背景
因为公司需要进行一些证书的认证,在阿里云上安全产品,给我们做资质认证的公司说需要使用vuls来进行扫描,不过在云上面扫过之后,使用改软件,也是会产生一些需要升级的库文件,所以可以尝试一下步骤
基础依赖包
yum -y install sqlite git gcc make wget yum-utils
go安装
wget https://dl.google.com/go/go$latest_version.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go$latest_version.linux-amd64.tar.gz
mkdir $HOME/go
vi /etc/profile.d/goenv.sh
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
source /etc/profile.d/goenv.sh
$ go env -w GOPROXY=https://goproxy.cn
CVE库部署
$ sudo mkdir /var/log/vuls
$ sudo chown <username> /var/log/vuls
$ sudo chmod 700 /var/log/vuls
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/go-cve-dictionary.git
$ cd go-cve-dictionary
$ make install
下载漏洞数据
$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetch jvn $i; done
goval-dictionary
$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionaryy.git
$ cd goval-dictionary
$ make install
$ goval-dictionary fetch-redhat 5 6 7 8
vuls
$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect
$ git clone https://github.com/future-architect/vuls.git
$ cd vuls
$ make install
配置文件
$ cd $HOME
$ touch config.toml
$ cat config.toml
[servers]
[servers.localhost]
host = "localhost"
port = "local"
# 配置文件检测
$ vuls configtest
扫描
vuls scan
$ vuls report -format-list
$ vuls tui # 可以查看解决办法
web UI 展示
$ cd $HOME
$ git clone https://github.com/ishiDACo/vulsrepo.git
$ cd $HOME/vulsrepo/server
$ cp vulsrepo-config.toml.sample vulsrepo-config.toml // 复制sample配置文件
$ vi vulsrepo-config.toml // 根据自己的环境配置
[Server]
rootPath = "/home/vuls-user/vulsrepo"
resultsPath = "/opt/vuls/results"
serverPort = "5111"
$ pwd
$HOME/vulsrepo/server
$ ./vulsrepo-server
