Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix-english

Browse Source
This commit is contained in:
hagiwara
2016-04-01 14:52:18 +09:00
parent 9ee9641a8a
commit 802f0d67ec
1 changed files with 32 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@@ -5,8 +5,7 @@
Vulnerability scanner for Linux, agentless, written in golang.
[README in Japanese](https://github.com/future-architect/vuls/blob/master/README.ja.md)
We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)
[README in Japanese](https://github.com/future-architect/vuls/blob/master/README.ja.md)
[![asciicast](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck.png)](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck)
@@ -59,10 +58,7 @@ Vuls is a tool created to solve the problems listed above. It has the following
----
# Hello Vuls
Describe how to scan the vulnerabilites that is included on the localhost.
Procedure is as follows.
# step-by-step explanation
1. Launch Amazon Linux
1. Enable to ssh from localhost
@@ -76,11 +72,11 @@ Procedure is as follows.
## 1. Launch Amazon Linux
- For the purpose of explanation, using the old AMI (amzn-ami-hvm-2015.09.1.x86_64-gp2 - ami-383c1956)
- We are using the old AMI (amzn-ami-hvm-2015.09.1.x86_64-gp2 - ami-383c1956) for this example
- Instance size: t2.medium
- Unable to work on t2.small, micro, nano, Because 2.3GB memory is needed during data fetch from NVD for the first time.
- After the initial data fetch has been completed, It is able to run on t2.nano
- Add the following to the cloud-init, to prevent from automatically update at the first launch.
- For the first time, t2.medium and above is required for the data fetch from NVD
- You can switch to t2.nano after the initial data fetch.
- Add the following to the cloud-init, to avoid auto-update at the first launch.
- [Q: How do I disable the automatic installation of critical and important security updates on initial launch?](https://aws.amazon.com/amazon-linux-ami/faqs/?nc1=h_ls)
```
@@ -88,7 +84,7 @@ Procedure is as follows.
repo_upgrade: none
```
## 2. Enable to ssh from localhost
## 2. Generate a ssh-key on local machine
Create a keypair then append public key to authorized_keys
```bash
@@ -113,7 +109,7 @@ $ wget https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz
$ sudo tar -C /usr/local -xzf go1.6.linux-amd64.tar.gz
$ mkdir $HOME/go
```
Put these lines into /etc/profile.d/goenv.sh
Add these lines into /etc/profile.d/goenv.sh
```bash
export GOROOT=/usr/local/go
@@ -148,7 +144,7 @@ $ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cve.sqlite3
```
Now we has vulnerbility data, So start as server mode again.
Now we successfully collected vulnerbility data, then start as server mode again.
```bash
$ go-cve-dictionary server
[Mar 24 15:21:55] INFO Opening DB. datafile: /home/ec2-user/cve.sqlite3
@@ -159,7 +155,7 @@ $ go-cve-dictionary server
## 5. Deploy vuls
Launch a new terminal, SSH to the ec2.
Launch a new terminal, SSH to the ec2 instance.
go get
```
@@ -181,14 +177,13 @@ user = "ec2-user"
keyPath = "/home/ec2-user/.ssh/id_rsa"
```
## 7. Prepare
## 7. Initializing Vuls
```
$ vuls prepare
```
## 8. Scan
## 8. Start Scanning
```
$ vuls scan
@@ -223,7 +218,7 @@ Package/CPE java-1.7.0-openjdk-1.7.0.91-2.6.2.2.63.amzn1 -> java-1.7.0-openj
## 9. TUI
Vuls has Terminal-Based User Interface to see the latest scan.
Vuls has Terminal-Based User Interface to display the scan result.
```
$ vuls tui
@@ -242,14 +237,14 @@ $ vuls tui
- Fetch vulnerbility information from NVD, JVN(Japanese), then insert into SQLite.
## Vuls
- Scan vulnerabilities that exist on servers, to get a list of the CVE ID
- Scan vulnerabilities of the servers and generate a list of the CVE ID
- In order to get more information of the detected CVE, send HTTP request to go-cve-dictinary
- Send the report by Slack, Email
- System operator can see the latest report by terminal
- Send a report by Slack, Email
- System operator can view the latest report by terminal
----
# Usecase
# Use cases
## Scan all servers
@@ -278,7 +273,7 @@ web/app server in the same configuration under the load balancer
# Usage: Automatic Server Discovery
Discovery subcommand discovers active servers which specifed in CIDR range, then print the template of config file(TOML format) to terminal.
Discovery subcommand discovers active servers specifed in CIDR range, then print the template of config file(TOML format) to terminal.
```
$ vuls discover -help
@@ -351,7 +346,7 @@ You can customize your configuration using this template.
- hookURL : Incomming webhook's URL
- channel : channel name.
If you set #{servername} to channel, the report will be sent to #servername channel.
In the following example, the report will be sent to #server1 and #server2.
In the following example, the report will be sent to the #server1 and #server2.
Be sure to create these channels before scanning.
```
[slack]
@@ -371,7 +366,7 @@ You can customize your configuration using this template.
- iconEmoji: emoji
- authUser: username of the slack team
- notifyUsers: a list of Slack usernames to send Slack notification.
- notifyUsers: a list of Slack usernames to send Slack notifications.
If you set ["@foo", "@bar"] to notifyUsers, @foo @bar will be included in text.
So @foo, @bar can receive mobile push notifications on their smartphone.
@@ -397,7 +392,7 @@ You can customize your configuration using this template.
#keyPath = "/home/username/.ssh/id_rsa"
#keyPassword = "password"
```
Items that are not specified in the server section will be set those items of the defualt section.
Items of the defualt section will be used if not specified.
- servers section
```
@@ -414,8 +409,8 @@ You can customize your configuration using this template.
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
```
You can overwrite the default value that specified in default section.
Vuls supports multiple SSH authentication method.
You can overwrite the default value specified in default section.
Vuls supports multiple SSH authentication methods.
- SSH agent
- SSH public key authentication (with password, empty password)
- Password authentication
@@ -496,7 +491,7 @@ scan:
## example
Run go-cve-dictionary as server mdoe before scanning.
Run go-cve-dictionary as server mode before scanning.
```
$ go-cve-dictionary server
```
@@ -505,17 +500,17 @@ $ go-cve-dictionary server
```
$ vuls scan --report-slack --report-mail --cvss-over=7
```
Examples of the above are the following meanings...
With this sample command, it will ..
- Scan all servers defined in config file
- Send scan resulsts to slack, email
- Only Reporting CVEs that CVSS score over 7
- Send scan results to slack and email
- Only Reporting CVEs that CVSS score is over 7
- Print scan result to terminal
### Scan specified servers
### Scan specific servers
```
$ vuls scan server1 server2
```
Examples of the above are the following meanings...
With this sample command, it will ..
- Scan only 2 servers. (server1, server2)
- Print scan result to terminal
@@ -523,14 +518,14 @@ Examples of the above are the following meanings...
# Usage: Scan vulnerability of non-OS package
Vuls is possible to detect vulnerabilities something you compiled by yourself or library of language, framework that has been registered in the [CPE](https://nvd.nist.gov/cpe.cfm).
It is possible to detect vulnerabilities something you compiled by yourself or the language libraries and the frameworks that have been registered in the [CPE](https://nvd.nist.gov/cpe.cfm).
- How to search CPE name by software name
- [NVD: Search Common Platform Enumerations (CPE)](https://web.nvd.nist.gov/view/cpe/search)
**Check CPE Naming Format: 2.2**
- Configuration
If you want to detect the vulnerbility of Ruby on Rails v4.2.1, define as below.
If you want to detect the vulnerbility of Ruby on Rails v4.2.1, here is an example.
```
[servers]
@@ -570,7 +565,7 @@ fetchnvd:
$ go-cve-dictionary fetchnvd -entire
```
- Fetch data last 2 years
- Fetch data of the last 2 years
```
$ go-cve-dictionary fetchnvd -last2y