Icon

Partager Envoyer

(Document) Vulnerabilities Scanner Vuls

Détection de vulnérabilités avec Vuls

Vuls est un scanner de failles de sécurité (ou vulnérabilités) qui s'appuie sur les dictionnaires existants.

FreeBSD version 11 et inférieures

Installer comme suit :

# pkg search vuls
vuls-0.4.2.2                   Agentless vulnerability scanner
# pkg inst vuls
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
pkg: py34-gobject3 has a missing dependency: py34-cairo
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        vuls: 0.4.2.2
        go-cve-dictionary: 0.1.1.1

Number of packages to be installed: 2

The process will require 28 MiB more space.
8 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/2] Fetching vuls-0.4.2.2.txz: 100%    4 MiB 925.3kB/s    00:05
[2/2] Fetching go-cve-dictionary-0.1.1.1.txz: 100%    3 MiB 837.8kB/s    00:04
Checking integrity... done (0 conflicting)
[1/2] Installing go-cve-dictionary-0.1.1.1...
===> Creating groups.
Creating group 'vuls' with gid '888'.
===> Creating users
Creating user 'vuls' with uid '888'.
[1/2] Extracting go-cve-dictionary-0.1.1.1: 100%
[2/2] Installing vuls-0.4.2.2...
[2/2] Extracting vuls-0.4.2.2: 100%
Message from go-cve-dictionary-0.1.1.1:

===============================================================================
Congratulations, you have installed go-cve-dictionary!

go-cve-dictionary does not ship any CVE database.
To download CVEs from 2002 until present run:

for i in `seq 2002 $(date +"%Y")`; 
    do go-cve-dictionary fetchnvd -years $i; 
    done

After download, set the permissions of the CVE databases:

chown vuls:vuls /var/db/vuls/* /var/log/vuls/*

To enable go-cve-dictionary and start:

sysrc go_cve_dictionary_enable="YES"
service go-cve-dictionary start
===============================================================================
Message from vuls-0.4.2.2:

===============================================================================

Vuls requires the cve.sqlite3 database provided by go-cve-dictionary

===============================================================================
#

Comme indiqué sur la sortie, configurer go-cve-dictionary :

bash

for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i;  done

Créer le fichier config.toml dans $HOME avec le contenu suivant :

[servers]

[servers.localhost]
host = "localhost"
port = "local"

Configurer les permissions :

chown vuls:vuls /var/db/vuls/* /var/log/vuls/*

Lancer au démarrage du système :

sysrc go_cve_dictionary_enable="YES"
service go-cve-dictionary start

Pour l'utiliser :

vuls scan
vuls report

Bases de données complémentaires :

  • oval.sqlite3 : https://github.com/kotakanbe/goval-dictionary#usage
  • gost.sqlite3 (Debian, RHEL CentOS) : https://github.com/knqyf263/gost#fetch-redhat
  • go-exploitdb.sqlite3 : https://github.com/mozqnet/go-exploitdb

FreeBSD 13.2

Installer les paquets nécessaires avec :

pkg inst vuls vulsrepo go-cve-dictionary

Récupérer les bases avec :

/usr/local/etc/periodic/daily/go-cve-dictionary

Pour éviter que vuls report ne se termine avec une erreur, il faut modifier le chemin des bases sqlite3 dans /usr/local/etc/vuls/config.toml :

vim /usr/local/etc/vuls/config.toml

Puis, dans l'éditeur :

:%s/tmp/db/g

:x

 

Voici la sortie complète de l'installation :

root@local:~ # pkg inst vuls vulsrepo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    vuls: 0.25.2_2
    vulsrepo: 0.7.1_3

Number of packages to be installed: 2

The process will require 151 MiB more space.
42 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/2] Fetching vuls-0.25.2_2.pkg: 100%   29 MiB 655.5kB/s    00:46    
[2/2] Fetching vulsrepo-0.7.1_3.pkg: 100%   13 MiB 540.2kB/s    00:26    
Checking integrity... done (0 conflicting)
[1/2] Installing vuls-0.25.2_2...
===> Creating groups.
Creating group 'vuls' with gid '888'.
===> Creating users
Creating user 'vuls' with uid '888'.
===> Creating homedir(s)
[1/2] Extracting vuls-0.25.2_2: 100%
[2/2] Installing vulsrepo-0.7.1_3...
===> Creating groups.
Using existing group 'vuls'.
===> Creating users
Using existing user 'vuls'.
===> Creating homedir(s)
[2/2] Extracting vulsrepo-0.7.1_3: 100%
=====
Message from vuls-0.25.2_2:

--
Congratulations, you have installed vuls!

To use vuls, install vuls on all your machines and activate the daily
periodic script using

sysrc -f /etc/periodic.conf daily_vuls_enable="YES"

and perhaps also add some config parameters; check the information header of
/usr/local/etc/periodic/daily/vuls.

Configure vuls by editing /usr/local/etc/vuls/config.toml.

Vuls uses the port security/go-cve-dictionary to look up information about
packages' CVEs. Install that port separately somewhere in your infrastructure,
start the service and point vuls to it for CVE queries by editing vuls'
configuration in /usr/local/etc/vuls.conf and setting the cveDict url properly.

If you want to use vuls to collect reports from several nodes, set up the vuls
service somewhere in your infrastructure. Set it up by enabling it and start it
using service:

sysrc vuls_enable="YES"
service vuls start

Also consider installing security/vulsrepo to present the resports in a
friendly human-readable web gui.
=====
Message from vulsrepo-0.7.1_3:

--
Congratulations, you have installed vulsrepo!

Vulsrepo uses the reports saved by security/vuls to present packages' CVEs.
Follow the install directions for security/vuls to set it up to create reports.
Install vulsrepo in the same environment where you run the `vuls server'.  Once
you have reports to present, edit /usr/local/etc/vulsrepo-config.toml to
your liking and start the service:

sysrc vulsrepo_enable="YES"
service vulsrepo start

root@local:~ # pkg inst go-cve-dictionary
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    go-cve-dictionary: 0.10.1_4

Number of packages to be installed: 1

The process will require 21 MiB more space.
6 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching go-cve-dictionary-0.10.1_4.pkg: 100%    6 MiB   6.2MB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing go-cve-dictionary-0.10.1_4...
===> Creating groups.
Using existing group 'vuls'.
===> Creating users
Using existing user 'vuls'.
===> Creating homedir(s)
[1/1] Extracting go-cve-dictionary-0.10.1_4: 100%
=====
Message from go-cve-dictionary-0.10.1_4:

--
Congratulations, you have installed go-cve-dictionary!

Setup go-cve-dictionary to use you preferred database type and set up access by
editing the config file at /usr/local/etc/go-cve-dictionary.yaml. There's a
default setup for your convenience using sqlite3, but you can also choose
Redis, PostgreSQL or MySQL if you prefer that.

go-cve-dictionary does not ship any CVE database. Instead, to download CVEs
from 2002 until present and keep them updated, activate the periodic script by
running

sysrc -f /etc/periodic.conf daily_go_cve_dictionary_enable="YES"

Then, to fetch the NVD database of CVEs immediately, run

/usr/local/etc/periodic/daily/go-cve-dictionary

To enable the go-cve-dictionary service, edit
/usr/local/etc/go-cve-dictionary.yaml and set bind and port, and then activate
and start the service using:

sysrc go_cve_dictionary_enable="YES"
service go-cve-dictionary start

 


Ce document a été publié le 2019-02-21 09:15:07. (Dernière mise à jour : 2024-06-10 14:24:32.)

Icon (Sujet) Sujets » Sécurité




This website uses 'cookies' to enhance user experience and provide authentification. You may change which cookies are set at any time by clicking on more info. Accept
x