ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Vuls and VulsRepo install on CentOS

    IT Discussion
    3
    8
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      travisdh1
      last edited by

      Configure vuls on CentOS 7

      Install the epel-release repo package for needed depenencies

       sudo yum -y install epel-release
      

      Install dependencies

       sudo yum -y install sqlite git gcc make wget yum-utils redis nano
      

      Download Go

      wget https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz
      

      Extract Go to /usr/local

      sudo tar -C /usr/local -xzf go1.10.1.linux-amd64.tar.gz
      

      Setup Go environment

      mkdir $HOME/go
      sudo nano /etc/profile.d/goenv.sh
      

      goenv.sh should contain

      export GOROOT=/usr/local/go
      export GOPATH=$HOME/go
      export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
      

      Update the current environment with the goenv.sh information

      source /etc/profile.d/goenv.sh
      

      Setup Go CVE dictionary

      sudo mkdir /var/log/vuls
      sudo chown youruser:youruser /var/log/vuls
      sudo chmod 700 /var/log/vuls
      mkdir -p $GOPATH/src/github.com/kotakanbe
      cd $GOPATH/src/github.com/kotakanbe
      git clone https://github.com/kotakanbe/go-cve-dictionary.git
      cd go-cve-dictionary
      make install
      

      Setup NVD vulnerablility data. This bit took a while on my 1cpu, 1GB ram, 100mb/sec VM. Seems to have spent most of it's time updating the database, so probably I/O bottlenecked in my case (single HDD). Also available in Japanese, see https://vuls.io/docs/en/install-manually-centos.html

      cd $HOME
      for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done
      

      Deploy the Goval Dictionary

      mkdir -p $GOPATH/src/github.com/kotakanbe
      cd $GOPATH/src/github.com/kotakanbe
      git clone https://github.com/kotakanbe/goval-dictionary.git
      

      Fetch the distribution specific goval scanners. Also officially supports Alpine and Oracle Linux, but I don't use either on my Home Lab box.

      1. CentOS/Red Hat

        goval-dictionary fetch-redhat 7

      2. Debian

        goval-dictionary fetch-debian 7 8 9 10

      3. Ubuntu

        goval-dictionary fetch-ubuntu 12 14 16 18

      4. SUSE

        goval-dictionary fetch-suse -opensuse 13.2

      Deploy vuls

      mkdir -p $GOPATH/src/github.com/future-architect
      cd $GOPATH/src/github.com/future-architect
      git clone https://github.com/future-architect/vuls.git
      cd vuls
      make install
      

      Setup and scan localhost

      cd $HOME
      nano config.toml
      

      config.toml file should be

      [servers]
      
      [servers.localhost]
      host = "localhost"
      port = "local"
      

      Check the config

      vuls configtest
      

      Run a scan

      vuls scan
      

      The scan will display a one-line report by default. If you want more detailed information, you can use 'vuls tui', or enable the web-based VulsRepo.

      VulsRepo configuration

      cd $HOME
      git clone https://github.com/usiusi360/vulsrepo.git
      

      Run a scan with a report vulsrepo can read

      vuls report -format-json
      

      Create the config file and update the PATHs, instructions say to use hardcoded path statements instead of ~ or $HOME.

      cd $HOME/vulsrepo/server
      cp vulsrepo-config.toml.sample vulsrepo-config.toml
      

      Set the paths according to your environment

      nano vulsrepo-config.toml
      
      [Server]
      rootPath = "/home/your user/vulsrepo"
      resultsPath  = "/home/your user/results"
      serverPort  = "5111"
      #serverIP = "127.0.0.1"
      #serverSSL = "yes"
      #serverCert = "cert.pem"
      #serverKey = "key.pem"
      
      #[Auth]
      #authFilePath = "/home/vuls-user/.htdigest"
      #realm = "vulsrepo_local"
      

      Update the vulsrepo.service file with the correct paths as well

      nano ./scripts/vulsrepo.service
      
      [Unit]
      Description=vulsrepo daemon
      Documentation=https://github.com/usiusi360/vulsrepo
      
      [Service]
      ExecStart = /home/your user/vulsrepo/server/vulsrepo-server
      ExecRestart = /bin/kill -WINCH ${MAINPID} ; /home/your user/vulsrepo/server/vulsrepo-server
      ExecStop = /bin/kill -WINCH ${MAINPID}
      Restart = no
      Type = simple
      User = your user
      Group = your user group (normall the same as your user)
      
      [Install]
      WantedBy = multi-user.target
      

      Copy the service file to /lib/systemd/system

      sudo cp $HOME/vulsrepo/server/scripts/vulsrepo.service /lib/systemd/system/vulsrepo.service
      

      Enable the service

      sudo systemctl enable vulsrepo
      

      Start the service

      sudo systemctl start vulsrepo
      

      Open the firewall port

      sudo firewall-cmd --permanent --add-port=5111/tcp
      sudo firewall-cmd --reload
      

      I have my instance running behind a reverse proxy that handles SSL. If you don't have a reverse proxy, GET SSL CONFIGURED NOW! vulsrepo.travisdh1.net

      Setup basic authentication, so the entier internet can't see all of your vulnerabilities!

      /home/your user/vulsrepo/server/vulsrepo-server -m
      
      Password: lots of gobblygook
      AuthFile Path	:  /home/travis/.htdigest
      realm		:  vulsrepo_local
      login user	:  vuls
      2018/06/29 16:33:17 main.go:100: Create Success
      

      Update the server settings

      nano /home/travis/vulsrepo/server/vulsrepo-config.toml
      
      [Server]
      rootPath = "/home/travis/vulsrepo"
      resultsPath  = "/home/travis/results"
      serverPort  = "5111"
      #serverIP = "127.0.0.1"
      #serverSSL = "yes"
      #serverCert = "cert.pem"
      #serverKey = "key.pem"
      
      #[Auth]
      authFilePath = "/home/travis/.htdigest"
      realm = "vulsrepo_local"
      

      Restart the service

      sudo systemctl restart vulsrepo
      

      Add a custom crontab to schedule scans. I set mine to run a scan every day a 1AM

      crontab -e
      
      0 1 * * * vuls report -format-json
      

      A few parting thoughts.

      If I were to install this again, I'd create a different user for it to run as and install it in /opt. I'd also like to see a lot better security on the web-based viewer than what's currently in place before actually deploying this. I'd also just make all the configuration changes to the config files at once rather than editing the same file 2-3 times.

      1 Reply Last reply Reply Quote 4
      • black3dynamiteB
        black3dynamite
        last edited by

        Do we need to configure any SELinux permissions?

        T 1 Reply Last reply Reply Quote 0
        • stacksofplatesS
          stacksofplates
          last edited by

          This looks not super user friendly.

          0_1530307413582_4928E669-DC4A-4551-B120-A4EF4BFB6161.png

          T 1 Reply Last reply Reply Quote 2
          • T
            travisdh1
            last edited by

            In further testing, a Fedora distribution breaks the scan. So it's functionality is questionable even in my home lab.

            1 Reply Last reply Reply Quote 0
            • T
              travisdh1 @black3dynamite
              last edited by

              @black3dynamite said in Vuls and VulsRepo install on CentOS:

              Do we need to configure any SELinux permissions?

              I didn't need to.

              1 Reply Last reply Reply Quote 0
              • T
                travisdh1 @stacksofplates
                last edited by

                @stacksofplates said in Vuls and VulsRepo install on CentOS:

                This looks not super user friendly.

                0_1530307413582_4928E669-DC4A-4551-B120-A4EF4BFB6161.png

                Better than the tui tho.

                1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates
                  last edited by

                  I was trying to understand how to read that report I posted from your site. I can't figure it out.

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    travisdh1 @stacksofplates
                    last edited by

                    @stacksofplates said in Vuls and VulsRepo install on CentOS:

                    I was trying to understand how to read that report I posted from your site. I can't figure it out.

                    I honestly haven't dug into it yet, but it also doesn't look like it's worth the time either.

                    1 Reply Last reply Reply Quote 0
                    • 1 / 1
                    • First post
                      Last post