vuls_如何在Ubuntu 18.04上将Vuls用作漏洞扫描程序

本教程介绍了如何在Ubuntu 18.04服务器上部署Vuls,这是一个无代理的开源漏洞扫描程序。Vuls使用Go编写,能自动化分析系统软件的安全漏洞,利用NVD等数据库。教程涵盖了安装依赖、构建Go环境、设置Vuls、配置多目标扫描和定期报告到Slack等步骤,使系统管理员能轻松管理系统的安全漏洞。
摘要由CSDN通过智能技术生成

vuls

介绍 (Introduction)

Vuls is an open-source, agentless vulnerability scanner written in Go. It automates security vulnerability analysis of the software installed on a system, which can be a burdensome task for system administrators to do manually in a production environment. Vuls uses multiple renowned vulnerability databases, such as the National Vulnerability Database (NVD). Light on resources, Vuls has the ability to scan multiple systems at once, and to send reports via email or Slack. It has three scan modes (fast, fast root, and deep), which you can select according to the situation.

Vuls是使用Go编写的开源无代理漏洞扫描程序。 它可以自动分析系统上安装的软件的安全漏洞,这对于系统管理员在生产环境中手动执行而言可能是一项繁重的任务。 Vuls使用多个著名的漏洞数据库,例如国家漏洞数据库(NVD)。 依靠资源,Vuls能够一次扫描多个系统,并通过电子邮件或Slack发送报告。 它具有三种扫描模式( 快速快速root深度 ),您可以根据情况选择。

Vuls is not a broad IT security scanner; for example, it does not monitor network traffic or protect against brute-force login attacks. However, Vuls provides a way of automating vulnerability reporting for Linux packages. When the databases Vuls uses are informed of a fix to certain vulnerabilities, Vuls will also pull this remediation information into its reports. When generating reports, Vuls prioritizes the most urgent vulnerabilities using the established ranking system from the database.

Vuls并不是一个广泛的IT安全扫描程序。 例如,它不监视网络流量或防止暴力登录攻击。 但是,Vuls提供了一种自动化Linux软件包漏洞报告的方法。 当Vuls使用的数据库被告知某些漏洞的修复程序时,Vuls还将将该修复信息提取到其报告中。 生成报告时,Vuls使用数据库中已建立的排名系统对最紧急的漏洞进行优先级排序。

In this tutorial, you’ll deploy Vuls to an Ubuntu 18.04 server. This includes building Vuls and its dependencies from source code, configuring scanning and reporting to Slack, and optionally connecting it to target machines to enable remote scanning. In the end, you’ll have an automated vulnerability reporting system in place that alerts you to vulnerabilities eliminating the need for manual checks.

在本教程中,您将Vuls部署到Ubuntu 18.04服务器。 这包括从源代码构建Vuls及其依赖项,配置扫描并将其报告给Slack,以及可选地将其连接到目标计算机以启用远程扫描。 最后,您将拥有一个自动漏洞报告系统,该系统可以提醒您注意漏洞,而无需进行手动检查。

先决条件 (Prerequisites)

Before you begin this tutorial, you’ll need:

在开始本教程之前,您需要:

  • A server with at least 2 GB RAM running Ubuntu 18.04 with root access, and a secondary, non-root account. You can set this up by following this initial server setup guide. For this tutorial the non-root user is sammy.

    具有至少2 GB RAM的服务器,该服务器运行具有root用户访问权限的Ubuntu 18.04,并且具有非root用户辅助帐户。 您可以按照本初始服务器安装指南进行设置 。 在本教程中,非root用户是sammy

  • (Optional) Multiple servers running (preferably) Ubuntu 18.04 with root access and a secondary, non-root account, if you want to set up Vuls to scan them remotely. In this tutorial, the secondary account is sammy-shark.

    (可选)如果要设置Vuls进行远程扫描,则多台服务器(最好是运行)具有root访问权限和辅助非root帐户的Ubuntu 18.04。 在本教程中,辅助帐户是sammy-shark

第1步-安装依赖项 (Step 1 — Installing Dependencies)

In this section, you’ll create a folder for storing Vuls data, install the latest version of the Go programming language, and install other packages Vuls and its dependencies require.

在本部分中,您将创建一个用于存储Vuls数据的文件夹,安装最新版本的Go编程语言,并安装Vuls及其依赖项所需的其他软件包。

For this tutorial, you’ll store all Vuls-related data in the /usr/share/vuls-data directory. Create it by running the following command:

对于本教程,您将所有与Vuls相关的数据存储在/usr/share/ vuls-data目录中。 通过运行以下命令来创建它:

  • sudo mkdir /usr/share/vuls-data

    须藤mkdir / usr / share / vuls-data

To make it accessible to sammy, run the following command:

要使其可被sammy访问,请运行以下命令:

  • sudo chown -R sammy /usr/share/vuls-data

    须藤chown -R sammy / usr / share / vuls-data

You’ve now created the vuls-data folder, which will be your workspace. Before you continue installing the required packages, first update the package manager cache:

现在,您已经创建了vuls-data文件夹,它将成为您的工作区。 在继续安装所需的软件包之前,请先更新软件包管理器缓存:

  • sudo apt update

    sudo apt更新

To download and compile the dependencies, you’ll install git, gcc, make, sqlite, debian-goodies, and wget.

要下载并编译依赖项,您将安装gitgccmakesqlitedebian-goodieswget

sqlite is a database system, which you’ll use here for storing vulnerability information. debian-goodies contains the checkrestart utility, which provides information on what packages can and should be restarted at any given moment in time.

sqlite是一个数据库系统,在这里您将使用它来存储漏洞信息。 debian-goodies包含checkrestart实用程序,该实用程序提供有关可以且应在任何给定时间重新启动哪些软件包的信息。

You can install them all in one command:

您可以将它们全部安装在一个命令中:

  • sudo apt install sqlite git debian-goodies gcc make wget

    须藤apt install sqlite git debian-goodies gcc make wget

You have now installed the required packages. Next, install Go using the snap package manager by running the following command:

现在,您已经安装了必需的软件包。 接下来,通过运行以下命令,使用snap包管理器安装Go:

  • sudo snap install go --classic

    sudo snap install go --classic

You use snap to install Go since it installs the latest version of the language, unlike apt, which may install an older version. Working with an older version is not recommended and may prevent you from completing this tutorial.

您可以使用snap来安装Go,因为它会安装最新版本的语言,这与apt不同,后者可能会安装较旧的版本。 不建议使用旧版本,它可能会阻止您完成本教程。

In order to work, Go requires a few environment variables that you’ll set up: GOPATH and PATH. GOPATH specifies the working directory for Go and PATH (which contains directories in which programs are placed) that must be extended to tell the system where to find Go itself.

为了正常工作,Go需要设置一些环境变量: GOPATHPATHGOPATH指定Go和PATH的工作目录(其中包含放置程序的目录),必须扩展该工作目录以告诉系统在哪里可以找到Go本身。

These environment variables need to be set each time the user logs on. To automate this, you will create a new executable file, called go-env.sh, under /etc/profile.d. This will result in the directory executing every time a user logs on.

每次用户登录时,都需要设置这些环境变量。 要go-env.sh自动化,您将在/etc/profile.d下创建一个名为go-env.sh的新可执行文件。 这将导致目录在用户每次登录时执行。

Create go-env.sh using your text editor:

使用文本编辑器创建go-env.sh

  • sudo nano /etc/profile.d/go-env.sh

    须藤nano /etc/profile.d/go-env.sh

Add the following commands to the file:

将以下命令添加到文件中:

/etc/profile.d/go-env.sh
/etc/profile.d/go-env.sh
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin:/snap/bin

The export command sets the given environment variable to the desired value; here you use it to populate GOPATH and PATH with appropriate values.

export命令将给定的环境变量设置为所需的值。 在这里,您可以使用它用适当的值填充GOPATHPATH

Save and close the file.

保存并关闭文件。

Currently, go-env.sh is not executable. To fix this, mark it as executable by running the following command:

当前, go-env.sh无法执行。 要解决此问题,请通过运行以下命令将其标记为可执行文件:

  • sudo chmod +x /etc/profile.d/go-env.sh

    须藤chmod + x /etc/profile.d/go-env.sh

To avoid having to log in again, you can reload go-env.sh by running:

为了避免再次登录,可以通过运行以下命令重新加载go-env.sh

  • source /etc/profile.d/go-env.sh

    来源/etc/profile.d/go-env.sh

The source command reloads the given file into the current shell while preserving its state.

source命令将给定文件重新加载到当前shell中,同时保留其状态。

In this section, you have installed the Go language, set up its environment variables, and installed packages that you’ll require later on. In the next steps, you’ll download and compile the Go programs that Vuls requires. Those programs are go-cve-dictionary and goval-dictionary, which Vuls uses for querying vulnerability databases.

在本节中,您已经安装了Go语言,设置了它的环境变量,并安装了以后需要的软件包。 在接下来的步骤中,您将下载并编译Vuls所需的Go程序。 这些程序是go-cve-dictionarygoval-dictionary ,Vuls使用它们来查询漏洞数据库。

第2步-安装和运行go-cve-dictionary (Step 2 — Installing and Running go-cve-dictionary)

In this section, you will download and compile go-cve-dictionary, a Go package that provides access to the NVD (National Vulnerability Database). Then, you will run it and fetch vulnerability data for Vuls to use. The NVD is the US government’s repository of publicly reported cybersecurity vulnerabilities, containing vulnerability IDs (CVE — Common Vulnerabilities and Exposures), summaries, and impact analysis, and is available in a machine-readable format.

在本部分中,您将下载并编译go-cve-dictionary ,这是一个Go包,可提供对NVD (国家漏洞数据库)的访问。 然后,您将运行它并获取漏洞数据供Vuls使用。 NVD是美国政府公开报告的网络安全漏洞的存储库,其中包含漏洞ID(CVE-常见漏洞和披露),摘要和影响分析,并且可以机器可读的格式提供。

Go stores packages under $GOPATH/src/. You can extend this further with the use of subdirectories to note origin. As an example, packages from GitHub, made by the user, example-user would be stored under $GOPATH/src/github.com/example-user.

Go将软件包存储在$GOPATH/src/ 。 您可以通过使用子目录来记录原点来进一步扩展此范围。 例如,由用户example-user制造的来自GitHub的软件包将存储在$GOPATH/src/github.com/ example-user

You’ll first install go-cve-dictionary, made by kotakanbe, by cloning the Go package from GitHub and compiling it afterwards.

首先,通过从GitHub复制Go软件包并随后对其进行编译,来安装kotakanbe制作的go-cve-dictionary

Start off by creating a directory to store it, according to the example path:

根据示例路径,首先创建一个目录来存储它:

  • mkdir -p $GOPATH/src/github.com/kotakanbe

    mkdir -p $ GOPATH / src / github.com / kotakanbe

Navigate to it by running:

通过运行以下命令导航到它:

  • cd $GOPATH/src/github.com/kotakanbe

    cd $ GOPATH / src / github.com / kotakanbe

Now you’ll clone go-cve-dictionary from GitHub to your server by running:

现在,您将通过运行以下命令从GitHub将go-cve-dictionary复制到您的服务器:

  • git clone https://github.com/kotakanbe/go-cve-dictionary.git

    git clone https://github.com/kotakanbe/go-cve-dictionary.git

Then, navigate to the package root:

然后,导航到包根目录:

  • cd go-cve-dictionary

    cd go-cve-dictionary

Finally, compile and install it by running the following command:

最后,通过运行以下命令来编译并安装它:

  • make install

    进行安装

Keep in mind that this command may take some time to finish. To make it available system wide, copy it to the /usr/local/bin:

请记住,此命令可能需要一些时间才能完成。 要使其在系统范围内可用,请将其复制到/usr/local/bin

  • sudo cp $GOPATH/bin/go-cve-dictionary /usr/local/bin

    须藤cp $ GOPATH / bin / go-cve-dictionary / usr / local / bin

go-cve-dictionary requires access to a log output directory, and by default it is /var/log/vuls. Create it by running:

go-cve-dictionary需要访问日志输出目录,默认情况下为/var/log/vuls 。 通过运行以下命令创建它:

  • sudo mkdir /var/log/vuls

    须藤mkdir / var / log / vuls

Right now, the log directory is readable by everyone. Restrict access to the current user with the following command:

现在,每个人都可以读取日志目录。 使用以下命令限制对当前用户的访问:

  • sudo chmod 700 /var/log/vuls

    须藤chmod 700 / var / log / vuls

Setting the permission flags to 700 restricts access to only the owner.

将权限标志设置为700限制仅对所有者的访问。

To make it accessible to sammy, or another user, run the following command:

要使其对sammy或其他用户可访问,请运行以下命令:

  • sudo chown -R sammy /var/log/vuls

    须藤chown -R sammy / var / log / vuls

Now, you’ll fetch vulnerability data from the NVD and store it in your Vuls workspace (/usr/share/vuls-data):

现在,您将从NVD中获取漏洞数据并将其存储在Vuls工作区中( /usr/share/ vuls-data ):

  • for i in `seq 2002 $(date +"%Y")`; do sudo go-cve-dictionary fetchnvd -dbpath /usr/share/vuls-data/cve.sqlite3 -years $i; done

    对于我在`seq 2002 $(date +“%Y”)`中; 做sudo go-cve-dictionary fetchnvd -dbpath / usr / share / vuls-data /cve.sqlite3 -years $ i; 做完了

This command loops from the year 2002 to the current year (seq 2002 $(date +"%Y")) and calls go-cve-dictionary fetchnvd to fetch the NVD data for the current (loop) year by passing -years $i. It then stores this information in a database under /usr/share/vuls-data.

该命令从2002年循环到当前年( seq 2002 $(date +"%Y") ),并调用go-cve-dictionary fetchnvd通过传递-years $i来获取当前(循环)年的NVD数据。 。 然后,它将此信息存储在/usr/share/ vuls-data下的数据库中。

Note: This command will take a long time to finish, and will fail if your server has less than 2 GB of RAM.

注意:此命令将花费很长时间才能完成,并且如果服务器的RAM小于2 GB,则该命令将失败。

In this step, you have downloaded and installed go-cve-dictionary, and fetched NVD data for Vuls to later use. In the next section, you’ll download and install goval-dictionary and fetch OVAL data for Ubuntu.

在此步骤中,您已经下载并安装了go-cve-dictionary ,并获取了NVD数据供Vuls以后使用。 在下一部分中,您将下载并安装goval-dictionary并获取Ubuntu的OVAL数据。

第3步-安装和运行goval-dictionary (Step 3 — Installing and Running goval-dictionary)

In this section, you will download and compile goval-dictionary, a Go package that provides access to the OVAL database for Ubuntu. You’ll then run it and fetch vulnerability data for Vuls to use. OVAL stands for Open Vulnerability and Assessment Language, which is an open language used to express checks for determining whether software vulnerabilities exist on a given system.

在本部分中,您将下载并编译goval-dictionary ,这是一个Go软件包,可提供对Ubuntu的OVAL数据库的访问。 然后,您将运行它并获取漏洞数据供Vuls使用。 OVAL代表开放漏洞和评估语言,这是一种开放式语言,用于表达检查以确定给定系统上是否存在软件漏洞。

The same author, kotakanbe, writes the goval-dictionary, and you’ll store it next to the previous package.

同一位作者kotakanbe编写goval-dictionary ,然后将其存储在上一个软件包的旁边。

Navigate to the $GOPATH/src/github.com/kotakanbe folder:

导航到$GOPATH/src/github.com/kotakanbe文件夹:

  • cd $GOPATH/src/github.com/kotakanbe

    cd $ GOPATH / src / github.com / kotakanbe

Clone the package from GitHub by running the following command:

通过运行以下命令从GitHub克隆软件包:

  • git clone https://github.com/kotakanbe/goval-dictionary.git

    git clone https://github.com/kotakanbe/goval-dictionary.git

Enter the package folder:

进入包文件夹:

  • cd goval-dictionary

    cd goval-dictionary

Compile and install it with make:

使用make编译并安装它:

  • make install

    进行安装

Copy it to /usr/local/bin to make it globally accessible:

将其复制到/usr/local/bin以使其可全局访问:

  • sudo cp $GOPATH/bin/goval-dictionary /usr/local/bin

    须藤cp $ GOPATH / bin / goval-dictionary / usr / local / bin

Then, fetch the OVAL data for Ubuntu 18.x by running the following command:

然后,通过运行以下命令来获取Ubuntu 18.x的OVAL数据:

  • sudo goval-dictionary fetch-ubuntu -dbpath=/usr/share/vuls-data/oval.sqlite3 18

    sudo goval-dictionary fetch-ubuntu -dbpath = / usr / share / vuls-data /oval.sqlite3 18

In this step, you have downloaded and installed goval-dictionary, and fetched the OVAL data for Ubuntu 18.x. In the next step, you’ll download and install gost and fetch Debian security tracker data.

在此步骤中,您已经下载并安装了goval-dictionary ,并为Ubuntu 18.x获取了OVAL数据。 在下一步中,您将下载并安装gost并获取Debian安全跟踪器数据。

第4步-安装和运行gost (Step 4 — Installing and Running gost)

In this section, you will download and compile gost, a Go package that provides access to the Debian security bug tracker. You will then run it and fetch vulnerability data for Vuls to use. The Debian security tracker collects all information about the vulnerability status of packages distributed with Debian. Data from this tracker may be useful because Ubuntu, as a distribution, is based upon Debian.

在本部分中,您将下载并编译gost ,这是一个Go软件包,可用于访问Debian安全漏洞跟踪器。 然后,您将运行它并获取漏洞数据供Vuls使用。 Debian安全跟踪程序收集有关与Debian一起分发的软件包的漏洞状态的所有信息。 来自该跟踪器的数据可能很有用,因为作为发行版的Ubuntu基于Debian。

You’ll store this package in a new folder. Create it by running the following command:

您将把这个包存储在一个新的文件夹中。 通过运行以下命令来创建它:

  • sudo mkdir -p $GOPATH/src/github.com/knqyf263

    须藤mkdir -p $ GOPATH / src / github.com / knqyf263

Navigate to the $GOPATH/src/github.com/knqyf263 folder you’ve just created:

导航到您刚刚创建的$GOPATH/src/github.com/knqyf263文件夹:

  • cd $GOPATH/src/github.com/knqyf263

    cd $ GOPATH / src / github.com / knqyf263

Clone the package from GitHub by running:

通过运行以下命令从GitHub复制该软件包:

  • sudo git clone https://github.com/knqyf263/gost.git

    须藤git clone https://github.com/knqyf263/gost.git

When it finishes, enter the package folder:

完成后,进入包文件夹:

  • cd gost

    cd gost

Compile and install it with make:

使用make编译并安装它:

  • make install

    进行安装

Copy it to /usr/local/bin to make it globally accessible:

将其复制到/usr/local/bin以使其可全局访问:

  • sudo cp $GOPATH/bin/gost /usr/local/bin

    须藤cp $ GOPATH / bin / gost / usr / local / bin

Then, symlink its database to the /usr/share/vuls-data folder, so that Vuls will later be able to find it:

然后,将其数据库符号链接到/usr/share/vuls-data文件夹,以便Vuls以后可以找到它:

  • ln -s $GOPATH/src/github.com/knqyf263/gost/gost.sqlite3 /usr/share/vuls-data/gost.sqlite3

    ln -s $ GOPATH / src / github.com / knqyf263 / gost / gost.sqlite3 / usr / share / vuls-data /gost.sqlite3

Create a log file directory for gost:

gost创建一个日志文件目录:

  • sudo mkdir /var/log/gost

    须藤mkdir / var / log / gost

Restrict access to the current user with the following command:

使用以下命令限制对当前用户的访问:

  • sudo chmod 700 /var/log/gost

    须藤chmod 700 / var / log / gost

As was noted before, setting the permission flags to 700 restricts access to only the owner.

如前所述,将权限标志设置为700限制仅对所有者的访问。

To make it accessible to sammy, or another user, run the following command:

要使其对sammy或其他用户可访问,请运行以下命令:

  • sudo chown -R sammy /var/log/gost

    须藤chown -R sammy / var / log / gost

Then, fetch the Debian security tracker data by running:

然后,通过运行以下命令获取Debian安全跟踪器数据:

  • gost fetch debian

    哥斯特抓debian

You’ll see output similar to the following:

您将看到类似于以下内容的输出:


   
   
Output
INFO[04-01|21:54:59] Initialize Database INFO[04-01|21:54:59] Opening DB. db=sqlite3 INFO[04-01|21:54:59] Migrating DB. db=sqlite3 INFO[04-01|21:54:59] Fetched all CVEs from Debian INFO[04-01|21:55:00] Fetched CVEs=2943 INFO[04-01|21:55:00] Insert Debian CVEs into DB db=sqlite3 26385 / 26385 [=========================================================================] 100.00% 9s

In this step, you have downloaded and installed gost and fetched the data for Debian. In the next step, you’ll download and install Vuls.

在此步骤中,您已经下载并安装了gost并获取了Debian的数据。 在下一步中,您将下载并安装Vuls。

步骤5 —下载和配置Vuls (Step 5 — Downloading and Configuring Vuls)

With all of the dependencies installed, now you’ll download and compile Vuls from source code. Afterward, you’ll configure it to scan the local machine.

安装了所有依赖项之后,现在您将从源代码下载并编译Vuls。 之后,您将对其进行配置以扫描本地计算机。

Create a new directory that contains the path to the Vuls repository, with the following command:

使用以下命令创建一个包含Vuls存储库路径的新目录:

  • mkdir -p $GOPATH/src/github.com/future-architect

    mkdir -p $ GOPATH / src / github.com / future-architect

Navigate to it:

导航到它:

  • cd $GOPATH/src/github.com/future-architect

    cd $ GOPATH / src / github.com / future-architect

Clone Vuls from GitHub by running the following command:

通过运行以下命令从GitHub克隆Vuls:

  • git clone https://github.com/future-architect/vuls.git

    git clone https://github.com/future-architect/vuls.git

Enter the package folder:

进入包文件夹:

  • cd vuls

    CD Vuls

Compile and install it at the same time by running:

通过运行以下命令同时编译并安装它:

  • make install

    进行安装

Remember that it may take some time for this command to complete.

请记住,此命令可能需要一些时间才能完成。

Copy it to /usr/local/bin to make it globally accessible:

将其复制到/usr/local/bin以使其可全局访问:

  • sudo cp $GOPATH/bin/vuls /usr/local/bin

    须藤cp $ GOPATH / bin / vuls / usr / local / bin

Now, you’ll create a configuration file for Vuls. Navigate back to /usr/share/vuls-data:

现在,您将为Vuls创建一个配置文件。 导航回/usr/share/ vuls-data

  • cd /usr/share/vuls-data

    cd / usr / share / vuls-data

Vuls stores its configuration in a TOML file, which you’ll call config.toml. Create it using your text editor:

Vuls将其配置存储在TOML文件中,您将其称为config.toml 。 使用您的文本编辑器创建它:

  • sudo nano config.toml

    须藤nano config.toml

Enter the following configuration:

输入以下配置:

vuls-data/config.toml’>/usr/share/vuls-data/config.toml
vuls-data / config.toml'> / usr / share / vuls-data /config.toml
[cveDict]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/cve.sqlite3"

[ovalDict]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/oval.sqlite3"

[gost]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/gost.sqlite3"

[servers]

[servers.localhost]
host = "localhost"
port = "local"
scanMode = [ "fast" ]
#scanMode = ["fast", "fast-root", "deep", "offline"]

The first two sections of this configuration (cveDict and ovalDict) point Vuls to the vulnerability databases you created in the last two steps. The next section (servers) marks the start of server-related information. Separate sections will group information about each server. The only server Vuls will scan with this outlined configuration is the local server (localhost).

此配置的前两个部分( cveDictovalDict )将Vuls指向您在最后两个步骤中创建的漏洞数据库。 下一部分( servers )标记服务器相关信息的开始。 单独的部分将对有关每个服务器的信息进行分组。 Vuls将使用此概述的配置扫描的唯一服务器是本地服务器( localhost )。

Vuls provides four scan modes:

Vuls提供了四种扫描模式:

  • Fast mode (default): scans without root privileges, has no dependencies, and is very light on the target server.

    快速模式 (默认):不具有root特权进行扫描,没有依赖项并且在目标服务器上运行非常轻松。

  • Fast root mode: scans with root privileges and can detect upgraded, but not yet restarted processes.

    快速root模式 :使用root特权进行扫描,可以检测已升级但尚未重启的进程。

  • Deep scan mode: same as fast root mode, but checks changelogs, which can lead to a high load on the target server.

    深度扫描模式 :与快速根模式相同,但是检查更改日志,这可能导致目标服务器上的负载过大。

  • Offline mode: scans the machine without internet access and can be used in conjunction with other modes.

    离线模式 :扫描没有互联网连接的机器,并且可以与其他模式一起使用。

Save and close the file.

保存并关闭文件。

To test the validity of the configuration file, run the following command:

要测试配置文件的有效性,请运行以下命令:

  • vuls configtest

    vuls configtest

You’ll see the following output:

您将看到以下输出:

[Feb 27 19:36:42]  INFO [localhost] Validating config...
[Feb 27 19:36:42]  INFO [localhost] Detecting Server/Container OS...
[Feb 27 19:36:42]  INFO [localhost] Detecting OS of servers...
[Feb 27 19:36:42]  INFO [localhost] (1/1) Detected: localhost: ubuntu 18.04
[Feb 27 19:36:42]  INFO [localhost] Detecting OS of containers...
[Feb 27 19:36:42]  INFO [localhost] Checking Scan Modes...
[Feb 27 19:36:42]  INFO [localhost] Checking dependencies...
[Feb 27 19:36:42]  INFO [localhost] Dependencies... Pass
[Feb 27 19:36:42]  INFO [localhost] Checking sudo settings...
[Feb 27 19:36:42]  INFO [localhost] sudo ... No need
[Feb 27 19:36:42]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Feb 27 19:36:42]  INFO [localhost] Scannable servers are below...
localhost

You’ve entered the configuration correctly, and Vuls has detected that it can scan the local server.

您已正确输入配置,并且Vuls已检测到它可以扫描本地服务器。

You’ve installed and configured Vuls to scan the local server. In the next step, you will run a local scan and view the generated report.

您已经安装并配置了Vuls来扫描本地服务器。 在下一步中,您将运行本地扫描并查看生成的报告。

第6步—运行本地扫描 (Step 6 — Running a Local Scan)

In this section, you will run a local scan and then view the generated vulnerability report. By now, you have configured only the local server, which Vuls correctly detected in the last step. The default scan mode, if not explicitly specified, is fast.

在本节中,您将运行本地扫描,然后查看生成的漏洞报告。 到目前为止,您仅配置了本地服务器,在最后一步中正确检测到了Vuls。 如果未明确指定,则默认扫描模式是快速的。

To run a scan, execute the following command:

要运行扫描,请执行以下命令:

  • vuls scan

    外阴扫描

You’ll see output similar to this:

您将看到类似于以下的输出:

[Feb 27 19:44:12]  INFO [localhost] Start scanning
[Feb 27 19:44:12]  INFO [localhost] config: /usr/share/vuls-data/config.toml
[Feb 27 19:44:12]  INFO [localhost] Validating config...
[Feb 27 19:44:12]  INFO [localhost] Detecting Server/Container OS...
[Feb 27 19:44:12]  INFO [localhost] Detecting OS of servers...
[Feb 27 19:44:12]  INFO [localhost] (1/1) Detected: localhost: ubuntu 18.04
[Feb 27 19:44:12]  INFO [localhost] Detecting OS of containers...
[Feb 27 19:44:12]  INFO [localhost] Checking Scan Modes...
[Feb 27 19:44:12]  INFO [localhost] Detecting Platforms...
[Feb 27 19:44:12]  INFO [localhost] (1/1) localhost is running on other
[Feb 27 19:44:12]  INFO [localhost] Scanning vulnerabilities...
[Feb 27 19:44:12]  INFO [localhost] Scanning vulnerable OS packages...
[Feb 27 19:44:12]  INFO [localhost] Scanning in fast mode


One Line Summary
================
localhost       ubuntu18.04     539 installed


To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

Vuls has logged what it did in the process. To view a report of vulnerabilities it has identified, run:

Vuls已记录其在此过程中所做的工作。 要查看已发现的漏洞报告,请运行:

  • vuls tui

    秃tu

Vuls divides the report view into four panels:

Vuls将报告视图分为四个面板:

  • Scanned machines: located on the upper left, lists machines that Vuls scanned.

    扫描的计算机:位于左上角,列出了Vuls扫描的计算机。
  • Found vulnerabilities: located right of the machine list, shows the vulnerabilities Vuls found in installed packages.

    找到的漏洞:位于计算机列表的右侧,显示在已安装的软件包中找到的漏洞。
  • Detailed information: takes up the left part of the screen, shows detailed information about the vulnerability, pulled from the databases.

    详细信息:占据屏幕的左侧,显示从数据库中提取的有关该漏洞的详细信息。
  • Affected packages: located right of the detailed information, shows what the affected package versions are, and if there is a fixed version.

    受影响的软件包:位于详细信息的右侧,显示受影响的软件包的版本以及是否有固定版本。

You can cycle the cursor through the panels by pressing ENTER, and navigate with the keyboard arrows.

您可以通过按ENTER在面板上循环光标,并使用键盘箭头导航。

In this step, you have run a local scan and inspected the results. In the next optional section, you’ll configure Vuls to scan multiple target machines.

在此步骤中,您已经运行了本地扫描并检查了结果。 在下一个可选部分中,您将配置Vuls扫描多个目标计算机。

步骤7 —(可选)配置多台目标计算机 (Step 7 — (Optional) Configuring Multiple Target Machines)

In this section, you’ll configure Vuls to scan multiple target machines. This entails configuring /etc/sudoers on the target and configuring Vuls to scan the target.

在本节中,您将配置Vuls扫描多个目标计算机。 这需要在目标上配置/etc/sudoers并配置Vuls以扫描目标。

In the previous step, you configured Vuls to scan the local machine (localhost). You can add as many servers as you wish, provided you have the following:

在上一步中,您将Vuls配置为扫描本地计算机( localhost )。 如果您具有以下条件,则可以根据需要添加任意数量的服务器:

  • the target server’s IP

    目标服务器的IP
  • root access to the target server

    对目标服务器的root访问
  • an available account on the target server (sammy-shark in this tutorial)

    目标服务器上的可用帐户(本教程中为sammy-shark )

You can only use a non-root user account on the target server for scanning in fast mode. To enable scanning in fast root and deep modes, you’ll need to edit the /etc/sudoers file on the target machine(s). The sudoers file controls which users can run what commands, and also whether you need a password for specified commands.

您只能在目标服务器上使用非root用户帐户以快速模式进行扫描。 要以快速根模式和深度模式启用扫描,您需要在目标计算机上编辑/etc/sudoers文件。 sudoers文件控制哪些用户可以运行哪些命令,以及控制是否需要密码来指定命令。

Since visudo is the utility for defining rules for access and privileged access, you can only run it as root. Because of the importance of sudoers, the file will not exit with errors without giving a warning.

由于visudo是用于定义访问规则和特权访问规则的实用程序,因此只能以root身份运行它。 由于sudoers的重要性,该文件不会发出错误而不会发出警告。

On the target server, log in as root and open sudoers for editing by running visudo:

在目标服务器上,以root身份登录并通过运行visudo打开sudoers进行编辑:

  • visudo

    维苏多

Add this line to the end of the file:

将此行添加到文件末尾:

/etc/sudoers
/ etc / sudoers
sammy-shark ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart

This line instructs sudo to allow user sammy-shark to run apt-get update, checkrestart, and every command available from stat, without providing a password.

该行指示sudo允许用户sammy-shark运行apt-get updatecheckrestartstat可用的每个命令,而无需提供密码。

Save and close the file. If you made a syntax error in the process, visudo will inform you and offer to edit it again or exit.

保存并关闭文件。 如果您在此过程中遇到语法错误, visudo会通知您并提议再次对其进行编辑或退出。

Note: By allowing the sammy-shark user in sudoers, you are allowing Vuls to scan using fast root and deep modes. If you want to allow those modes for the local machine (localhost) too, edit sudoers on localhost as shown earlier.

注意:通过在sudoers允许sammy-shark用户,您将允许Vuls使用快速rootdeep模式进行扫描。 如果您也要允许本地计算机( localhost )使用这些模式,请如先前所示在localhost上编辑sudoers

Vuls uses the checkrestart utility to check for packages that are updated, but require restart. To ensure the target server has it, log in as your non-root user, and install it by running the following command:

Vuls使用checkrestart实用工具来检查已更新但需要重新启动的软件包。 要确保目标服务器拥有它,请以您的非root用户身份登录,然后通过运行以下命令进行安装:

  • sudo apt install debian-goodies -y

    sudo apt安装debian-goodies -y

That is all you need to do on the target server; you can now log out from the target and log back in to your first server.

这就是您需要在目标服务器上完成的所有工作。 您现在可以从目标注销,然后重新登录到第一台服务器。

To add a new server for scanning, open config.toml and add the following lines under the [servers] mark:

要添加新服务器进行扫描,请打开config.toml并在[servers]标记下添加以下行:

/usr/share/vuls-data/config.toml
/usr/share/vuls-data/config.toml
[servers.target_name]
host = "target_ip"
port = "22"
user = "account_username"
keyPath = "account_rsa_key"
scanMode = [ "deep" ] # "fast", "fast-root" or "deep"

The lines above serve as a template for adding new servers. Remember to replace target_name with the desired name, target_ip with the IP of the target server, account_username with the username, and account_rsa_key with the path to the RSA key. Vuls does not support SSH password authentication, so specifying a keyPath is necessary.

上面的几行用作添加新服务器的模板。 切记用所需名称替换target_name ,用目标服务器的IP替换target_ip ,用用户名替换account_username ,并用RSA密钥的路径替换account_rsa_key 。 Vuls不支持SSH密码身份验证,因此必须指定keyPath

Save and close the file.

保存并关闭文件。

Next, for each target server you’ve added, you’ll confirm the RSA keys on the local machine. To achieve this, you’ll log in to the target server from your first server with the appropriate key, like so:

接下来,对于已添加的每个目标服务器,您将确认本地计算机上的RSA密钥。 为此,您将使用适当的密钥从第一台服务器登录到目标服务器,如下所示:

  • ssh sammy-shark@target_ip -i account_rsa_key

    ssh sammy-shark @ target_ip -i account_rsa_key

When asked whether you want to continue connecting, enter yes, then log out by pressing CTRL + D.

当询问您是否要继续连接时,输入yes ,然后按CTRL + D退出。

If you get an error about key file permissions being too open, set them to 600 by running the following command:

如果您收到有关密钥文件权限过于开放的错误,请通过运行以下命令将其设置为600

  • chmod 600 account_rsa_key

    chmod 600 account_rsa_key

Setting permissions to 600 ensures that only the owner can read and write the key file.

将权限设置为600可确保只有所有者才能读取和写入密钥文件。

To check the validity of the new configuration, run the following command:

要检查新配置的有效性,请运行以下命令:

  • vuls configtest

    vuls configtest

There will be no output from this command. If there are any errors, check your config.toml against the configuration in the tutorial.

该命令将没有输出。 如果有任何错误,请对照教程中的配置检查config.toml

In this step, you’ve added more target servers to your Vuls configuration, thus marking them for scanning. In the next section, you will configure Vuls to periodically scan and send reports to a configured Slack workspace.

在此步骤中,您已将更多目标服务器添加到Vuls配置中,从而将它们标记为要扫描。 在下一部分中,您将配置Vuls定期扫描并将报告发送到已配置的Slack工作区。

步骤8 —配置定期扫描并将其报告为松弛 (Step 8 — Configuring Periodic Scanning and Reporting to Slack)

In this section, you will configure Vuls to send reports to Slack and make a cron job to run Vuls scans periodically.

在本部分中,您将配置Vuls将报告发送到Slack,并进行cron作业以定期运行Vuls扫描。

To use Slack integration, you’ll need to have an incoming webhook on Slack for your workspace. Incoming webhooks are a simple way of an application providing other applications real-time information. In this case, you’ll be configuring Vuls to report to your Slack channel.

要使用Slack集成,您需要在Slack上为您的工作区添加一个传入的Webhook。 传入的Web挂钩是应用程序提供其他应用程序实时信息的一种简单方法。 在这种情况下,您将配置Vuls向您的Slack频道报告。

If you haven’t ever created a webhook, you’ll first need to create an app for your workspace. To do so, first log in to Slack and navigate to the app creation page. Pick a name that you’ll recognize, select the desired workspace, and click Create App.

如果您从未创建过Webhook,则首先需要为您的工作区创建一个应用程序。 为此,首先登录Slack并导航到应用程序创建页面 。 选择一个您会识别的名称,选择所需的工作区,然后单击“ 创建应用程序”

You’ll be redirected to the settings page for the new app. Click on Incoming Webhooks on the left navigation bar.

您将被重定向到新应用的设置页面。 单击左侧导航栏上的传入Web钩

Enable webhooks by flipping the switch button next to the title Activate Incoming Webhooks.

通过翻转标题“ 激活传入的Webhooks”旁边的开关按钮来启用webhooks

A new section further down the page will be uncovered. Scroll down and click the Add New Webhook to Workspace button. On the next page, select the channel you want the reports to be sent to and click Authorize.

页面下方的新部分将被发现。 向下滚动并单击将新的Webhook添加到工作区按钮。 在下一页上,选择要将报告发送到的渠道,然后点击授权

You’ll be redirected back to the settings page for webhooks, and you’ll see a new webhook listed in the table. Click on Copy to copy it to clipboard and make note of it for later use.

您将被重定向回到webhooks的设置页面,并且您会在表中看到一个新的webhook。 单击复制将其复制到剪贴板,并记下以备后用。

Then, open config.toml for editing:

然后,打开config.toml进行编辑:

  • sudo nano config.toml

    须藤nano config.toml

Add the following lines:

添加以下行:

/usr/share/vuls-data/config.toml
/usr/share/vuls-data/config.toml
[slack]
hookURL      = "your_hook_url"
channel      = "#your_channel_name"
authUser     = "your_username"
#notifyUsers  = ["@username"]

Replace the your_hook_URL with the webhook URL you noted earlier, your_username with the username of the user that created the web hook, and your_channel_name with the name of the desired channel. Save and close the file.

your_hook_URL替换为您先前记下的your_hook_URL URL,将your_username为创建该Web钩子的用户的用户名,并将your_channel_name替换为所需频道的名称。 保存并关闭文件。

To test the integration, you can generate a report by running vuls report, like this:

要测试集成,您可以通过运行vuls report生成vuls report ,如下所示:

  • sudo vuls report -to-slack

    sudo vuls报告-松弛

Vuls will take a few moments to run and exit successfully. If it shows an error, check what you’ve entered against the preceding lines.

Vuls需要花一些时间才能成功运行和退出。 如果显示错误,请对照前几行检查您输入的内容。

You can check the Slack app and confirm that Vuls has successfully sent the report.

您可以检查Slack应用并确认Vuls已成功发送报告。

Now that you’ve configured reporting, you’ll set up scheduled scans. cron is a time-based job scheduler found on every Ubuntu machine. It is configured via the crontab file that defines in precise syntax when a command should run. To help ease the editing, you’ll use the crontab utility, which opens the current crontab file in an editor.

现在,您已经配置了报告,接下来将设置计划的扫描。 cron是在每台Ubuntu计算机上找到的基于时间的作业调度程序。 它是通过crontab文件配置的,该文件以精确的语法定义何时应运行命令。 为了帮助简化编辑,您将使用crontab实用程序,该实用程序将在编辑器中打开当前的crontab文件。

Open the current crontab file by running the following command:

通过运行以下命令打开当前的crontab文件:

  • crontab -e

    crontab -e

When prompted, select your preferred text editor from the list.

出现提示时,从列表中选择首选的文本编辑器。

Add the following line to the end of the file:

将以下行添加到文件末尾:

0 0 * * * vuls scan -config=/usr/share/vuls-data/config.toml; vuls report -config=/usr/share/vuls-data/config.toml > /dev/null 2>&1

The line above instructs cron to run vuls scan and vuls report with the given configuration every day at noon (denoted by 0 0 * * * in cron syntax).

上面的行指示cron每天中午以给定的配置运行vuls scanvuls report (以cron语法表示为0 0 * * * )。

Save and close the file.

保存并关闭文件。

In this step, you have connected Vuls to your Slack workspace and configured cron to run a Vuls scan and report every day at noon.

在此步骤中,您已将Vuls连接到Slack工作区,并配置cron以运行Vuls扫描并每天中午报告。

结论 (Conclusion)

You have now successfully set up Vuls with automated scanning and reporting on an Ubuntu 18.04 server. For more reporting options, as well as troubleshooting, visit the Vuls documentation.

现在,您已经在Ubuntu 18.04服务器上成功设置了具有自动扫描和报告功能的Vuls。 有关更多报告选项以及疑难解答,请访问Vuls文档

With Vuls, vulnerability assessment becomes a more seamless process in production environments. As an alternative to setting up cron, it is also possible to use Vuls in a continuous deployment workflow, as its scans are lightweight and you can run them as needed. You could also consider implementing a firewall with Vuls to restrict access and reduce the need for root access.

使用Vuls,漏洞评估在生产环境中变得更加无缝。 作为设置cron的替代方法,还可以在连续部署工作流中使用Vuls,因为它的扫描是轻量级的,您可以根据需要运行它们。 您也可以考虑使用Vuls实施防火墙 ,以限制访问并减少对root用户的访问。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-use-vuls-as-a-vulnerability-scanner-on-ubuntu-18-04

vuls

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值