keyPath = "/path/to/.ssh/id_rsa"
Then, make sure that configuration is correct.
[root@c385c6f70094 vuls]# vuls configtest
You should now be able to scan remote host(Ubuntu) form CentOS.
[root@c385c6f70094 vuls]# vuls scan
[Sep 19 04:56:51] INFO [localhost] Start scanning
...
One Line Summary
================
ubuntu ubuntu18.04 154 installed
Scan remote host from macOS
Deploy Vuls
Deploy Vuls in the same way as shown above on your local machine.
Enable ssh
$ cat ~/.ssh/id_rsa.pub
Copy public key to clipboard.
Ubuntu
root@b4d4062be0a8:/# vi ~/.ssh/authorized_keys
Add the copied text to ~/.ssh/authorized_keys
.
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4d4062be0a8 ubuntu "/bin/bash" 2 days ago Up 2 days 0.0.0.0:32768->22/tcp myubuntu
c385c6f70094 centos "/bin/bash" 2 days ago Up 2 days mycentos
$ ssh root@localhost -p 32768
Remote host's Host Key is added to $HOME/.ssh/known_hosts
.
$ vi config.toml
Touch config.toml
as shown below.
[servers]
[servers.ubuntu]
host = "localhost"
port = "32768"
user = "root"
keyPath = "/path/to/id_rsa"
Now you can scan remote host from local machine!
$ vuls configtest ubuntu
[Sep 18 22:14:42] INFO [localhost] Validating config...
[Sep 18 22:14:42] INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 22:14:42] INFO [localhost] Scannable servers are below...
ubuntu
$ vuls scan
[Sep 18 22:15:25] INFO [localhost] Start scanning
...
One Line Summary
================
ubuntu ubuntu18.04 154 installed
$ vuls report -format-one-line-text
[Sep 18 22:16:03] INFO [localhost] Validating config...
...
One Line Summary
================
ubuntu Total: 46 (High:8 Medium:31 Low:7 ?:0) 0/46 Fixed 177 installed 1 exploits en: 0, ja: 0 alerts
Top comments (0)