Do not use sudo when echo

2017-02-09 17:43:15 +09:00
parent 1730caf124
commit e743177ae6
4 changed files with 9 additions and 19 deletions
--- a/README.ja.md
+++ b/README.ja.md
@@ -606,9 +606,9 @@ configtest:

 スキャン対象サーバ上の`/etc/sudoers`のサンプル

- CentOS, RHEL, Amazon Linux (CentOS 5の場合は`/bin/echo`も必要)
+- CentOS, RHEL, Amazon Linux
 ```
-vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo)
+vuls ALL=(root) NOPASSWD: /usr/bin/yum
 ```
 - Ubuntu, Debian
 ```
--- a/README.md
+++ b/README.md
@@ -609,9 +609,9 @@ configtest:
 And also, configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH.  

 Example of /etc/sudoers on target servers
- CentOS, RHEL (CentOS 5 needs also `/bin/echo`)
+- CentOS, RHEL
 ```
-vuls ALL=(root) NOPASSWD: /usr/bin/yum (, /bin/echo)
+vuls ALL=(root) NOPASSWD: /usr/bin/yum
 ```
 - Ubuntu, Debian
 ```
--- a/scan/redhat.go
+++ b/scan/redhat.go
@@ -97,13 +97,8 @@ func detectRedhat(c config.ServerInfo) (itsMe bool, red osTypeInterface) {
 }

 func (o *redhat) checkIfSudoNoPasswd() error {
-	majorVersion, err := o.Distro.MajorVersion()
-	if err != nil {
-		return fmt.Errorf("Not implemented yet: %s, err: %s", o.Distro, err)
-	}
-
 	cmd := "yum --version"
-	if o.Distro.Family == "centos" && majorVersion < 6 {
+	if o.Distro.Family == "centos" {
 		cmd = "echo N | " + cmd
 	}
 	r := o.exec(cmd, o.sudo())
@@ -537,7 +532,7 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
 		packageNames += fmt.Sprintf("%s ", packInfo.Name)
 	}

-	command := ""
+	command := "echo N | "
 	if 0 < len(config.Conf.HTTPProxy) {
 		command += util.ProxyEnv()
 	}
@@ -550,14 +545,6 @@ func (o *redhat) getAllChangelog(packInfoList models.PackageInfoList) (stdout st
 		yumopts += " --skip-broken"
 	}

-	// CentOS 5 does not have --assumeno option.
-	majorVersion, _ := o.Distro.MajorVersion()
-	if majorVersion < 6 {
-		command = "echo N | " + command
-	} else {
-		yumopts += " --assumeno"
-	}
-
 	// yum update --changelog doesn't have --color option.
 	command += fmt.Sprintf(" LANGUAGE=en_US.UTF-8 yum %s --changelog update ", yumopts) + packageNames

--- a/scan/sshutil.go
+++ b/scan/sshutil.go
@@ -328,6 +328,9 @@ func decolateCmd(c conf.ServerInfo, cmd string, sudo bool) string {
 	if sudo && c.User != "root" && !c.IsContainer() {
 		cmd = fmt.Sprintf("sudo -S %s", cmd)
 		cmd = strings.Replace(cmd, "|", "| sudo ", -1)
+
+		// echo command does not need sudo (for CentOS)
+		cmd = strings.Replace(cmd, "sudo -S echo", "echo", -1)
 	}

 	if c.Distro.Family != "FreeBSD" {