fix docker
This commit is contained in:
Sadayuki Matsuno
@@ -1,87 +1,106 @@
|
||||
# Vuls on Docker
|
||||
# Vuls Docker components
|
||||
|
||||
## What's Vuls-On-Docker
|
||||
This is the Git repo of the official Docker image for vuls.
|
||||
|
||||
- This is a dockernized-Vuls with vulsrepo UI in it.
|
||||
- It's designed to reduce the cost of installation and the dependencies that vuls requires.
|
||||
- You can run install and run Vuls on your machine with only a few commands.
|
||||
- The result can be viewed with a browser
|
||||
# Supported tags and respective `Dockerfile` links
|
||||
|
||||
## Setting up your machine
|
||||
|
||||
1. [Install Docker](https://docs.docker.com/engine/installation/)
|
||||
2. [Install Docker-Compose](https://docs.docker.com/compose/install/)
|
||||
3. Make sure that you can run the following commands before you move on.
|
||||
- go-cve-dictionary
|
||||
- [`latest` (*go-cve-dictionary:latest Dockerfile*)]()
|
||||
- vuls
|
||||
- [`latest` (*vuls:latest Dockerfile*)]()
|
||||
- vulsrepo
|
||||
- [`latest` (*vulsrepo:latest Dockerfile*)]()
|
||||
|
||||
```
|
||||
$ docker version
|
||||
$ docker-compose version
|
||||
```
|
||||
|
||||
4. git clone vuls
|
||||
```
|
||||
mkdir work
|
||||
cd work
|
||||
git clone https://github.com/future-architect/vuls.git
|
||||
cd vuls/setup/docker
|
||||
```
|
||||
This image version is same as the github repository version.
|
||||
|
||||
# How to use this image
|
||||
|
||||
1. fetch nvd (vuls/go-cve-dictionary)
|
||||
1. configuration (vuls/vuls)
|
||||
1. prepare (vuls/vuls)
|
||||
1. scan (vuls/vuls)
|
||||
1. vulsrepo (vuls/vulsrepo)
|
||||
|
||||
## Start A Vuls Container
|
||||
## Step1. Fetch NVD
|
||||
|
||||
- Execute the following command to build and run a Vuls Container
|
||||
|
||||
```
|
||||
$ docker-compose up -d
|
||||
```
|
||||
|
||||
## Setting up Vuls
|
||||
|
||||
1. Locate ssh-keys of target servers in (vuls/setup/docker/conf/)
|
||||
2. Create and adjust config.toml(vuls/setup/docker/conf/config.toml) to your environment
|
||||
|
||||
```
|
||||
[servers]
|
||||
|
||||
[servers.172-31-4-82]
|
||||
host = "172.31.4.82"
|
||||
user = "ec2-user"
|
||||
keyPath = "conf/id_rsa"
|
||||
```
|
||||
|
||||
## Fetch Vulnerability database
|
||||
|
||||
- Fetch Vulnerability database from NVD
|
||||
```
|
||||
$ docker exec -t vuls scripts/fetch_nvd_all.sh
|
||||
```
|
||||
|
||||
## Scan servers with Vuls-On-Docker
|
||||
|
||||
- Use the embedded script to scan servers for vulsrepo(or run whatever with docker exec)
|
||||
|
||||
```
|
||||
$ docker exec -t vuls vuls prepare -config=conf/config.toml
|
||||
$ docker exec -t vuls scripts/scan_for_vulsrepo.sh
|
||||
```
|
||||
|
||||
## See the results in a browser
|
||||
|
||||
```
|
||||
http://${Vuls_Host}/vulsrepo/
|
||||
```console
|
||||
$ for i in {2002..2016}; do \
|
||||
docker run --rm -it \
|
||||
-v $PWD:/vuls vuls/go-cve-dictionary fetchnvd -years $i; \
|
||||
done
|
||||
```
|
||||
|
||||
# Update modules
|
||||
## Step2. Configuration
|
||||
|
||||
- update vuls, go-cve-dictionary, vulsrepo
|
||||
```
|
||||
$ docker exec -t vuls scripts/update_modules.sh
|
||||
```
|
||||
Create config.toml referring to [this](https://github.com/future-architect/vuls#configuration).
|
||||
|
||||
# Update Vulnerability database
|
||||
```toml
|
||||
[servers]
|
||||
|
||||
- Fetch Vulnerability database from NVD
|
||||
```
|
||||
$ docker exec -t vuls scripts/fetch_nvd_last2y.sh
|
||||
```
|
||||
[servers.amazon]
|
||||
host = "54.249.93.16"
|
||||
port = "22"
|
||||
user = "vuls-user"
|
||||
keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker
|
||||
```
|
||||
|
||||
|
||||
```console
|
||||
$ docker run --rm \
|
||||
-v ~/.ssh:/root/.ssh:ro \
|
||||
-v $PWD:/vuls \
|
||||
vuls/vuls configtest \
|
||||
-config=./config.toml # path to config.toml in docker
|
||||
```
|
||||
|
||||
## Step3. Prepare
|
||||
|
||||
```console
|
||||
$ docker run --rm \
|
||||
-v ~/.ssh:/root/.ssh:ro \
|
||||
-v $PWD:/vuls \
|
||||
vuls/vuls prepare \
|
||||
-config=./config.toml # path to config.toml in docker
|
||||
```
|
||||
|
||||
## Step4. Scan
|
||||
|
||||
```console
|
||||
$ docker run --rm -it \
|
||||
-v ~/.ssh:/root/.ssh:ro \
|
||||
-v $PWD:/vuls \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
-e "TZ=Asia/Tokyo" \
|
||||
vuls/vuls scan \
|
||||
-cve-dictionary-dbpath=/vuls/cve.sqlite3 \
|
||||
-config=./config.toml \ # path to config.toml in docker
|
||||
-report-json
|
||||
```
|
||||
|
||||
## Step5. vulsrepo
|
||||
|
||||
```console
|
||||
$docker run -dt \
|
||||
-v $PWD:/vuls \
|
||||
-p 80:80 \
|
||||
vuls/vulsrepo
|
||||
```
|
||||
|
||||
# User Feedback
|
||||
|
||||
## Documentation
|
||||
|
||||
Documentation for this image is stored in the [`docker/` directory]() of the [`future-architect/vuls` GitHub repo](https://github.com/future-architect/vuls).
|
||||
|
||||
## Issues
|
||||
|
||||
If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/future-architect/vuls/issues).
|
||||
|
||||
## Contributing
|
||||
|
||||
1. fork a repository: github.com/future-architect/vuls to github.com/you/repo
|
||||
1. get original code: go get github.com/future-architect/vuls
|
||||
1. work on original code
|
||||
1. add remote to your repo: git remote add myfork https://github.com/you/repo.git
|
||||
1. push your changes: git push myfork
|
||||
1. create a new Pull Request
|
||||
|
||||
Reference in New Issue
Block a user