13.Vuls安装
$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install
$ cd $GOPATH/bin
$ ll vuls
-rwxrwxr-x 1 vulsuser vulsuser 39395056 Sep 21 21:12 vuls
$ cd $HOME
$ vuls -v
vuls v0.12.3 build-20200921_210247_4b680b9
14.VulsRepo安装及设置
$ cd $HOME
$ git clone https://github.com/usiusi360/vulsrepo.git
$ cd $HOME/vulsrepo/server
$ cp vulsrepo-config.toml.sample vulsrepo-config.toml
$ vi vulsrepo-config.toml
设定修改为以下内容
[Server]
rootPath = "/home/vulsuser/vulsrepo"
resultsPath = "/home/vulsuser/results"
serverPort = "5111"
$ mkdir -p /home/vulsuser/results
$ sudo vi /etc/systemd/system/vulsrepo.service
插入以下内容
[Unit]
Description=vulsrepo daemon
Documentation=https://github.com/usiusi360/vulsrepo
[Service]
ExecStart = /home/vulsuser/vulsrepo/server/vulsrepo-server
ExecRestart = /bin/kill -WINCH ${MAINPID} ; /home/vulsuser/vulsrepo/server/vulsrepo-server
ExecStop = /bin/kill -WINCH ${MAINPID}
Restart = no
Type = simple
User = vulsuser
[Install]
WantedBy = multi-user.target
$ sudo systemctl list-unit-files --type=service | grep vulsrepo
$ sudo systemctl start vulsrepo.service
$ sudo systemctl status vulsrepo.service
● vulsrepo.service - vulsrepo daemon
Loaded: loaded (/etc/systemd/system/vulsrepo.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-09-21 21:53:01 EDT; 27min ago
Docs: https://github.com/usiusi360/vulsrepo
Process: 3182 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 3187 (vulsrepo-server)
Tasks: 4
CGroup: /system.slice/vulsrepo.service
└─3187 /home/vulsuser/vulsrepo/server/vulsrepo-server
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/lz-string/lz-string.min.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.collapser.js/jquery.collapser.min.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/clipboard.js/clipboard.min.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.balloon/jquery.balloon.min.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_param.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/Chart.js/Chart.min.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_common.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo.js
Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/bootstrap-drawer/js/drawer.min.js
Sep 21 21:58:49 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:49 main.go:202: /dist/img/loading.gif
$ sudo systemctl enable vulsrepo
15.VulsRepo登录认证
$ cd /home/vulsuser/vulsrepo/server
$ ./vulsrepo-server -m
$ vi vulsrepo-config.toml
修改为以下内容
[Auth]
authFilePath = "/home/vulsuser/.htdigest"
realm = "vulsrepo_local"
$ sudo systemctl restart vulsrepo.service
$ cd $HOME
创建远程扫描公钥
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vulsuser/.ssh/id_rsa):
Created directory '/home/vulsuser/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vulsuser/.ssh/id_rsa.
Your public key has been saved in /home/vulsuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pGvbMmXfgjywJAzWeVUmcDaPnSE8CED7/HnxMkv4uYg vulsuser@chefserver
The key's randomart image is:
+---[RSA 2048]----+
| .o....+*.+ |
| . .o+O o |
| .. . .o.+ |
| ooo .o |
| . oo.. S |
| o.o+oo |
| o**=o.. |
| o+B+=o . |
| E oo*o . |
+----[SHA256]-----+
$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver
公钥拷贝到扫描对象服务器(localhost)
# cat /etc/ssh/key/authorized_keys.root
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver
扫描配置设置
$ cd $HOME
$ mkdir config.d
$ cd config.d
$ vi scan.toml
插入以下内容
#数据库设置
[cveDict]
type = "sqlite3"
SQLite3Path = "/home/vulsuser/cve.sqlite3"
[ovalDict]
type = "sqlite3"
SQLite3Path = "/home/vulsuser/oval.sqlite3"
[gost]
type = "sqlite3"
SQLite3Path = "/home/vulsuser/gost.sqlite3"
[exploit]
type = "sqlite3"
SQLite3Path = "/home/vulsuser/go-exploitdb.sqlite3"
#一般设置
[default]
port = "22"
user = "root"
keyPath = "/home/vulsuser/.ssh/id_rsa"
scanMode = ["fast"]
ignoreCves = ["CVE-2014-6271"]
#扫描对象设置
[servers]
[servers.localhost]
host = "localhost"
port = "local"
[servers.chefserver]
host = "X.X.X.X"
测试扫描
$ vuls configtest -config=/home/vulsuser/config.d/scan.toml localhost
[Sep 21 22:11:13] INFO [localhost] Validating config...
[Sep 21 22:11:13] INFO [localhost] Detecting Server/Container OS...
[Sep 21 22:11:13] INFO [localhost] Detecting OS of servers...
[Sep 21 22:11:13] INFO [localhost] (1/1) Detected: localhost: centos 7.7.1908
[Sep 21 22:11:13] INFO [localhost] Detecting OS of containers...
[Sep 21 22:11:13] INFO [localhost] Checking Scan Modes...
[Sep 21 22:11:13] INFO [localhost] Checking dependencies...
[Sep 21 22:11:13] INFO [localhost] Dependencies ... Pass
[Sep 21 22:11:13] INFO [localhost] Checking sudo settings...
[Sep 21 22:11:13] INFO [localhost] Sudo... Pass
[Sep 21 22:11:13] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Sep 21 22:11:13] INFO [localhost] Scannable servers are below...
localhost
16.vulsrepo页面查看
关联URL
中国最可靠的 Go 模块代理:https://goproxy.cn/
nvd官方网站:https://nvd.nist.gov/
go-cve-dictionary GIT:https://github.com/kotakanbe/go-cve-dictionary
RedHat cve:https://access.redhat.com/security/security-updates/#/cve
vuls GIT:https://github.com/future-architect/vuls/