Project

General

Profile

Tâche #20944

Scénario #19963: Mettre en place Vuls pour déterminer les CVE affectant les serveurs

Prise en main du logiciel

Added by Laurent Flori over 6 years ago. Updated over 6 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
06/26/2017
Due date:
% Done:

0%

Estimated time:
2.00 h
Spent time:
Remaining (hours):
0.0

Description

Faire un compte rendu d'une installation manuelle pour une mise en production interne

History

#1 Updated by Laurent Flori over 6 years ago

  • Status changed from Nouveau to En cours

#2 Updated by Laurent Flori over 6 years ago

  • Estimated time set to 2.00 h
  • Remaining (hours) set to 2.0

#3 Updated by Laurent Flori over 6 years ago

  • Description updated (diff)

Installation des paquets

Utilisation d'une debian Stretch ( golang >=1.7.1)

apt-get install sqlite git gcc golang make libc6-dev

Création d'un utilisateur système vuls
adduser --system --shell /bin/bash vuls

Création du répertoire pour les logs
mkdir /var/log/vuls
chown -R vuls: /var/log/vuls

Export des variables d'environement

cat >> /etc/profile << EOF
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
EOF

A partir d'ici tout ce fait sous l'utilisateur vuls:

su - vuls

Installation de go-cve-dictionary

mkdir -p $GOPATH/src/github.com/kotakanbe
cd $GOPATH/src/github.com/kotakanbe
git clone https://github.com/kotakanbe/go-cve-dictionary.git
cd go-cve-dictionary
make install

Récupérer la base des CVE

for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done

Installation de vuls

mkdir -p $GOPATH/src/github.com/future-architect
cd $GOPATH/src/github.com/future-architect
git clone https://github.com/future-architect/vuls.git
cd vuls
make install

Création d'un fichier de config

- Pour un scan local⚡

cd $HOME
cat > config.toml << EOF
[servers]

[servers.localhost]
host         = "localhost" 
port        = "local" 
EOF

Vérification de la configuration

root@stretch:~# vuls configtest -ssh-native-insecure option
[Jun 27 09:59:49]  INFO [localhost] Validating config...
[Jun 27 09:59:49]  INFO [localhost] Detecting Server/Container OS... 
[Jun 27 09:59:49]  INFO [localhost] Detecting OS of servers... 
[Jun 27 09:59:49]  INFO [localhost] (1/1) Detected: localhost: debian 9.0
[Jun 27 09:59:49]  INFO [localhost] Detecting OS of containers... 
[Jun 27 09:59:49]  INFO [localhost] Checking dependendies...
[Jun 27 09:59:49]  INFO [localhost] Dependencies... Pass
[Jun 27 09:59:49]  INFO [localhost] Checking sudo settings...
[Jun 27 09:59:49]  INFO [localhost] Checking... sudo apt-get update
[Jun 27 09:59:51]  INFO [localhost] Sudo... Pass
[Jun 27 09:59:51]  INFO [localhost] Scannable servers are below...
localhost 

- Pour un scan distant⚡

Note: le fichier de clef est celui de la clef privée qui correspond à la clef publique sur le serveur

[servers]

[servers.192-168-0-26]
user         = "root" 
host         = "192.168.0.26" 
port         = "22" 
keyPath     = "/home/vuls/id_rsa_one" 

Procédure d'upgrade

Pour la base des CVE⚡

for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done

Pour go-cve-dictionary⚡

cd $GOPATH/src/github.com/kotakanbe/go-cve-dictionary
git pull
rm -r vendor
make install

Pour vuls⚡

cd $GOPATH/src/github.com/future-architect/vuls
git pull
rm -r vendor
make install
<pre>

#4 Updated by Laurent Flori over 6 years ago

  • Remaining (hours) changed from 2.0 to 0.5

#5 Updated by Scrum Master over 6 years ago

  • Status changed from En cours to Résolu

#6 Updated by Scrum Master over 6 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.5 to 0.0

Also available in: Atom PDF