The first step is to install the go environment
apt-get install golang-go
(it shows an error, the go version apt installation is too low, apt-get purge golang-go is installed manually after uninstalling, it must be 1.8.3 or above)
Also need to delete the go directory in the /usr/local/ directory rm -rf go
wget https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.10.1.linux-amd64.tar.gz
mkdir $HOME/go //Set the working directory
vi /etc/profile.d/goenv.sh
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
source /etc/profile.d/goenv.sh //The environment variable is set to the current shell
The second step is to deploy go-cve-dictionary, CVE sample library
sudo mkdir /var/log/vuls //Create a directory to set permissions, if it is root, you can not set
sudo chown root /var/log/vuls
sudo chmod 700 /var/log /vuls
//sudo chmod 777 -R xxx (change folder and subfolder permissions to 777)
//sudo chmod 600 ××× (only owner has read and write permissions)
//sudo chmod 644 ××× (owner has read and write permissions, group users only have read permissions)
//sudo chmod 700 ××× (only owner has read and write and execute permissions)
//sudo chmod 666 ××× (everyone has have read and write permissions)
//sudo chmod 777 ××× (everyone has read and write and execute permissions
mkdir -p $GOPATH/src/github.com/kotakanbe //recursively create directories
cd $GOPATH/src /github.com/kotakanbe
git clone https://github.com/kotakanbe/go-cve-dictionary.git
cd go-cve-dictionary
make install
The third step is to obtain vulnerability data and
deploy go-cve-dictionary
cd $HOME
for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done
//bash loop from Data starting in 2002
//After the download is complete, there will be a database
ls -alh cve.sqlite3 //View database capacity
部署 goval-dictionary
mkdir -p $ GOPATH / src / github.com / kotakanbe
cd $ GOPATH / src / github.com / kotakanbe
git clone https://github.com/kotakanbe/goval-dictionary.git
cd goval-dictionary
make install
//Then, since the server to be scanned is Ubuntu, the data binary file to get ubuntu is generated in the $GOPATH/bin directory
cd $HOME
goval-dictionary fetch-ubuntu 12 14 16 //Get all version data
The fourth step is to deploy Vuls
mkdir -p $GOPATH/src/github.com/future-architect
cd $GOPATH/src/github.com/future-architect
git clone https://github.com/future-architect/vuls.git
cd vuls
make install // reported the error GNUmakefile:42: recipe for target 'lint' failed
Manually clone the repository to fix this
mkdir -p $GOPATH/src/golang.org/x \
&& git clone https://github .com/golang/lint.git $GOPATH/src/golang.org/x/lint \
&& go get -u golang.org/x/lint/golint
The above is the installation process
1. Start the local scan mode
configuration below
cd $HOME
touch config.toml
cat config.toml
[servers]
[servers.localhost]
host = "localhost"
port = "local"
vuls configtest //Check configuration before scanning
Start scanning
vuls scan
View a one-line summary
vuls report -format-one-line-text
View a brief summary
vuls report -format-short-text
View a full report
vuls report -format-full-text | less
Vuls has a terminal-based user interface to display scan results
vuls tui / / View the report
scan results are saved in the results directory
2. Create a secret key on the local host in remote scan mode
ssh-keygen -t rsa
~/.ssh/id_rsa.pub //Copy the content of the public key
#/root/.ssh/id_rsa. <== private key
#/root/.ssh /id_rsa.pub
Enter the remote host
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
vi ~/.ssh/authorized_keys //Copy the public key and
set SSH in it, To enable the key login function
, edit the /etc/ssh/sshd_config file and set the following settings:
RSAAuthentication yes
PubkeyAuthentication yes
In addition, please pay attention to whether the root user can log in through SSH:
PermitRootLogin yes
Finally, restart the SSH service:
[root@host .ssh]$ service sshd restart
and then try local remote connection ssh connect ssh through private key
[email protected] -p 2228 -i ~/.ssh/id_rsa
After the connection is successful, enter exit to exit ssh
cd $HOME
to modify the configuration config.toml
Change the object to the target remote host
[servers]
[servers.centos]
host = "120.203.13.112"
port = "2228"
user = "root"
keyPath = "/root/.ssh/id_rsa"
vuls configtest centos //Check server configuration
vuls scan centos //Start scanning
vuls tui //View report
The scan results are saved in the results directory
Use the WEB interface to view the report
VulsRepo
vuls report -format-json //Create a json report
cd $HOME
git clone https://github.com/usiusi360/vulsrepo.git //Install
cd $HOME/vulsrepo/server
cp vulsrepo-config .toml.sample vulsrepo-config.toml //Copy the configuration file
configuration
vi vulsrepo-config.toml depends
on its own directory
[Server]
rootPath = "/root/vulsrepo"
resultsPath = "/root/results"
serverPort = "9998"
serverIP = "0.0.0.0"
After configuration, run
./vulsrepo-server