From 6c8100e5b62eb47a8ad1874ae2f58a89877121bf Mon Sep 17 00:00:00 2001 From: teppei-fukuda Date: Tue, 24 Jan 2017 12:24:09 +0900 Subject: [PATCH] Use --assumeno option --- README.ja.md | 4 ++-- README.md | 4 ++-- scan/redhat.go | 18 ++++++++++++++++-- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/README.ja.md b/README.ja.md index 8e3b0c5a..281eaf46 100644 --- a/README.ja.md +++ b/README.ja.md @@ -603,9 +603,9 @@ configtest: スキャン対象サーバ上の`/etc/sudoers`のサンプル -- CentOS, RHEL, Amazon Linux +- CentOS, RHEL, Amazon Linux (CentOS 5の場合は`/bin/echo`も必要) ``` -vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo +vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo) ``` - Ubuntu, Debian ``` diff --git a/README.md b/README.md index 7c5efad2..045dae86 100644 --- a/README.md +++ b/README.md @@ -606,9 +606,9 @@ configtest: And also, configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH. Example of /etc/sudoers on target servers -- CentOS, RHEL +- CentOS, RHEL (CentOS 5 needs also `/bin/echo`) ``` -vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo +vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo) ``` - Ubuntu, Debian ``` diff --git a/scan/redhat.go b/scan/redhat.go index 5b38127c..45969762 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -97,8 +97,13 @@ func detectRedhat(c config.ServerInfo) (itsMe bool, red osTypeInterface) { } func (o *redhat) checkIfSudoNoPasswd() error { + majorVersion, err := o.Distro.MajorVersion() + if err != nil { + return fmt.Errorf("Not implemented yet: %s, err: %s", o.Distro, err) + } + cmd := "yum --version" - if o.Distro.Family == "centos" { + if o.Distro.Family == "centos" && majorVersion < 6 { cmd = "echo N | " + cmd } r := o.exec(cmd, o.sudo()) @@ -532,7 +537,7 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st packageNames += fmt.Sprintf("%s ", packInfo.Name) } - command := "echo N | " + command := "" if 0 < len(config.Conf.HTTPProxy) { command += util.ProxyEnv() } @@ -544,6 +549,15 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st if config.Conf.SkipBroken { yumopts += " --skip-broken" } + + // CentOS 5 does not have --assumeno option. + majorVersion, _ := o.Distro.MajorVersion() + if majorVersion < 6 { + command = "echo N | " + command + } else { + yumopts += " --assumeno" + } + // yum update --changelog doesn't have --color option. command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum %s --changelog update ", yumopts) + packageNames