AWSのEC2に導入する。
利用マシン
インスタンス
$ cat /etc/system-release
Amazon Linux AMI release 2018.03
$ uname -a
Linux ip-172-16-0-57 4.14.138-89.102.amzn1.x86_64 #1 SMP Thu Aug 15 15:41:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/system-release
Amazon Linux AMI release 2018.03
https://vuls.io/docs/en/install-manually-centos.html
公式に沿って作業する
golangの導入
$ sudo yum -y install sqlite git gcc make wget
$ wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz
$ sudo tar -C /usr/local -xzf go1.13.4.linux-amd64.tar.gz
$ mkdir go
$ vi /etc/profile.d/goenv.sh
$ export GOROOT=/usr/local/go
$ export GOPATH=$HOME/go
$ export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
$ source /etc/profile.d/goenv.sh
Vulsのセットアップ
$ sudo mkdir /var/log/vuls
$ sudo chown ec2-user /var/log/vuls
$ sudo chmod 700 /var/log/vuls
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/go-cve-dictionary.git
$ cd go-cve-dictionary
$ make install
データ収集
$ cd $HOME
$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done
$ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 832M Nov 28 13:29 cve.sqlite3
$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done
$ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 1.2G Nov 28 13:51 cve.sqlite3
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionary.git
$ cd goval-dictionary
$ make install
$ ln -s $GOPATH/src/github.com/kotakanbe/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3
$ goval-dictionary fetch-amazon 2018.03
$ sudo mkdir /var/log/gost
$ sudo chown ec2-user /var/log/gost
$ sudo chmod 700 /var/log/gost
$ mkdir -p $GOPATH/src/github.com/knqyf263
$ cd $GOPATH/src/github.com/knqyf263
$ git clone https://github.com/knqyf263/gost.git
$ cd gost
$ make install
$ ln -s $GOPATH/src/github.com/knqyf263/gost/gost.sqlite3 $HOME/gost.sqlite3
$ gost fetch redhat
$ sudo mkdir /var/log/go-exploitdb
$ sudo chown ec2-user /var/log/go-exploitdb
$ sudo chmod 700 /var/log/go-exploitdb
$ mkdir -p $GOPATH/src/github.com/mozqnet
$ cd $GOPATH/src/github.com/mozqnet
$ git clone https://github.com/mozqnet/go-exploitdb.git
$ cd go-exploitdb
$ make install
$ go-exploitdb fetch exploitdb
$ ln -s $GOPATH/src/github.com/mozqnet/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3
$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install
$ cd $HOME
$ cat config.toml
[servers]
[servers.localhost]
host = "localhost"
port = "local"
$ vuls configtest
$ vuls scan
$ vuls report -format-list -lang ja
[Nov 28 16:01:40] INFO [localhost] Validating config...
[Nov 28 16:01:40] INFO [localhost] Loaded: /home/ec2-user/results/2019-11-28T15:57:36Z
[Nov 28 16:01:40] INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /home/ec2-user/cve.sqlite3
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/ec2-user/oval.sqlite3
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /home/ec2-user/gost.sqlite3
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /home/ec2-user/go-exploitdb.sqlite3
INFO[11-28|16:01:40] Opening DB. db=sqlite3
INFO[11-28|16:01:40] Migrating DB. db=sqlite3
INFO[11-28|16:01:40] Opening Database. db=sqlite3
INFO[11-28|16:01:40] Migrating DB. db=sqlite3
localhost (amazon2018.03)
=========================
Total: 22 (High:9 Medium:10 Low:3 ?:0), 22/22 Fixed, 417 installed, 26 updatable, 0 exploits, en: 0, ja: 0 alerts
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
| CVE-ID | CVSS | ATTACK | POC | CERT | FIXED | NVD |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
| CVE-2019-15902 | 9.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15902 |
| CVE-2019-5481 | 9.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5481 |
| CVE-2019-5482 | 9.8 | AV:A | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5482 |
| CVE-2019-14287 | 9.0 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14287 |
| CVE-2019-14821 | 8.8 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14821 |
| CVE-2016-3616 | 7.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2016-3616 |
| CVE-2019-14835 | 7.8 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14835 |
| CVE-2019-15538 | 7.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15538 |
| CVE-2019-9511 | 7.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9511 |
| CVE-2019-9513 | 7.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9513 |
| CVE-2018-11813 | 7.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11813 |
| CVE-2019-16056 | 7.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16056 |
| CVE-2019-6109 | 6.8 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6109 |
| CVE-2018-11212 | 6.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11212 |
| CVE-2018-11213 | 6.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11213 |
| CVE-2018-11214 | 6.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11214 |
| CVE-2018-12207 | 6.5 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-12207 |
| CVE-2018-14498 | 6.5 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14498 |
| CVE-2019-11135 | 6.5 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11135 |
| CVE-2019-6111 | 5.9 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6111 |
| CVE-2019-11139 | 5.8 | AV:L | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11139 |
| CVE-2018-20685 | 5.3 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20685 |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
リポジトリと比較して導入パッケージの脆弱性を可視化できました。