13.Vuls安装

$ mkdir -p $GOPATH/src/github.com/future-architect

$ cd $GOPATH/src/github.com/future-architect

$ git clone https://github.com/future-architect/vuls.git

$ cd vuls

$ make install

$ cd $GOPATH/bin

$ ll vuls

-rwxrwxr-x 1 vulsuser vulsuser 39395056 Sep 21 21:12 vuls

$ cd $HOME

$ vuls -v

vuls v0.12.3 build-20200921_210247_4b680b9

14.VulsRepo安装及设置

$ cd $HOME

$ git clone https://github.com/usiusi360/vulsrepo.git

$ cd $HOME/vulsrepo/server

$ cp vulsrepo-config.toml.sample vulsrepo-config.toml

$ vi vulsrepo-config.toml

设定修改为以下内容

[Server]

rootPath = "/home/vulsuser/vulsrepo"

resultsPath = "/home/vulsuser/results"

serverPort = "5111"

$ mkdir -p /home/vulsuser/results

$ sudo vi /etc/systemd/system/vulsrepo.service

插入以下内容

[Unit]

Description=vulsrepo daemon

Documentation=https://github.com/usiusi360/vulsrepo

[Service]

ExecStart = /home/vulsuser/vulsrepo/server/vulsrepo-server

ExecRestart = /bin/kill -WINCH ${MAINPID} ; /home/vulsuser/vulsrepo/server/vulsrepo-server

ExecStop = /bin/kill -WINCH ${MAINPID}

Restart = no

Type = simple

User = vulsuser

[Install]

WantedBy = multi-user.target

$ sudo systemctl list-unit-files --type=service | grep vulsrepo

$ sudo systemctl start vulsrepo.service

$ sudo systemctl status vulsrepo.service

● vulsrepo.service - vulsrepo daemon

Loaded: loaded (/etc/systemd/system/vulsrepo.service; enabled; vendor preset: disabled)

Active: active (running) since Mon 2020-09-21 21:53:01 EDT; 27min ago

Docs: https://github.com/usiusi360/vulsrepo

Process: 3182 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)

Main PID: 3187 (vulsrepo-server)

Tasks: 4

CGroup: /system.slice/vulsrepo.service

└─3187 /home/vulsuser/vulsrepo/server/vulsrepo-server

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/lz-string/lz-string.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.collapser.js/jquery.collapser.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/clipboard.js/clipboard.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/jquery.balloon/jquery.balloon.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_param.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/Chart.js/Chart.min.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo_common.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /dist/js/vulsrepo.js

Sep 21 21:58:46 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:45 main.go:202: /plugins/bootstrap-drawer/js/drawer.min.js

Sep 21 21:58:49 chefserver vulsrepo-server[3187]: 2020/09/21 21:58:49 main.go:202: /dist/img/loading.gif

$ sudo systemctl enable vulsrepo

15.VulsRepo登录认证

$ cd /home/vulsuser/vulsrepo/server

$ ./vulsrepo-server -m

$ vi vulsrepo-config.toml

修改为以下内容

[Auth]

authFilePath = "/home/vulsuser/.htdigest"

realm = "vulsrepo_local"

$ sudo systemctl restart vulsrepo.service

$ cd $HOME

创建远程扫描公钥

$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/vulsuser/.ssh/id_rsa):

Created directory '/home/vulsuser/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/vulsuser/.ssh/id_rsa.

Your public key has been saved in /home/vulsuser/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:pGvbMmXfgjywJAzWeVUmcDaPnSE8CED7/HnxMkv4uYg vulsuser@chefserver

The key's randomart image is:

+---[RSA 2048]----+

| .o....+*.+ |

| . .o+O o |

| .. . .o.+ |

| ooo .o |

| . oo.. S |

| o.o+oo |

| o**=o.. |

| o+B+=o . |

| E oo*o . |

+----[SHA256]-----+

$ cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver

公钥拷贝到扫描对象服务器(localhost)

# cat /etc/ssh/key/authorized_keys.root

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDusw+uQkII1i6IHsqadIIlAzAM7K1BkihEnDoPyPy52/G11cGPE6LlQ8fO2XPvzClnq7Mc7u7nHBz/KJPCurlTgsc2dJwsrRysDGtQ5d6q691AjZ/MwyWH6rLpFKXl12/d0K/CdAfWkMJDFf4ZSM8s9JDGeBsR73Vx/JaJUt6KyDnDbAU7CkpTextCEF9NFquapdnqkgOWuLvXyPC42t34rILGqsbQ2XVTUG88fUE0mQMKAIo3lPm6OZxzCvA49CXqyqnG8cLSbqmG9+X4ZzQ8VhCh2dIBu17sMzwmj/1kOLBKq7jxdOOuuowb7q92eYnNjFK2IIsOtqGSpB+TfZA5 vulsuser@chefserver

扫描配置设置

$ cd $HOME

$ mkdir config.d

$ cd config.d

$ vi scan.toml

插入以下内容

#数据库设置

[cveDict]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/cve.sqlite3"

[ovalDict]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/oval.sqlite3"

[gost]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/gost.sqlite3"

[exploit]

type = "sqlite3"

SQLite3Path = "/home/vulsuser/go-exploitdb.sqlite3"

#一般设置

[default]

port = "22"

user = "root"

keyPath = "/home/vulsuser/.ssh/id_rsa"

scanMode = ["fast"]

ignoreCves = ["CVE-2014-6271"]

#扫描对象设置

[servers]

[servers.localhost]

host = "localhost"

port = "local"

[servers.chefserver]

host = "X.X.X.X"

测试扫描

$ vuls configtest -config=/home/vulsuser/config.d/scan.toml localhost

[Sep 21 22:11:13] INFO [localhost] Validating config...

[Sep 21 22:11:13] INFO [localhost] Detecting Server/Container OS...

[Sep 21 22:11:13] INFO [localhost] Detecting OS of servers...

[Sep 21 22:11:13] INFO [localhost] (1/1) Detected: localhost: centos 7.7.1908

[Sep 21 22:11:13] INFO [localhost] Detecting OS of containers...

[Sep 21 22:11:13] INFO [localhost] Checking Scan Modes...

[Sep 21 22:11:13] INFO [localhost] Checking dependencies...

[Sep 21 22:11:13] INFO [localhost] Dependencies ... Pass

[Sep 21 22:11:13] INFO [localhost] Checking sudo settings...

[Sep 21 22:11:13] INFO [localhost] Sudo... Pass

[Sep 21 22:11:13] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode

[Sep 21 22:11:13] INFO [localhost] Scannable servers are below...

localhost

16.vulsrepo页面查看

关联URL

中国最可靠的 Go 模块代理：https://goproxy.cn/

nvd官方网站：https://nvd.nist.gov/

go-cve-dictionary GIT：https://github.com/kotakanbe/go-cve-dictionary

RedHat cve：https://access.redhat.com/security/security-updates/#/cve

vuls GIT：https://github.com/future-architect/vuls/

17.漏洞扫描程序Vuls部署及应用(2)

13.Vuls安装

14.VulsRepo安装及设置

15.VulsRepo登录认证

16.vulsrepo页面查看

关联URL

你可能感兴趣的:(17.漏洞扫描程序Vuls部署及应用(2))