From 153234b6239d4ebdfa89ffe4fe809fb87378f8b9 Mon Sep 17 00:00:00 2001 From: kota kanbe Date: Wed, 29 Aug 2018 22:37:16 +0900 Subject: [PATCH] update readme --- README.md | 109 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 68 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 5e2f062c..59b300f5 100644 --- a/README.md +++ b/README.md @@ -45,50 +45,77 @@ Vuls is a tool created to solve the problems listed above. It has the following # Main Features -- Scan for any vulnerabilities in Linux/FreeBSD Server - - Supports Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD - - Cloud, on-premise, Docker -- High quality scan - - Vuls uses Multiple vulnerability databases - - [NVD](https://nvd.nist.gov/) - - [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/) - - [RedHat](https://www.redhat.com/security/data/oval/) - - [Debian](https://www.debian.org/security/oval/) - - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/) - - [SUSE](http://ftp.suse.com/pub/projects/security/oval/) - - [Oracle Linux](https://linux.oracle.com/security/oval/) - - [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/) - - RHSA/ALAS/ELSA/FreeBSD-SA - - Changelog -- Fast scan and Deep scan - - Fast Scan - - Scan without root privilege - - Scan with No internet access. (RedHat, CentOS, OracleLinux, Ubuntu and Debian) - - Almost no load on the scan target server - - Deep Scan - - Scan with root privilege - - Detect processes affected by update using yum-ps (RedHat, CentOS, OracleLinux and Amazon Linux) - - Parses the Changelog - Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. - By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software - it's possible to create a list of all vulnerabilities that need to be fixed. - - Sometimes load on the scan target server -- Remote scan and Local scan - - Remote Scan - - User is required to only setup one machine that is connected to other target servers via SSH - - Local Scan - - If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode. -- **Dynamic** Analysis - - It is possible to acquire the state of the server by connecting via SSH and executing the command - - Vuls warns when the scan target server was updated the kernel etc. but not restarting it. -- Scan middleware that are not included in OS package management - - Scan middleware, programming language libraries and framework for vulnerability - - Support software registered in CPE +## Scan for any vulnerabilities in Linux/FreeBSD Server + +[Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html) +- Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD +- Cloud, on-premise, Docker + +## High quality scan + +Vuls uses Multiple vulnerability databases +- [NVD](https://nvd.nist.gov/) +- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/) +- OVAL + - [RedHat](https://www.redhat.com/security/data/oval/) + - [Debian](https://www.debian.org/security/oval/) + - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/) + - [SUSE](http://ftp.suse.com/pub/projects/security/oval/) + - [Oracle Linux](https://linux.oracle.com/security/oval/) +- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/) +- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/) +- [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/) +- Commands(yum, zypper, pkg-audit) + - RHSA/ALAS/ELSA/FreeBSD-SA +- Changelog + +## Fast scan and Deep scan + +[Fast Scan](https://vuls.io/docs/en/architecture-fast-scan.html) +- Scan without root privilege, no dependencies +- Almost no load on the scan target server +- Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian) + +[Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html) +- Scan with root privilege +- Almost no load on the scan target server +- Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux) +- Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu) +- Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian) + +[Deep Scan](https://vuls.io/docs/en/architecture-deep-scan.html) +- Scan with root privilege +- Parses the Changelog + Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. + By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software + it's possible to create a list of all vulnerabilities that need to be fixed. +- Sometimes load on the scan target server + +## [Remote scan and Local scan](https://vuls.io/docs/en/architecture-remote-local.html) + +[Remote Scan](https://vuls.io/docs/en/architecture-remote-scan.html) +- User is required to only setup one machine that is connected to other target servers via SSH + +[Local Scan](https://vuls.io/docs/en/architecture-local-scan.html) +- If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode. + +## **Dynamic** Analysis + +- It is possible to acquire the state of the server by connecting via SSH and executing the command. +- Vuls warns when the scan target server was updated the kernel etc. but not restarting it. + +## [Scan middleware that are not included in OS package management](https://vuls.io/docs/en/usage-scan-non-os-packages.html) + +- Scan middleware, programming language libraries and framework for vulnerability +- Support software registered in CPE + +## MISC + - Nondestructive testing - Pre-authorization is *NOT* necessary before scanning on AWS - - Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly. + - Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly. - Auto generation of configuration file template - - Auto detection of servers set using CIDR, generate configuration file template + - Auto detection of servers set using CIDR, generate configuration file template - Email and Slack notification is possible (supports Japanese language) - Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI ([VulsRepo](https://github.com/usiusi360/vulsrepo)).