17.漏洞扫描程序Vuls部署及应用(2)

13.Vuls安装

         $ mkdir -p $GOPATH/src/github.com/future-architect

         $ cd $GOPATH/src/github.com/future-architect

         $ git clone https://github.com/future-architect/vuls.git

         $ cd vuls

         $ make install

         $ cd $GOPATH/bin

         $ ll vuls

-rwxrwxr-x 1 vulsuser vulsuser 39395056 Sep 21 21:12 vuls

         $ cd $HOME

         $ vuls -v

vuls v0.12.3 build-20200921_210247_4b680b9

14.VulsRepo安装及设置

         $ cd $HOME

         $ git clone https://github.com/usiusi360/vulsrepo.git

         $ cd $HOME/vulsrepo/server

         $ cp vulsrepo-config.toml.sample vulsrepo-config.toml

         $ vi vulsrepo-config.toml

设定修改为以下内容

[Server]

rootPath = "/home/vulsuser/vulsrepo"

resultsPath = "/home/vulsuser/results"

serverPort = "5111"

         $ mkdir -p /home/vulsuser/results

         $ sudo vi /etc/systemd/system/vulsrepo.service

插入以下内容

[Unit]

Description=vulsrepo daemon

Documentation=https://github.com/usiusi360/vulsrepo

[Service]

ExecStart = /home/vulsuser/vulsrepo/server/vulsrepo-server

ExecRestart = /bin/kill -WINCH ${MAINPID} ; /home/vulsuser/vulsrepo/server/vulsrepo-server

ExecStop = /bin/kill -WINCH ${MAINPID}

Restart = no

Type = simple

User = vulsuser

[Install]

WantedBy = multi-user.target

         $ sudo systemctl list-unit-files --type=service | grep vulsrepo

         $ sudo systemctl start vulsrepo.service

         $ sudo systemctl status vulsrepo.service

● vulsrepo.service - vulsrepo daemon

  Loaded: loaded (/etc/systemd/system/vulsrepo.service; enabled; vendor preset: disabled)

  Active: active (running) since Mon 2020-09-21 21:53:01 EDT; 27min ago

    Docs: https://github.com/usiusi360/vulsrepo

  Process: 3182 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)

Main PID: 3187 (vulsrepo-server)

    Tasks: 4

  CGroup: /system.slice/vulsrepo.service

          └─3187 /home/vulsuser/vulsrepo/server/vulsrepo-server

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/lz-string/lz-string.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.collapser.js/jquery.collapser.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/clipboard.js/clipboard.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.balloon/jquery.balloon.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_param.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/Chart.js/Chart.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_common.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/bootstrap-drawer/js/drawer.min.js

Sep 21 21:58:49 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:49 main.go:202: /dist/img/loading.gif

         $ sudo systemctl enable vulsrepo

15.VulsRepo登录认证

         $ cd /home/vulsuser/vulsrepo/server

         $ ./vulsrepo-server -m

         $ vi vulsrepo-config.toml

修改为以下内容

[Auth]

authFilePath = "/home/vulsuser/.htdigest"

realm = "vulsrepo_local"

         $ sudo systemctl restart vulsrepo.service

         $ cd $HOME

创建远程扫描公钥

         $ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/vulsuser/.ssh/id_rsa):

Created directory '/home/vulsuser/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/vulsuser/.ssh/id_rsa.

Your public key has been saved in /home/vulsuser/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:pGvbMmXfgjywJAzWeVUmcDaPnSE8CED7/HnxMkv4uYg vulsuser@chefserver

The key's randomart image is:

+---[RSA 2048]----+

| .o....+*.+      |

|  .  .o+O o    |

|  .. . .o.+      |

|  ooo .o        |

| . oo.. S        |

|    o.o+oo      |

|    o**=o..    |

|    o+B+=o .    |

|    E oo*o .    |

+----[SHA256]-----+

         $ cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver

公钥拷贝到扫描对象服务器(localhost)

         # cat /etc/ssh/key/authorized_keys.root

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver

扫描配置设置

         $ cd $HOME

         $ mkdir config.d

         $ cd config.d

         $ vi scan.toml

插入以下内容

#数据库设置

[cveDict]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/cve.sqlite3"

[ovalDict]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/oval.sqlite3"

[gost]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/gost.sqlite3"

[exploit]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/go-exploitdb.sqlite3"

#一般设置

[default]

port              = "22"

user              = "root"

keyPath            = "/home/vulsuser/.ssh/id_rsa"

scanMode          = ["fast"]

ignoreCves        = ["CVE-2014-6271"]

#扫描对象设置

[servers]

[servers.localhost]

host = "localhost"

port = "local"

[servers.chefserver]

host = "X.X.X.X"

测试扫描

         $ vuls configtest -config=/home/vulsuser/config.d/scan.toml localhost

[Sep 21 22:11:13]  INFO [localhost] Validating config...

[Sep 21 22:11:13]  INFO [localhost] Detecting Server/Container OS...

[Sep 21 22:11:13]  INFO [localhost] Detecting OS of servers...

[Sep 21 22:11:13]  INFO [localhost] (1/1) Detected: localhost: centos 7.7.1908

[Sep 21 22:11:13]  INFO [localhost] Detecting OS of containers...

[Sep 21 22:11:13]  INFO [localhost] Checking Scan Modes...

[Sep 21 22:11:13]  INFO [localhost] Checking dependencies...

[Sep 21 22:11:13]  INFO [localhost] Dependencies ... Pass

[Sep 21 22:11:13]  INFO [localhost] Checking sudo settings...

[Sep 21 22:11:13]  INFO [localhost] Sudo... Pass

[Sep 21 22:11:13]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode

[Sep 21 22:11:13]  INFO [localhost] Scannable servers are below...

localhost

16.vulsrepo页面查看

关联URL

中国最可靠的 Go 模块代理:https://goproxy.cn/

nvd官方网站:https://nvd.nist.gov/

go-cve-dictionary GIT:https://github.com/kotakanbe/go-cve-dictionary

RedHat cve:https://access.redhat.com/security/security-updates/#/cve

vuls GIT:https://github.com/future-architect/vuls/

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 206,214评论 6 481
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 88,307评论 2 382
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 152,543评论 0 341
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 55,221评论 1 279
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 64,224评论 5 371
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,007评论 1 284
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,313评论 3 399
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,956评论 0 259
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 43,441评论 1 300
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,925评论 2 323
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,018评论 1 333
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,685评论 4 322
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,234评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,240评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,464评论 1 261
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 45,467评论 2 352
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,762评论 2 345

推荐阅读更多精彩内容