diff --git a/.gitignore b/.gitignore index 97ee0273..fc852d94 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ vendor/ log/ results/ *config.toml +!setup/docker/* diff --git a/README.ja.md b/README.ja.md index 8df0f87a..1f24a11d 100644 --- a/README.ja.md +++ b/README.ja.md @@ -65,7 +65,6 @@ Vulsは上に挙げた手動運用での課題を解決するツールであり Vulsのセットアップは以下の3パターンがある - Dockerコンテナ上にセットアップ -Docker Composeを用いて少ないコマンドでセットアップ可能 see https://github.com/future-architect/vuls/tree/master/setup/docker [日本語README](https://github.com/future-architect/vuls/blob/master/setup/docker/README.ja.md) - Chefでセットアップ diff --git a/setup/docker/README.ja.md b/setup/docker/README.ja.md deleted file mode 100644 index 831060c8..00000000 --- a/setup/docker/README.ja.md +++ /dev/null @@ -1,101 +0,0 @@ -# Vuls on Docker - -## What's Vuls-On-Docker - -- 数個のコマンドを実行するだけでVulsとvulsrepoのセットアップが出来るスクリプト -- Dockerコンテナ上にVulsと[vulsrepo](https://github.com/usiusi360/vulsrepo)をセットアップ可能 -- スキャン結果をvulsrepoでブラウザで分析可能 -- 脆弱性データベースの更新が可能 -- モジュールのアップデートが可能 - -## Setting up your machine - -1. [Install Docker](https://docs.docker.com/engine/installation/) -2. [Install Docker-Compose](https://docs.docker.com/compose/install/) -3. 実行前に以下のコマンドが実行可能なことを確認する - - ``` - $ docker version - $ docker-compose version - ``` - -4. Vulsをgit clone - ``` - mkdir work - cd work - git clone https://github.com/future-architect/vuls.git - cd vuls/setup/docker - ``` - -## Start A Vuls Container - -- 以下のコマンドを実行してコンテナをビルドする - - ``` - $ docker-compose up -d - ``` - -## Setting up Vuls - -1. スキャン対象サーバのSSH秘密鍵を保存(vuls/setup/docker/conf/)する -2. config.toml(vuls/setup/docker/conf/config.toml) を環境に合わせて作成する - - ``` - [servers] - - [servers.172-31-4-82] - host = "172.31.4.82" - user = "ec2-user" - keyPath = "conf/id_rsa" - ``` - -## Fetch Vulnerability database - -- NVDから脆弱性データベースを取得する - ``` - $ docker exec -t vuls scripts/fetch_nvd_all.sh - ``` - -- レポートを日本語化する場合は、JVNから脆弱性データを取得する - ``` - $ docker exec -t vuls scripts/fetch_jvn_all.sh - ``` - -## Scan servers with Vuls-On-Docker - -- スキャンを実行する - - ``` - $ docker exec -t vuls vuls prepare -config=conf/config.toml - $ docker exec -t vuls scripts/scan_for_vulsrepo.sh - ``` - -## See the results in a browser - -``` -http://${Vuls_Host}/vulsrepo/ -``` - -# Update modules - -- vuls, go-cve-dictionary, vulsrepoのモジュールをアップデートする - ``` - $ docker exec -t vuls scripts/update_modules.sh - ``` - -# Update Vulnerability database - -- NVDの過去2年分の脆弱性データベースを更新する - ``` - $ docker exec -t vuls scripts/fetch_nvd_last2y.sh - ``` - -- JVNの過去1ヶ月分の脆弱性データベースを更新する - ``` - $ docker exec -t vuls scripts/fetch_jvn_month.sh - ``` - -- JVNの過去1週間分の脆弱性データベースを更新する - ``` - $ docker exec -t vuls scripts/fetch_jvn_week.sh - ``` diff --git a/setup/docker/README.md b/setup/docker/README.md index 2df2d58d..5f635837 100644 --- a/setup/docker/README.md +++ b/setup/docker/README.md @@ -1,87 +1,106 @@ -# Vuls on Docker +# Vuls Docker components -## What's Vuls-On-Docker +This is the Git repo of the official Docker image for vuls. -- This is a dockernized-Vuls with vulsrepo UI in it. -- It's designed to reduce the cost of installation and the dependencies that vuls requires. -- You can run install and run Vuls on your machine with only a few commands. -- The result can be viewed with a browser +# Supported tags and respective `Dockerfile` links -## Setting up your machine - -1. [Install Docker](https://docs.docker.com/engine/installation/) -2. [Install Docker-Compose](https://docs.docker.com/compose/install/) -3. Make sure that you can run the following commands before you move on. +- go-cve-dictionary + - [`latest` (*go-cve-dictionary:latest Dockerfile*)]() +- vuls + - [`latest` (*vuls:latest Dockerfile*)]() +- vulsrepo + - [`latest` (*vulsrepo:latest Dockerfile*)]() - ``` - $ docker version - $ docker-compose version - ``` - -4. git clone vuls - ``` - mkdir work - cd work - git clone https://github.com/future-architect/vuls.git - cd vuls/setup/docker - ``` +This image version is same as the github repository version. +# How to use this image +1. fetch nvd (vuls/go-cve-dictionary) +1. configuration (vuls/vuls) +1. prepare (vuls/vuls) +1. scan (vuls/vuls) +1. vulsrepo (vuls/vulsrepo) -## Start A Vuls Container +## Step1. Fetch NVD -- Execute the following command to build and run a Vuls Container - - ``` - $ docker-compose up -d - ``` - -## Setting up Vuls - -1. Locate ssh-keys of target servers in (vuls/setup/docker/conf/) -2. Create and adjust config.toml(vuls/setup/docker/conf/config.toml) to your environment - - ``` - [servers] - - [servers.172-31-4-82] - host = "172.31.4.82" - user = "ec2-user" - keyPath = "conf/id_rsa" - ``` - -## Fetch Vulnerability database - -- Fetch Vulnerability database from NVD - ``` - $ docker exec -t vuls scripts/fetch_nvd_all.sh - ``` - -## Scan servers with Vuls-On-Docker - -- Use the embedded script to scan servers for vulsrepo(or run whatever with docker exec) - - ``` - $ docker exec -t vuls vuls prepare -config=conf/config.toml - $ docker exec -t vuls scripts/scan_for_vulsrepo.sh - ``` - -## See the results in a browser - -``` -http://${Vuls_Host}/vulsrepo/ +```console +$ for i in {2002..2016}; do \ + docker run --rm -it \ + -v $PWD:/vuls vuls/go-cve-dictionary fetchnvd -years $i; \ + done ``` -# Update modules +## Step2. Configuration -- update vuls, go-cve-dictionary, vulsrepo - ``` - $ docker exec -t vuls scripts/update_modules.sh - ``` +Create config.toml referring to [this](https://github.com/future-architect/vuls#configuration). -# Update Vulnerability database +```toml +[servers] -- Fetch Vulnerability database from NVD - ``` - $ docker exec -t vuls scripts/fetch_nvd_last2y.sh - ``` +[servers.amazon] +host = "54.249.93.16" +port = "22" +user = "vuls-user" +keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker +``` +  + +```console +$ docker run --rm \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + vuls/vuls configtest \ + -config=./config.toml # path to config.toml in docker +``` + +## Step3. Prepare + +```console +$ docker run --rm \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + vuls/vuls prepare \ + -config=./config.toml # path to config.toml in docker +``` + +## Step4. Scan + +```console +$ docker run --rm -it \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + -v /etc/localtime:/etc/localtime:ro \ + -e "TZ=Asia/Tokyo" \ + vuls/vuls scan \ + -cve-dictionary-dbpath=/vuls/cve.sqlite3 \ + -config=./config.toml \ # path to config.toml in docker + -report-json +``` + +## Step5. vulsrepo + +```console +$docker run -dt \ + -v $PWD:/vuls \ + -p 80:80 \ + vuls/vulsrepo +``` + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`docker/` directory]() of the [`future-architect/vuls` GitHub repo](https://github.com/future-architect/vuls). + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/future-architect/vuls/issues). + +## Contributing + +1. fork a repository: github.com/future-architect/vuls to github.com/you/repo +1. get original code: go get github.com/future-architect/vuls +1. work on original code +1. add remote to your repo: git remote add myfork https://github.com/you/repo.git +1. push your changes: git push myfork +1. create a new Pull Request diff --git a/setup/docker/base/latest/Dockerfile b/setup/docker/base/latest/Dockerfile new file mode 100644 index 00000000..43b4aedd --- /dev/null +++ b/setup/docker/base/latest/Dockerfile @@ -0,0 +1,12 @@ +FROM golang:1.7.1 + +MAINTAINER hikachan sadayuki-matsuno + +# glide install +ENV GLIDE_VERSION 0.12.2 +ENV GLIDE_DOWNLOAD_URL https://github.com/Masterminds/glide/releases/download/v$GLIDE_VERSION/glide-v$GLIDE_VERSION-linux-amd64.tar.gz +RUN curl -fsSL "$GLIDE_DOWNLOAD_URL" -o glide.tar.gz \ + && mkdir /usr/local/glide \ + && tar -C /usr/local/glide -xzf glide.tar.gz \ + && ln -s /usr/local/glide/linux-amd64/glide /usr/local/bin/ \ + && rm glide.tar.gz diff --git a/setup/docker/base/latest/README.md b/setup/docker/base/latest/README.md new file mode 100644 index 00000000..de795289 --- /dev/null +++ b/setup/docker/base/latest/README.md @@ -0,0 +1,14 @@ +# Vuls-Base-Docker + +This is the Git repo of the official Docker image for vuls-base. +See the [Hub page](https://hub.docker.com/r/vuls/vuls-base/) for the full readme on how to use the Docker image and for information regarding contributing and issues. + +# Supported tags and respective `Dockerfile` links + +- [`0.1.0`, `latest` (*vuls-base:0.1.0 Dockerfile*)]() + + +# What is vuls-base? + +Base images of vuls and go-cve-dictionary. + diff --git a/setup/docker/conf/.gitkeep b/setup/docker/conf/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/setup/docker/docker-compose.yml b/setup/docker/docker-compose.yml deleted file mode 100644 index cb749d1d..00000000 --- a/setup/docker/docker-compose.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: '2' -services: - vuls: - container_name: vuls - build: ./dockerfile - image: vuls-docker:0.1 - volumes: - - ./conf:/opt/vuls/conf - ports: - - "80:80" - diff --git a/setup/docker/dockerfile/Dockerfile b/setup/docker/dockerfile/Dockerfile deleted file mode 100644 index 625658eb..00000000 --- a/setup/docker/dockerfile/Dockerfile +++ /dev/null @@ -1,73 +0,0 @@ -FROM buildpack-deps:jessie-scm - -# golang Install -RUN apt-get update && apt-get install -y --no-install-recommends \ - g++ \ - gcc \ - libc6-dev \ - make \ - curl \ - && rm -rf /var/lib/apt/lists/* - -ENV GOLANG_VERSION 1.6.2 -ENV GOLANG_DOWNLOAD_URL https://golang.org/dl/go$GOLANG_VERSION.linux-amd64.tar.gz -ENV GOLANG_DOWNLOAD_SHA256 e40c36ae71756198478624ed1bb4ce17597b3c19d243f3f0899bb5740d56212a - -RUN curl -fsSL "$GOLANG_DOWNLOAD_URL" -o golang.tar.gz \ - && echo "$GOLANG_DOWNLOAD_SHA256 golang.tar.gz" | sha256sum -c - \ - && tar -C /usr/local -xzf golang.tar.gz \ - && rm golang.tar.gz - -ENV GOPATH /go -ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH - -RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" - -# glide install -ENV GLIDE_VERSION 0.10.2 -ENV GLIDE_DOWNLOAD_URL https://github.com/Masterminds/glide/releases/download/$GLIDE_VERSION/glide-$GLIDE_VERSION-linux-amd64.tar.gz -RUN curl -fsSL "$GLIDE_DOWNLOAD_URL" -o glide.tar.gz \ - && mkdir /usr/local/glide \ - && tar -C /usr/local/glide -xzf glide.tar.gz \ - && ln -s /usr/local/glide/linux-amd64/glide /usr/local/bin/ \ - && rm glide.tar.gz - -#Vuls Install -ENV VULS_ROOT /opt/vuls -RUN mkdir -p /var/log/vuls ${VULS_ROOT}/conf /root/.ssh/ -RUN chmod 700 -R /var/log/vuls $VULS_ROOT -# RUN go get github.com/kotakanbe/go-cve-dictionary -# RUN go get github.com/future-architect/vuls - -RUN go get -v -d github.com/kotakanbe/go-cve-dictionary \ - && cd $GOPATH/src/github.com/kotakanbe/go-cve-dictionary \ - && glide install \ - && go install - -RUN go get -v -d github.com/future-architect/vuls \ - && cd $GOPATH/src/github.com/future-architect/vuls \ - && glide install \ - && go install - -# Copy custom Scripts -COPY ./scripts/ ${VULS_ROOT}/scripts -RUN chmod 755 ${VULS_ROOT}/scripts/* - - -#Vulrepo Install -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - apache2 \ - libcgi-pm-perl \ - libjson-perl \ - && rm -rf /var/lib/apt/lists/* \ - && cd /var/www/html/ \ - && git clone https://github.com/usiusi360/vulsrepo \ - && mkdir /var/www/html/vulsrepo/results \ - && cp /var/www/html/vulsrepo/dist/cgi/vulsrepo.conf.sample /etc/apache2/conf-enabled/vulsrepo.conf \ - && a2enmod cgid - -#Home -WORKDIR /opt/vuls -EXPOSE 80 443 -ENTRYPOINT service apache2 start && tail -f /dev/null diff --git a/setup/docker/dockerfile/scripts/fetch_jvn_all.sh b/setup/docker/dockerfile/scripts/fetch_jvn_all.sh deleted file mode 100644 index f738a10b..00000000 --- a/setup/docker/dockerfile/scripts/fetch_jvn_all.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -#VULS_CONF=${VULS_ROOT}/conf -cd $VULS_ROOT -for i in {2002..2016}; do go-cve-dictionary fetchjvn -years $i; done - diff --git a/setup/docker/dockerfile/scripts/fetch_jvn_last2y.sh b/setup/docker/dockerfile/scripts/fetch_jvn_last2y.sh deleted file mode 100644 index 62a0d992..00000000 --- a/setup/docker/dockerfile/scripts/fetch_jvn_last2y.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -#VULS_CONF=${VULS_ROOT}/conf -cd $VULS_ROOT -go-cve-dictionary fetchjvn -last2y - diff --git a/setup/docker/dockerfile/scripts/fetch_jvn_latest.sh b/setup/docker/dockerfile/scripts/fetch_jvn_latest.sh deleted file mode 100644 index 66a5b36f..00000000 --- a/setup/docker/dockerfile/scripts/fetch_jvn_latest.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -#VULS_CONF=${VULS_ROOT}/conf -cd $VULS_ROOT -go-cve-dictionary fetchjvn -latest diff --git a/setup/docker/dockerfile/scripts/fetch_nvd_all.sh b/setup/docker/dockerfile/scripts/fetch_nvd_all.sh deleted file mode 100644 index fb9060d1..00000000 --- a/setup/docker/dockerfile/scripts/fetch_nvd_all.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -#VULS_CONF=${VULS_ROOT}/conf -cd $VULS_ROOT -for i in {2002..2016}; do go-cve-dictionary fetchnvd -years $i; done - diff --git a/setup/docker/dockerfile/scripts/fetch_nvd_last2y.sh b/setup/docker/dockerfile/scripts/fetch_nvd_last2y.sh deleted file mode 100644 index 57a29558..00000000 --- a/setup/docker/dockerfile/scripts/fetch_nvd_last2y.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -#VULS_CONF=${VULS_ROOT}/conf -cd $VULS_ROOT -go-cve-dictionary fetchnvd -last2y - diff --git a/setup/docker/dockerfile/scripts/scan_for_vulsrepo.sh b/setup/docker/dockerfile/scripts/scan_for_vulsrepo.sh deleted file mode 100644 index c3c43161..00000000 --- a/setup/docker/dockerfile/scripts/scan_for_vulsrepo.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -VULS_ROOT=/opt/vuls -VULS_CONF=${VULS_ROOT}/conf -APACHE_VULSREPO_ROOT=/var/www/html/vulsrepo -cd $VULS_ROOT -vuls scan -report-json --cve-dictionary-dbpath=${VULS_ROOT}/cve.sqlite3 -config=${VULS_CONF}/config.toml -rm ${APACHE_VULSREPO_ROOT}/results/* -cp ${VULS_ROOT}/results/current/* ${APACHE_VULSREPO_ROOT}/results diff --git a/setup/docker/dockerfile/scripts/update_modules.sh b/setup/docker/dockerfile/scripts/update_modules.sh deleted file mode 100644 index 9cd3b493..00000000 --- a/setup/docker/dockerfile/scripts/update_modules.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -cd $GOPATH/src/github.com/future-architect/vuls -git pull origin master -glide install -go install - - -cd $GOPATH/src/github.com/kotakanbe/go-cve-dictionary -git pull origin master -glide install -go install - - -cd /var/www/html/vulsrepo -git pull origin master diff --git a/setup/docker/go-cve-dictionary/latest/Dockerfile b/setup/docker/go-cve-dictionary/latest/Dockerfile new file mode 100644 index 00000000..8a464819 --- /dev/null +++ b/setup/docker/go-cve-dictionary/latest/Dockerfile @@ -0,0 +1,21 @@ +FROM vuls/vuls-base:latest + +MAINTAINER hikachan sadayuki-matsuno + +ENV REPOSITORY github.com/kotakanbe/go-cve-dictionary +ENV WORKDIR /vuls +# go-cve-dictionary install +RUN git clone https://$REPOSITORY.git $GOPATH/src/$REPOSITORY \ + && cd $GOPATH/src/$REPOSITORY \ + && glide install \ + && go build \ + && mv $GOPATH/src/$REPOSITORY/go-cve-dictionary /usr/local/bin \ + && chmod +x /usr/local/bin/go-cve-dictionary \ + && mkdir -p /var/log/vuls + +VOLUME $WORKDIR +WORKDIR $WORKDIR +ENV PWD $WORKDIR + +ENTRYPOINT ["go-cve-dictionary"] +CMD ["--help"] diff --git a/setup/docker/go-cve-dictionary/latest/README.md b/setup/docker/go-cve-dictionary/latest/README.md new file mode 100644 index 00000000..26c0fd4b --- /dev/null +++ b/setup/docker/go-cve-dictionary/latest/README.md @@ -0,0 +1,66 @@ +# go-cve-dictionary + +This is the Git repo of the official Docker image for go-cve-dictionary. +See the [Hub page](https://hub.docker.com/r/vuls/go-cve-dictionary/) for the full readme on how to use the Docker image and for information regarding contributing and issues. + +# Supported tags and respective `Dockerfile` links + +- [`latest` (*go-cve-dictionary:latest Dockerfile*)]() + +This image version is same as the github repository version. + +# What is go-cve-dictionary? + +This is tool to build a local copy of the NVD (National Vulnerabilities Database) [1] and the Japanese JVN [2], which contain security vulnerabilities according to their CVE identifiers [3] including exhaustive information and a risk score. The local copy is generated in sqlite format, and the tool has a server mode for easy querying. + +[1] https://en.wikipedia.org/wiki/National_Vulnerability_Database +[2] https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures +[3] http://jvndb.jvn.jp/apis/termsofuse.html + +# How to use this image + +## fetchnvd + +```console +$ for i in {2002..2016}; do \ + docker run --rm -it \ + -v $PWD:/vuls \ + vuls/go-cve-dictionary fetchnvd -years $i; \ + done +``` + +## server + +```console +$ docker run -dt \ + --name go-cve-dictionary \ + -v $PWD:/vuls \ + --expose 1323 \ + -p 1323:1323 \ + vuls/go-cve-dictionary server --bind=0.0.0.0 +``` + +Prease refer to [this](https://hub.docker.com/r/vuls/go-cve-dictionary). + +## vuls + +Please refer to [this](https://hub.docker.com/r/vuls/vuls/). + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`docker/` directory]() of the [`future-architect/vuls` GitHub repo](https://github.com/future-architect/vuls). + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/future-architect/vuls/issues). + +## Contributing + +1. fork a repository: github.com/future-architect/vuls to github.com/you/repo +1. get original code: go get github.com/future-architect/vuls +1. work on original code +1. add remote to your repo: git remote add myfork https://github.com/you/repo.git +1. push your changes: git push myfork +1. create a new Pull Request diff --git a/setup/docker/vuls/latest/Dockerfile b/setup/docker/vuls/latest/Dockerfile new file mode 100644 index 00000000..7ca2e8e1 --- /dev/null +++ b/setup/docker/vuls/latest/Dockerfile @@ -0,0 +1,21 @@ +FROM vuls/vuls-base:latest + +MAINTAINER hikachan sadayuki-matsuno + +ENV REPOSITORY github.com/future-architect/vuls +ENV WORKDIR /vuls +# go-cve-dictionary install +RUN git clone https://$REPOSITORY.git $GOPATH/src/$REPOSITORY \ + && cd $GOPATH/src/$REPOSITORY \ + && glide install \ + && go build \ + && mv $GOPATH/src/$REPOSITORY/vuls /usr/local/bin \ + && mkdir -p /var/log/vuls \ + && chmod +x /usr/local/bin/vuls + +VOLUME $WORKDIR +WORKDIR $WORKDIR +ENV PWD $WORKDIR + +ENTRYPOINT ["vuls"] +CMD ["--help"] diff --git a/setup/docker/vuls/latest/README.md b/setup/docker/vuls/latest/README.md new file mode 100644 index 00000000..fd3f8b1b --- /dev/null +++ b/setup/docker/vuls/latest/README.md @@ -0,0 +1,96 @@ +# Vuls-Docker + +This is the Git repo of the official Docker image for vuls. +See the [Hub page](https://hub.docker.com/r/vuls/vuls/) for the full readme on how to use the Docker image and for information regarding contributing and issues. + +# Supported tags and respective `Dockerfile` links + +- [`latest` (*vuls:latest Dockerfile*)]() + +This image version is same as the github repository version. + +# What is Vuls? + +Vuls is the Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. +Please see the [Documentation](https://github.com/future-architect/vuls) + +![logo](https://github.com/future-architect/vuls/blob/master/img/vuls_logo.png?raw=true) + +# How to use this image + +## configtest + +Create config.toml referring to [this](https://github.com/future-architect/vuls#configuration). + +```toml +[servers] + +[servers.amazon] +host = "54.249.93.16" +port = "22" +user = "vuls-user" +keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker +``` +  + +```console +$ docker run --rm \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + vuls/vuls configtest +``` + + +## prepare + +```console +$ docker run --rm \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + vuls/vuls prepare \ + -config=./config.toml # path to config.toml in docker +``` + +## scan + +```console +$ docker run --rm -it \ + -v ~/.ssh:/root/.ssh:ro \ + -v $PWD:/vuls \ + -v /etc/localtime:/etc/localtime:ro \ + vuls/vuls scan \ + -cve-dictionary-dbpath=/vuls/cve.sqlite3 \ + -config=./config.toml \ # path to config.toml in docker + -report-json +``` + +## tui + +```console +$ docker run --rm -it \ + -v $PWD:/vuls \ + vuls/vuls tui +``` + +## vulsrepo + +Prease refer to [this](https://hub.docker.com/r/vuls/vulsrepo/). + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`docker/` directory]() of the [`future-architect/vuls` GitHub repo](https://github.com/future-architect/vuls). + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/future-architect/vuls/issues). + +## Contributing + +1. fork a repository: github.com/future-architect/vuls to github.com/you/repo +1. get original code: go get github.com/future-architect/vuls +1. work on original code +1. add remote to your repo: git remote add myfork https://github.com/you/repo.git +1. push your changes: git push myfork +1. create a new Pull Request diff --git a/setup/docker/vulsrepo/latest/Dockerfile b/setup/docker/vulsrepo/latest/Dockerfile new file mode 100644 index 00000000..84105538 --- /dev/null +++ b/setup/docker/vulsrepo/latest/Dockerfile @@ -0,0 +1,31 @@ +FROM httpd:2.4 + +MAINTAINER hikachan sadayuki-matsuno +# install packages +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + vim \ + git \ + libcgi-pm-perl \ + libjson-perl \ + && rm -r /var/lib/apt/lists/* + +# env +ENV HTTPD_PREFIX /usr/local/apache2 + +VOLUME /vuls + +WORKDIR ${HTTPD_PREFIX}/htdocs +RUN git clone https://github.com/usiusi360/vulsrepo.git \ + && echo "LoadModule cgid_module modules/mod_cgid.so" >> $HTTPD_PREFIX/conf/httpd.conf \ + && echo "" >> $HTTPD_PREFIX/conf/httpd.conf \ + && echo " Options +ExecCGI +FollowSymLinks" >> $HTTPD_PREFIX/conf/httpd.conf \ + && echo " AddHandler cgi-script cgi" >> $HTTPD_PREFIX/conf/httpd.conf \ + && echo "" >> $HTTPD_PREFIX/conf/httpd.conf \ + && sed -i -e 's/User daemon/#User/g' $HTTPD_PREFIX/conf/httpd.conf \ + && sed -i -e 's/Group daemon/#Group/g' $HTTPD_PREFIX/conf/httpd.conf \ + && ln -snf /vuls/results /usr/local/apache2/htdocs/vulsrepo/results + +EXPOSE 80 +CMD ["httpd-foreground"] diff --git a/setup/docker/vulsrepo/latest/README.md b/setup/docker/vulsrepo/latest/README.md new file mode 100644 index 00000000..bffb42b6 --- /dev/null +++ b/setup/docker/vulsrepo/latest/README.md @@ -0,0 +1,44 @@ +# VulsRepo-Docker + +This is the Git repo of the official Docker image for vulsrepo. +See the [Hub page](https://hub.docker.com/r/vuls/vulsrepo/) for the full readme on how to use the Docker image and for information regarding contributing and issues. + +# Supported tags and respective `Dockerfile` links + +- [`latest` (*vulsrepo:latest Dockerfile*)]() + +This image version is same as the github repository version. + +# What is vulsrepo? + +VulsRepo is visualized based on the json report output in [vuls](https://github.com/future-architect/vuls). + +# How to use this image + +## vulsrepo + +```console +$docker run -dt \ + -v $PWD:/vuls \ + -p 80:80 \ + vuls/vulsrepo +``` + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`docker/` directory]() of the [`future-architect/vuls` GitHub repo](https://github.com/future-architect/vuls). + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/future-architect/vuls/issues). + +## Contributing + +1. fork a repository: github.com/future-architect/vuls to github.com/you/repo +1. get original code: go get github.com/future-architect/vuls +1. work on original code +1. add remote to your repo: git remote add myfork https://github.com/you/repo.git +1. push your changes: git push myfork +1. create a new Pull Request