Vuls(Agentless vulnerability scanner) for beginners: Scan Ubuntu container in remote host from macOS

Overview

I'll tell you how to deploy Vuls and how to build development environment of it.
I used https://vuls.io/docs/en/tutorial.html as a reference.

Set up

1. Docker container

Pull the CentOS 7 official Docker image and run an interactive terminal session. Then, get into docker container.

$ docker pull centos:centos7
$ docker run -it -d --name mycentos centos:centos7 
$ docker exec -it mycentos /bin/bash

2. Set up Vuls environment on CentOS

See Manual.

Local Scan

Scan CentOS itself.

1. Configuration

[root@c385c6f70094 /]# cd $HOME
[root@c385c6f70094 /]# vi config.toml

Create config.toml like this.

[servers]

[servers.localhost]
host = "localhost"
port = "local"

2. Check config.toml and settings on the server before scanning

[root@c385c6f70094 /]# vuls configtest
[Sep 18 12:03:34]  INFO [localhost] Validating config...
[Sep 18 12:03:34]  INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 12:03:34]  INFO [localhost] Scannable servers are below...
localhost

3. Start Scanning

[root@c385c6f70094 /]# vuls scan
[Sep 18 12:03:37]  INFO [localhost] Start scanning
...

One Line Summary
================
localhost   centos7.6.1810  200 installed, 74 updatable

4. Report

Display the scan result simply.

[root@c385c6f70094 /]# vuls report -format-one-line-text
[Sep 18 12:10:18]  INFO [localhost] Validating config...
[Sep 18 12:10:18]  INFO [localhost] Loaded: /root/go/src/github.com/future-architect/vuls/results/2019-09-18T12:10:07Z
...

One Line Summary
================
localhost   Total: 72 (High:14 Medium:48 Low:10 ?:0)    32/72 Fixed 200 installed, 74 updatable 0 exploits      en: 4, ja: 2 alerts

5. TUI

TUI(Terminal-Based User Interface) enables us to see the scan result in more detail.

[root@c385c6f70094 /]# vuls tui

Leave TUI mode by typing Ctrl+C.

Remote Scan

Scan Ubuntu

Set up Ubuntu container

Pull Ubuntu image and run an interactive terminal session.

$ docker pull ubuntu:18.04
$ docker run -it -d --name myubuntu -p 22 ubuntu

Check IP address.

$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' CONTAINER ID
172.17.0.3

Use container ID of your ubuntu container instead of CONTAINER ID. (You can check it by executing docker ps command.)
Then, get into docker container.

$ docker exec -it myubuntu /bin/bash

Start sshd on Ubuntu

root@b4d4062be0a8:/# apt-get update
root@b4d4062be0a8:/# apt -y install openssh-server
root@b4d4062be0a8:/# rm /etc/ssh/ssh_host_*key*
root@b4d4062be0a8:/# dpkg-reconfigure openssh-server
root@b4d4062be0a8:/# /etc/init.d/ssh start

Create a keypair on CentOS. Then, copy public key to clipboard.

[root@c385c6f70094 /]# ssh-keygen -t rsa
[root@c385c6f70094 /]# cat ~/.ssh/id_rsa.pub

root@b4d4062be0a8:/# mkdir ~/.ssh
root@b4d4062be0a8:/# chmod 700 ~/.ssh
root@b4d4062be0a8:/# touch ~/.ssh/authorized_keys
root@b4d4062be0a8:/# chmod 600 ~/.ssh/authorized_keys
root@b4d4062be0a8:/# vim ~/.ssh/authorized_keys

Paste the content of the clipboard to ~/.ssh/authorized_keys.

[root@c385c6f70094 /]# ssh 172.17.0.3
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.9.184-linuxkit x86_64)
...

Remote host's Host Key is added to $HOME/.ssh/known_hosts.

Create config.toml under vuls directory.

[servers]

[servers.ubuntu]
host         = "172.17.0.3"
port        = "22"
user        = "root"
keyPath     = "/path/to/.ssh/id_rsa"

Then, make sure that configuration is correct.

[root@c385c6f70094 vuls]# vuls configtest

You should now be able to scan remote host(Ubuntu) form CentOS.

[root@c385c6f70094 vuls]# vuls scan 
[Sep 19 04:56:51]  INFO [localhost] Start scanning
...

One Line Summary
================
ubuntu  ubuntu18.04 154 installed

Scan remote host from macOS

Deploy Vuls

Deploy Vuls in the same way as shown above on your local machine.

Enable ssh

$ cat ~/.ssh/id_rsa.pub

Copy public key to clipboard.

Ubuntu

root@b4d4062be0a8:/# vi ~/.ssh/authorized_keys

Add the copied text to ~/.ssh/authorized_keys.

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
b4d4062be0a8        ubuntu              "/bin/bash"         2 days ago          Up 2 days           0.0.0.0:32768->22/tcp   myubuntu
c385c6f70094        centos              "/bin/bash"         2 days ago          Up 2 days                                   mycentos

$ ssh root@localhost -p 32768

Remote host's Host Key is added to $HOME/.ssh/known_hosts.

$ vi config.toml

Touch config.toml as shown below.

[servers]

[servers.ubuntu]
host         = "localhost"
port        = "32768"
user        = "root"
keyPath     = "/path/to/id_rsa"

Now you can scan remote host from local machine!

$ vuls configtest ubuntu
[Sep 18 22:14:42]  INFO [localhost] Validating config...
[Sep 18 22:14:42]  INFO [localhost] Detecting Server/Container OS...
...
[Sep 18 22:14:42]  INFO [localhost] Scannable servers are below...
ubuntu

$ vuls scan
[Sep 18 22:15:25]  INFO [localhost] Start scanning
...


One Line Summary
================
ubuntu  ubuntu18.04 154 installed

$ vuls report -format-one-line-text
[Sep 18 22:16:03]  INFO [localhost] Validating config...
...

One Line Summary
================
ubuntu  Total: 46 (High:8 Medium:31 Low:7 ?:0)  0/46 Fixed  177 installed   1 exploits  en: 0, ja: 0 alerts