From 28a93c02e645f9add43907c768f219fca73492e3 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Thu, 21 Apr 2016 11:46:24 +0200 Subject: [PATCH 1/2] Update README not so sparse documentation --- docker/README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docker/README.md b/docker/README.md index e3a9486d..3a8993f6 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,2 +1,7 @@ -# Must do -* Edit your config.toml to match your infrastructure +# Before building the docker + +Since it's not on docker hub because blablabla, you have to : +* Edit your [config.toml](https://github.com/future-architect/vuls#step6-config) to match your infrastructure +* generate a keypair dedicated to this docker : ```ssh-keygen -t rsa -b 4096 -C "your_email@example.com"``` + * it's **highly** recommanded to use a restrained `authorized_keys` files with this key to be sure that it will be only usable from a single IP (after all it's a root executed software) : ```from="1.2.3.4,1.2.3.5" ssh-rsa [...] your_email@example.com``` +* Deploy your ssh key on the targetted machines From c37e56e51d02a783218cc163f7381763e6fecd67 Mon Sep 17 00:00:00 2001 From: kota kanbe Date: Thu, 21 Apr 2016 19:10:36 +0900 Subject: [PATCH 2/2] Fix yum to yum --color=never #36 --- scan/redhat.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scan/redhat.go b/scan/redhat.go index 2303835d..40c17c55 100644 --- a/scan/redhat.go +++ b/scan/redhat.go @@ -287,7 +287,7 @@ func (o *redhat) scanUnsecurePackages() ([]CvePacksInfo, error) { //TODO return whether already expired. func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error) { - cmd := "yum check-update" + cmd := "yum --color=never check-update" r := o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess(0, 100) { //returns an exit code of 100 if there are available updates. @@ -467,6 +467,8 @@ func (o *redhat) getChangelog(packageNames string) (stdout string, err error) { if 0 < len(config.Conf.HTTPProxy) { command += util.ProxyEnv() } + + // yum update --changelog doesn't have --color option. command += fmt.Sprintf(" yum update --changelog %s | grep CVE", packageNames) r := o.ssh(command, sudo) @@ -493,7 +495,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err "yum updateinfo is not suppported on CentOS") } - cmd := "yum repolist" + cmd := "yum --color=never repolist" r := o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess() { return nil, fmt.Errorf( @@ -502,7 +504,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err } // get advisoryID(RHSA, ALAS) - package name,version - cmd = "yum updateinfo list available --security" + cmd = "yum --color=never updateinfo list available --security" r = o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess() { return nil, fmt.Errorf( @@ -513,7 +515,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err // get package name, version, rel to be upgrade. // cmd = "yum check-update --security" - cmd = "yum check-update" + cmd = "yum --color=never check-update" r = o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess(0, 100) { //returns an exit code of 100 if there are available updates. @@ -543,7 +545,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err } // get advisoryID(RHSA, ALAS) - CVE IDs - cmd = "yum updateinfo --security update" + cmd = "yum --color=never updateinfo --security update" r = o.ssh(util.PrependProxyEnv(cmd), sudo) if !r.isSuccess() { return nil, fmt.Errorf(