From e743177ae6d521d0bfe56b025efcdc6c30daa50d Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Thu, 9 Feb 2017 17:43:15 +0900 Subject: [PATCH] Do not use sudo when echo --- README.ja.md | 4 ++-- README.md | 4 ++-- scan/redhat.go | 17 ++--------------- scan/sshutil.go | 3 +++ 4 files changed, 9 insertions(+), 19 deletions(-) diff --git a/README.ja.md b/README.ja.md index 15a6b08e..3c55aff9 100644 --- a/README.ja.md +++ b/README.ja.md @@ -606,9 +606,9 @@ configtest: スキャン対象サーバ上の`/etc/sudoers`のサンプル -- CentOS, RHEL, Amazon Linux (CentOS 5の場合は`/bin/echo`も必要) +- CentOS, RHEL, Amazon Linux ``` -vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo) +vuls ALL=(root) NOPASSWD: /usr/bin/yum ``` - Ubuntu, Debian ``` diff --git a/README.md b/README.md index 209a0261..0d60d4a3 100644 --- a/README.md +++ b/README.md @@ -609,9 +609,9 @@ configtest: And also, configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH. Example of /etc/sudoers on target servers -- CentOS, RHEL (CentOS 5 needs also `/bin/echo`) +- CentOS, RHEL ``` -vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo) +vuls ALL=(root) NOPASSWD: /usr/bin/yum ``` - Ubuntu, Debian ``` diff --git a/scan/redhat.go b/scan/redhat.go index b0d7c610..e37d6c7f 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -97,13 +97,8 @@ func detectRedhat(c config.ServerInfo) (itsMe bool, red osTypeInterface) { } func (o *redhat) checkIfSudoNoPasswd() error { - majorVersion, err := o.Distro.MajorVersion() - if err != nil { - return fmt.Errorf("Not implemented yet: %s, err: %s", o.Distro, err) - } - cmd := "yum --version" - if o.Distro.Family == "centos" && majorVersion < 6 { + if o.Distro.Family == "centos" { cmd = "echo N | " + cmd } r := o.exec(cmd, o.sudo()) @@ -537,7 +532,7 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st packageNames += fmt.Sprintf("%s ", packInfo.Name) } - command := "" + command := "echo N | " if 0 < len(config.Conf.HTTPProxy) { command += util.ProxyEnv() } @@ -550,14 +545,6 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st yumopts += " --skip-broken" } - // CentOS 5 does not have --assumeno option. - majorVersion, _ := o.Distro.MajorVersion() - if majorVersion < 6 { - command = "echo N | " + command - } else { - yumopts += " --assumeno" - } - // yum update --changelog doesn't have --color option. command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum %s --changelog update ", yumopts) + packageNames diff --git a/scan/sshutil.go b/scan/sshutil.go index fa094ce7..31e75e87 100644 --- a/scan/sshutil.go +++ b/scan/sshutil.go @@ -328,6 +328,9 @@ func decolateCmd(c conf.ServerInfo, cmd string, sudo bool) string { if sudo && c.User != "root" && !c.IsContainer() { cmd = fmt.Sprintf("sudo -S %s", cmd) cmd = strings.Replace(cmd, "|", "| sudo ", -1) + + // echo command does not need sudo (for CentOS) + cmd = strings.Replace(cmd, "sudo -S echo", "echo", -1) } if c.Distro.Family != "FreeBSD" {