Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #300 from knqyf263/use_assumeno

Browse Source 
Use --assumeno option
This commit is contained in:
Kota Kanbe
2017-01-24 15:07:58 +09:00
committed by GitHub
parent e7ef50bedf 6c8100e5b6
commit 9216efbd2f
3 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.ja.md
View File

@@ -603,9 +603,9 @@ configtest:
スキャン対象サーバ上の`/etc/sudoers`のサンプル
- CentOS, RHEL, Amazon Linux
- CentOS, RHEL, Amazon Linux (CentOS 5の場合は`/bin/echo`も必要)
```
vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo)
```
- Ubuntu, Debian
```

4
README.md
View File

@@ -606,9 +606,9 @@ configtest:
And also, configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH.
Example of /etc/sudoers on target servers
- CentOS, RHEL
- CentOS, RHEL (CentOS 5 needs also `/bin/echo`)
```
vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo)
```
- Ubuntu, Debian
```

18
scan/redhat.go
View File

@@ -97,8 +97,13 @@ func detectRedhat(c config.ServerInfo) (itsMe bool, red osTypeInterface) {
}
func (o *redhat) checkIfSudoNoPasswd() error {
majorVersion, err := o.Distro.MajorVersion()
if err != nil {
return fmt.Errorf("Not implemented yet: %s, err: %s", o.Distro, err)
}
cmd := "yum --version"
if o.Distro.Family == "centos" {
if o.Distro.Family == "centos" && majorVersion < 6 {
cmd = "echo N | " + cmd
}
r := o.exec(cmd, o.sudo())
@@ -532,7 +537,7 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
packageNames += fmt.Sprintf("%s ", packInfo.Name)
}
command := "echo N | "
command := ""
if 0 < len(config.Conf.HTTPProxy) {
command += util.ProxyEnv()
}
@@ -544,6 +549,15 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
if config.Conf.SkipBroken {
yumopts += " --skip-broken"
}
// CentOS 5 does not have --assumeno option.
majorVersion, _ := o.Distro.MajorVersion()
if majorVersion < 6 {
command = "echo N | " + command
} else {
yumopts += " --assumeno"
}
// yum update --changelog doesn't have --color option.
command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum %s --changelog update ", yumopts) + packageNames