昨日Vuls v0.5.0をリリースしました!
RHEL, CentOS, Debianでパッチ未提供な脆弱性も検知可能に。
また、ワンライナーで検知可能なサーバモードなど、超絶改善しています。
https://t.co/JgtLOKkDgN一部壊れていたドキュメントサイト、復旧してます。https://t.co/BzROzkP2u4#vulsjp
— vuls (@vuls_ja) August 28, 2018
さあて、Vulsの新バージョンv0.5.0にアップデートしてみました!
v0.4.2からv0.5.0へアップデートするにはgostとvulsリポジトリを削除してもう一度入れ直すという
作業が発生します。今回試してみましたので参考にしてくだせえ〜〜
■v0.5.0
https://github.com/future-architect/vuls/releases/tag/v0.5.0
■Install Manually on CentOS
https://vuls.io/docs/ja/install-manually-centos.html
今回はAmazon Linux上で試しています。
まずはgost (go-security-tracker)をデプロイしましょう。(下記リポジトリより)
https://github.com/knqyf263/gost
ちなみにgostはSecury Tracker(Redhat/Debian)をローカルにコピーして、さらにスキャン性能があがるとのことです。もちろんウォッチリストにCVEを登録すればメールやSlackで通知もできるみたいです。
・Deploy gost
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
$ mkdir -p $GOPATH/src/github.com/knqyf263 $ cd $GOPATH/src/github.com/knqyf263 $ git clone https://github.com/knqyf263/gost.git Cloning into 'gost'... remote: Counting objects: 297, done. remote: Compressing objects: 100% (3/3), done. remote: Total 297 (delta 0), reused 1 (delta 0), pack-reused 294 Receiving objects: 100% (297/297), 1.24 MiB | 2.03 MiB/s, done. Resolving deltas: 100% (161/161), done. $ cd gost $ make install go get -u github.com/golang/dep/... dep ensure -v (1/40) Wrote github.com/BurntSushi/toml@v0.3.0 (2/40) Wrote github.com/inconshreveable/log15@v2.13 (3/40) Wrote github.com/lib/pq@master (4/40) Wrote github.com/mattn/go-colorable@v0.0.9 (5/40) Wrote gopkg.in/yaml.v2@v2.2.1 (6/40) Wrote github.com/inconshreveable/mousetrap@v1.0 (7/40) Wrote github.com/dgrijalva/jwt-go@v3.2.0 (8/40) Wrote github.com/labstack/echo@v2.2.0 (9/40) Wrote github.com/magiconair/properties@v1.8.0 (10/40) Wrote github.com/go-redis/redis@v6.12.0 (11/40) Wrote github.com/go-sql-driver/mysql@v1.4.0 (12/40) Wrote github.com/go-stack/stack@v1.7.0 (13/40) Wrote github.com/labstack/gommon@0.2.6 (14/40) Wrote github.com/jinzhu/gorm@v1.9.1 (15/40) Wrote github.com/jinzhu/inflection@master (16/40) Wrote github.com/cenkalti/backoff@v2.0.0 (17/40) Wrote github.com/mattn/go-isatty@v0.0.3 (18/40) Wrote github.com/mattn/go-runewidth@v0.0.2 (19/40) Wrote github.com/mitchellh/go-homedir@master (20/40) Wrote github.com/mattn/go-sqlite3@v1.9.0 (21/40) Wrote github.com/fsnotify/fsnotify@v1.4.7 (22/40) Wrote github.com/moul/http2curl@master (23/40) Wrote github.com/parnurzeal/gorequest@v0.2.15 (24/40) Wrote github.com/hashicorp/hcl@master (25/40) Wrote github.com/pkg/errors@v0.8.0 (26/40) Wrote github.com/mitchellh/mapstructure@master (27/40) Wrote github.com/pelletier/go-toml@v1.2.0 (28/40) Wrote github.com/spf13/afero@v1.1.1 (29/40) Wrote github.com/spf13/cast@v1.2.0 (30/40) Wrote github.com/spf13/cobra@v0.0.3 (31/40) Wrote github.com/spf13/jwalterweatherman@master (32/40) Wrote github.com/spf13/pflag@v1.0.1 (33/40) Wrote github.com/spf13/viper@v1.0.2 (34/40) Wrote github.com/valyala/bytebufferpool@master (35/40) Wrote golang.org/x/net@master (36/40) Wrote golang.org/x/sys@master (37/40) Wrote github.com/valyala/fasttemplate@master (38/40) Wrote golang.org/x/text@v0.3.0 (39/40) Wrote google.golang.org/appengine@v1.1.0 (40/40) Wrote gopkg.in/cheggaaa/pb.v1@v1.0.25 go install -ldflags "-X 'main.version=v0.1.0' -X 'main.revision=e926a00'" |
・fetch security tracker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$ sudo mkdir /var/log/gost $ sudo chown vuls:vuls /var/log/gost $ cd ~/vuls $ gost fetch redhat --after 2016-01-01 INFO[08-29|19:41:56] Initialize Database INFO[08-29|19:41:56] Opening DB. db=sqlite3 INFO[08-29|19:41:56] Migrating DB. db=sqlite3 INFO[08-29|19:41:56] Fetch the list of CVEs INFO[08-29|19:42:56] Fetched 6310 CVEs 6310 / 6310 [==========================================================================================================] 100.00% 7m23s INFO[08-29|19:50:20] Insert RedHat into DB db=sqlite3 0 / 6310 [-------------------------------------------------------------------------------------------------------------------] 0.00%INFO[08-29|19:50:20] Insert 6310 CVEs 6310 / 6310 [============================================================================================================] 100.00% 43s $ ll gost.sqlite3 -rw-r--r-- 1 vuls vuls 12075008 8月 29 19:51 gost.sqlite3 $ gost -v gost e926a00 |
・Remove Vuls0.4.2/go-cve-dictionary
1 2 3 4 5 6 7 8 9 10 11 12 |
$ rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/ $ rm -rf $GOPATH/src/github.com/future-architect/vuls/ $ cd $GOPATH/src/github.com/future-architect $ git clone https://github.com/future-architect/vuls.git $ cd vuls $ make install $ rm -rf $GOPATH/src/github.com/kotakanbe/go-cve-dictionary $ cd $GOPATH/src/github.com/kotakanbe $ git clone https://github.com/kotakanbe/go-cve-dictionary.git $ cd go-cve-dictionary/ $ make install |
・Auto update (goval/go-cve-dictionary/gost,Vuls)
自分で作った自動アップデートスクリプトでかまします。
https://gist.github.com/RVIRUS0817/7702134ec4870057141c1239edffa6a1#file-vuls-update5-sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$ ./vuls-update5.sh ----Current goval/go-cve-dictionary/gost,Vuls version---- go-cve-dictionary v0.2.0 01c5660 goval-dictionary b8751b9 gost e926a00 vuls v0.5.0 ac510d2 ----Update go-cve-dictionary---- Update OK ----Update goval-dictionary---- Update OK ----Update gost---- Update OK ----Update Vuls---- Update OK ----New goval/go-cve-dictionary,Vuls version---- go-cve-dictionary v0.2.0 01c5660 goval-dictionary v0.1.0 818624d gost e926a00 vuls v0.5.0 ac510d2 |
できた!これでアップデート完了!
・config.toml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
#追加 [cveDict] type = "sqlite3" path = "/home/vuls/vuls/cve.sqlite3" #追加 [ovalDict] type = "sqlite3" path = "/home/vuls/vuls/oval.sqlite3" #追加 [gost] type = "sqlite3" path = "/home/vuls/vuls/gost.sqlite3" [servers] [servers.localhost] host = "localhost" port = "local" scanMode = ["fast"] #追加 |
スキャンモードが増えまして、様々な環境によって使いこなすことができますな。
deepスキャンはVuls0.4.2の時と速さは同じなので、基本fastかfast-rootにしましょう。
・test vuls scan/report
flag provided but not defined: -format-short-text
-format-short-textがなくなったらしく、-format-one-line-textに変更してみました。
するとちゃんとSlackとChatWorkに通知OK!!
■まとめ
とりあえずまずはアップデートから行って、
後ほど新機能について深く触っていければと思います!!
0件のコメント