Vuls 설정

12534 단어 vuls
AWS를 도입한 EC2.
기계를 이용하다

인스턴스
$ cat /etc/system-release
Amazon Linux AMI release 2018.03
$ uname -a
Linux ip-172-16-0-57 4.14.138-89.102.amzn1.x86_64 #1 SMP Thu Aug 15 15:41:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/system-release
Amazon Linux AMI release 2018.03
https://vuls.io/docs/en/install-manually-centos.html
공식에 따라 일하다
구글 가져오기
$ sudo yum -y install sqlite git gcc make wget
$ wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz
$ sudo tar -C /usr/local -xzf go1.13.4.linux-amd64.tar.gz 
$ mkdir go
$ vi /etc/profile.d/goenv.sh
$ export GOROOT=/usr/local/go
$ export GOPATH=$HOME/go
$ export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
$ source /etc/profile.d/goenv.sh
Vuls 설정
$ sudo mkdir /var/log/vuls
$ sudo chown ec2-user /var/log/vuls
$ sudo chmod 700 /var/log/vuls
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/go-cve-dictionary.git
$ cd go-cve-dictionary
$ make install
데이터 수집
$ cd $HOME
$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done
$ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 832M Nov 28 13:29 cve.sqlite3
$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done
$ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 1.2G Nov 28 13:51 cve.sqlite3
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionary.git
$ cd goval-dictionary
$ make install
$ ln -s $GOPATH/src/github.com/kotakanbe/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3
$ goval-dictionary fetch-amazon 2018.03
$ sudo mkdir /var/log/gost
$ sudo chown ec2-user /var/log/gost
$ sudo chmod 700 /var/log/gost
$ mkdir -p $GOPATH/src/github.com/knqyf263
$ cd $GOPATH/src/github.com/knqyf263
$ git clone https://github.com/knqyf263/gost.git
$ cd gost
$ make install
$ ln -s $GOPATH/src/github.com/knqyf263/gost/gost.sqlite3 $HOME/gost.sqlite3
$ gost fetch redhat
$ sudo mkdir /var/log/go-exploitdb
$ sudo chown ec2-user /var/log/go-exploitdb
$ sudo chmod 700 /var/log/go-exploitdb
$ mkdir -p $GOPATH/src/github.com/mozqnet
$ cd $GOPATH/src/github.com/mozqnet
$ git clone https://github.com/mozqnet/go-exploitdb.git
$ cd go-exploitdb
$ make install
$ go-exploitdb fetch exploitdb
$ ln -s $GOPATH/src/github.com/mozqnet/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3
$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install
$ cd $HOME
$ cat config.toml
[servers]

[servers.localhost]
host = "localhost"
port = "local"
$ vuls configtest
$ vuls scan
$ vuls report -format-list -lang ja 
[Nov 28 16:01:40]  INFO [localhost] Validating config...
[Nov 28 16:01:40]  INFO [localhost] Loaded: /home/ec2-user/results/2019-11-28T15:57:36Z
[Nov 28 16:01:40]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /home/ec2-user/cve.sqlite3 
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/ec2-user/oval.sqlite3 
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /home/ec2-user/gost.sqlite3 
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /home/ec2-user/go-exploitdb.sqlite3 
INFO[11-28|16:01:40] Opening DB.                              db=sqlite3
INFO[11-28|16:01:40] Migrating DB.                            db=sqlite3
INFO[11-28|16:01:40] Opening Database.                        db=sqlite3
INFO[11-28|16:01:40] Migrating DB.                            db=sqlite3
localhost (amazon2018.03)
=========================
Total: 22 (High:9 Medium:10 Low:3 ?:0), 22/22 Fixed, 417 installed, 26 updatable, 0 exploits, en: 0, ja: 0 alerts

+----------------+------+--------+-----+------+---------+-------------------------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC | CERT |  FIXED  |                       NVD                       |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
| CVE-2019-15902 |  9.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15902 |
| CVE-2019-5481  |  9.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5481  |
| CVE-2019-5482  |  9.8 |  AV:A  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5482  |
| CVE-2019-14287 |  9.0 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14287 |
| CVE-2019-14821 |  8.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14821 |
| CVE-2016-3616  |  7.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2016-3616  |
| CVE-2019-14835 |  7.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14835 |
| CVE-2019-15538 |  7.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15538 |
| CVE-2019-9511  |  7.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9511  |
| CVE-2019-9513  |  7.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9513  |
| CVE-2018-11813 |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11813 |
| CVE-2019-16056 |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16056 |
| CVE-2019-6109  |  6.8 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6109  |
| CVE-2018-11212 |  6.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11212 |
| CVE-2018-11213 |  6.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11213 |
| CVE-2018-11214 |  6.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11214 |
| CVE-2018-12207 |  6.5 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-12207 |
| CVE-2018-14498 |  6.5 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14498 |
| CVE-2019-11135 |  6.5 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11135 |
| CVE-2019-6111  |  5.9 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6111  |
| CVE-2019-11139 |  5.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11139 |
| CVE-2018-20685 |  5.3 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20685 |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
창고에 비해 패키지 도입의 취약성이 가시화되었다.

좋은 웹페이지 즐겨찾기