Merge pull request #143 from future-architect/sudo-require-tty
Fix no tty error while executing with -external-ssh option
This commit is contained in:
Kota Kanbe
@@ -669,7 +669,11 @@ Vulsは2種類のSSH接続方法をサポートしている。
|
||||
これは、SSHコマンドがインストールされていない環境でも動作する(Windowsなど)
|
||||
|
||||
外部SSHコマンドを使ってスキャンするためには、`-ssh-external`を指定する。
|
||||
SSH Configが使えるので、ProxyCommandを使った多段SSHなどが可能。
|
||||
SSH Configが使えるので、ProxyCommandを使った多段SSHなどが可能。
|
||||
CentOSでは、スキャン対象サーバの/etc/sudoersに以下を追加する必要がある(user: vuls)
|
||||
```
|
||||
Defaults:vuls !requiretty
|
||||
```
|
||||
|
||||
## -ask-key-password option
|
||||
|
||||
|
||||
@@ -669,6 +669,11 @@ This is useful in situations where you may not have access to traditional UNIX t
|
||||
|
||||
To use external ssh command, specify this option.
|
||||
This is useful If you want to use ProxyCommand or chiper algorithm of SSH that is not supported by native go implementation.
|
||||
Don't forget to add below line to /etc/sudoers on the target servers. (username: vuls)
|
||||
```
|
||||
Defaults:vuls !requiretty
|
||||
```
|
||||
|
||||
|
||||
## -ask-key-password option
|
||||
|
||||
|
||||
@@ -303,30 +303,19 @@ func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error)
|
||||
|
||||
// { packageName: changelog-lines }
|
||||
var rpm2changelog map[string]*string
|
||||
if !config.Conf.SSHExternal {
|
||||
allChangelog, err := o.getAllChangelog(packInfoList)
|
||||
if err != nil {
|
||||
o.log.Errorf("Failed to getAllchangelog. err: %s", err)
|
||||
return nil, err
|
||||
}
|
||||
rpm2changelog, err = o.parseAllChangelog(allChangelog)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to parseAllChangelog. err: %s", err)
|
||||
}
|
||||
allChangelog, err := o.getAllChangelog(packInfoList)
|
||||
if err != nil {
|
||||
o.log.Errorf("Failed to getAllchangelog. err: %s", err)
|
||||
return nil, err
|
||||
}
|
||||
rpm2changelog, err = o.parseAllChangelog(allChangelog)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed to parseAllChangelog. err: %s", err)
|
||||
}
|
||||
|
||||
var results []PackInfoCveIDs
|
||||
for i, packInfo := range packInfoList {
|
||||
changelog := ""
|
||||
if !config.Conf.SSHExternal {
|
||||
changelog = o.getChangelogCVELines(rpm2changelog, packInfo)
|
||||
} else {
|
||||
changelog, err = o.getChangelog(packInfo.Name)
|
||||
if err != nil {
|
||||
o.log.Errorf("Failed to collect CVE IDs. err: %s", err)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
changelog := o.getChangelogCVELines(rpm2changelog, packInfo)
|
||||
|
||||
// Collect unique set of CVE-ID in each changelog
|
||||
uniqueCveIDMap := make(map[string]bool)
|
||||
@@ -470,25 +459,6 @@ func (o *redhat) parseYumCheckUpdateLine(line string) (models.PackageInfo, error
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (o *redhat) getChangelog(packageNames string) (stdout string, err error) {
|
||||
command := ""
|
||||
if o.ServerInfo.User == "root" {
|
||||
command = "echo N | "
|
||||
}
|
||||
if 0 < len(config.Conf.HTTPProxy) {
|
||||
command += util.ProxyEnv()
|
||||
}
|
||||
|
||||
// yum update --changelog doesn't have --color option.
|
||||
command += fmt.Sprintf(" yum update --changelog %s | grep CVE", packageNames)
|
||||
|
||||
r := o.ssh(command, sudo)
|
||||
if !r.isSuccess(0, 1) {
|
||||
return "", fmt.Errorf("Failed to SSH: %s", r)
|
||||
}
|
||||
return r.Stdout, nil
|
||||
}
|
||||
|
||||
func (o *redhat) mkPstring() *string {
|
||||
str := ""
|
||||
return &str
|
||||
@@ -609,7 +579,7 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
|
||||
}
|
||||
|
||||
// yum update --changelog doesn't have --color option.
|
||||
command += fmt.Sprintf(" yum update --changelog %s", packageNames)
|
||||
command += fmt.Sprintf(" LANG=en_US.UTF-8 yum update --changelog %s", packageNames)
|
||||
|
||||
r := o.ssh(command, sudo)
|
||||
if !r.isSuccess(0, 1) {
|
||||
|
||||
@@ -126,7 +126,7 @@ func parallelSSHExec(fn func(osTypeInterface) error, timeoutSec ...int) (errs []
|
||||
}
|
||||
|
||||
func sshExec(c conf.ServerInfo, cmd string, sudo bool, log ...*logrus.Entry) (result sshResult) {
|
||||
if runtime.GOOS == "windows" || !conf.Conf.SSHExternal {
|
||||
if isSSHExecNative() {
|
||||
result = sshExecNative(c, cmd, sudo)
|
||||
} else {
|
||||
result = sshExecExternal(c, cmd, sudo)
|
||||
@@ -137,6 +137,10 @@ func sshExec(c conf.ServerInfo, cmd string, sudo bool, log ...*logrus.Entry) (re
|
||||
return
|
||||
}
|
||||
|
||||
func isSSHExecNative() bool {
|
||||
return runtime.GOOS == "windows" || !conf.Conf.SSHExternal
|
||||
}
|
||||
|
||||
func sshExecNative(c conf.ServerInfo, cmd string, sudo bool) (result sshResult) {
|
||||
result.Servername = c.ServerName
|
||||
result.Host = c.Host
|
||||
@@ -203,6 +207,7 @@ func sshExecExternal(c conf.ServerInfo, cmd string, sudo bool) (result sshResult
|
||||
}
|
||||
|
||||
defaultSSHArgs := []string{
|
||||
"-t",
|
||||
"-o", "StrictHostKeyChecking=no",
|
||||
"-o", "UserKnownHostsFile=/dev/null",
|
||||
"-o", "LogLevel=quiet",
|
||||
@@ -289,6 +294,7 @@ func decolateCmd(c conf.ServerInfo, cmd string, sudo bool) string {
|
||||
cmd = fmt.Sprintf(`docker exec %s /bin/bash -c "%s"`, c.Container.ContainerID, cmd)
|
||||
}
|
||||
}
|
||||
// cmd = fmt.Sprintf("set -x; %s", cmd)
|
||||
return cmd
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user