dshimizu/blog

アルファ版

Ubuntu 16.04にVuls環境構築

Tech Vuls

VulsをUbuntu16.04LTSにインストールしてみたのでその時の構築手順をメモとして記載しておきます。

構築手順

環境

パッケージインストール

必要なパッケージをインストールします。 たぶんminimal環境でも以下あたりを入れていれば大丈夫と思いますが、不足があれば都度追加します。

$ sudo apt install ca-certificates git openssh-server sqlite build-essential wget curl

ユーザ作成

vulsの環境構築、実行のためのユーザを作成します。 ここでは uid/gid が 20001 の vuls ユーザ/グループを作成します。sudoを実行できるように sudo グループに所属させます。

$ sudo groupadd -g 20001 vuls
$ sudo useradd -u 20001 -g vuls -G sudo -d /home/vuls -m vuls -s /bin/bash

$ sudo vim /etc/sudoers.d/vuls
vuls ALL=NOPASSWD: ALL

以降の作業を vuls ユーザで行います。

$ sudo su - vuls

ssh鍵設定

$ pwd
/home/vuls

$ mkdir .ssh
$ chmod 700 .ssh

$ ssh-keygen -t rsa -b 4096 -C "foo@example.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vuls/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vuls/.ssh/id_rsa.
Your public key has been saved in /home/vuls/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Uca9EsmtA5Om5ThjJMb23CzI99//tOjbMU7cVtv0CKo foo@example.com
The key's randomart image is:
+---[RSA 4096]----+
|   .     +o+     |
|    = . *o= o    |
|   + * O.o o .   |
|    o @ +.+ .    |
|     o =S  o.   o|
|        .  . ..o*|
|         ...  .**|
|         .. . =o+|
|        E   .=o=.|
+----[SHA256]-----+

$ cat ~/.ssh/id_rsa.pub >> .ssh/authorized_keys

$ chmod 600 ~/.ssh/authorized_keys

goのインストール

$ wget https://storage.googleapis.com/golang/go1.8.2.linux-amd64.tar.gz

$ sudo tar -C /usr/local -xzf go1.8.2.linux-amd64.tar.gz

$ vim .bashrc
### 以下を追記
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

$ mkdir ~/go

$ which go
/usr/local/go/bin/go

$ go version
go version go1.8.2 linux/amd64

ログ用のディレクトリ作成

$ sudo mkdir /var/log/vuls
$ sudo chown vuls:vuls /var/log/vuls
$ sudo chmod 700 /var/log/vuls

go-cve-dictionaryのインストール

go-cve-dictionaryというツールをインストールします。 これはJVNのローカルコピーを構築するためのツールで、ローカルコピーはsqlite形式で生成されます。

まず必要なディレクトリを作成して、移動します。

$ mkdir -p $GOPATH/src/github.com/kotakanbe
$ cd $GOPATH/src/github.com/kotakanbe

GitHubからgo-cve-dictionaryをCloneして、そのディレクトリへ移動します。

$ git clone https://github.com/kotakanbe/go-cve-dictionary.git

$ cd go-cve-dictionary

ビルドします。

$ make install

ホームディレクトリへ戻ります。

$ cd

$ for i in {2002..2017}; do go-cve-dictionary fetchnvd -years $i; done
 0 / 1 [---------------------------------------------------------------]   0.00%
[Dec 16 11:21:04]  INFO Fetching... https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2002.xml.gz
 1 / 1 [============================================================] 100.00% 8s
[Dec 16 11:21:12]  INFO Fetched 6745 CVEs
[Dec 16 11:21:12]  INFO Inserting NVD into DB (sqlite3).
[Dec 16 11:21:12]  INFO Inserting CVEs...
 6745 / 6745 [======================================================] 100.00% 4s
[Dec 16 11:21:17]  INFO Refreshed 2 Nvds.
 0 / 1 [---------------------------------------------------------------]   0.00%
[Dec 16 11:21:17]  INFO Fetching... https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2003.xml.gz
 1 / 1 [============================================================] 100.00% 2s
:
:
:
[Dec 16 11:27:18]  INFO Fetching... https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
 1 / 1 [================================================================================================================================================================================] 100.00% 13s
[Dec 16 11:27:31]  INFO Fetched 9174 CVEs
[Dec 16 11:27:31]  INFO Inserting NVD into DB (sqlite3).
[Dec 16 11:27:31]  INFO Inserting CVEs...
 9174 / 9174 [==========================================================================================================================================================================] 100.00% 15s
[Jan 11 11:27:47]  INFO Refreshed 693 Nvds.
 0 / 1 [------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------]   0.00%[Jan 11 11:27:47]  INFO Fetching... https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2017.xml.gz
 1 / 1 [================================================================================================================================================================================] 100.00% 21s
[Dec 16 11:28:08]  INFO Fetched 11434 CVEs
[Dec 16 11:28:08]  INFO Inserting NVD into DB (sqlite3).
[Dec 16 11:28:08]  INFO Inserting CVEs...
 11434 / 11434 [======================================================================================================================================================================] 100.00% 1m38s
[Dec 16 11:29:47]  INFO Refreshed 1250 Nvds.

goval-dictionaryのインストール

OVALのローカルコピーを構築するためのツールです。これもgo-cve-dictionaryと同様にローカルコピーはsqlite形式で生成されます。

GitHubからgoval-dictionaryをCloneして、そのディレクトリへ移動します。

$ cd $GOPATH/src/github.com/kotakanbe
$ git clone https://github.com/kotakanbe/goval-dictionary.git

$ cd goval-dictionary

$ make install

$ cd

$ goval-dictionary fetch-ubuntu 14 16

[Dec 16 11:44:22]  INFO Fetching... https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.xenial.cve.oval.xml

[Dec 16 11:44:22]  INFO Fetching... https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.trusty.cve.oval.xml
com.ubuntu.xenial.cve.oval.xml: 32.43 MiB / 32.43 MiB [=====================================================================================================================================] 100.00%
com.ubuntu.trusty.cve.oval.xml: 42.16 MiB / 42.16 MiB [=====================================================================================================================================] 100.00%
[Dec 16 12:13:07]  INFO Finished to fetch OVAL definitions.
[Dec 16 12:13:09]  INFO Fetched: https://people.canonical.com/~ubuntu-security/o
val/com.ubuntu.xenial.cve.oval.xml
[Dec 16 12:13:09]  INFO   10369 OVAL definitions
[Dec 16 12:13:09]  INFO   Refreshing ubuntu 16...
[Dec 16 12:13:27]  INFO Fetched: https://people.canonical.com/~ubuntu-security/o
val/com.ubuntu.trusty.cve.oval.xml
[Dec 16 12:13:27]  INFO   13362 OVAL definitions
[Dec 16 12:13:27]  INFO   Refreshing ubuntu 14...

vulsのインストール

vulsをインストールします。

まず必要なディレクトリを作成して、移動します。

$ mkdir -p $GOPATH/src/github.com/future-architect
$ cd $GOPATH/src/github.com/future-architect

GitHubからvulsをCloneして、そのディレクトリへ移動します。

$ git clone https://github.com/future-architect/vuls.git
$ cd vuls

ビルドします。

$ make install

ホームディレクトリへ移動します。

$ cd

コンフィグファイル作成

$ vim config.toml
### 以下を追加
[default]
port = "22"
user = "vuls"

[servers.localhost]
host = "localhost"
port = "local"
keyPath = "/home/vuls/.ssh/id_rsa"

$ vuls configtest
[Dec 17 11:29:06]  INFO [localhost] Validating config...
[Dec 17 11:29:06]  INFO [localhost] Detecting Server/Container OS...
[Dec 17 11:29:06]  INFO [localhost] Detecting OS of servers...
[Dec 17 11:29:06]  INFO [localhost] (1/1) Detected: localhost: ubuntu 16.04
[Dec 17 11:29:06]  INFO [localhost] Detecting OS of containers...
[Dec 17 11:29:06]  INFO [localhost] Checking dependencies...
[Dec 17 11:29:06]  INFO [localhost] Dependencies... No need
[Dec 17 11:29:06]  INFO [localhost] Checking sudo settings...
[Dec 17 11:29:06]  INFO [localhost] sudo ... No need
[Dec 17 11:29:06]  INFO [localhost] Scannable servers are below...
localhost

スキャン実行

$ vuls scan
[Dec 17 11:29:55]  INFO [localhost] Start scanning
[Dec 17 11:29:55]  INFO [localhost] config: /home/vuls/config.toml
[Dec 17 11:29:55]  INFO [localhost] Validating config...
[Dec 17 11:29:55]  INFO [localhost] Detecting Server/Container OS...
[Dec 17 11:29:55]  INFO [localhost] Detecting OS of servers...
[Dec 17 11:29:55]  INFO [localhost] (1/1) Detected: localhost: ubuntu 16.04
[Dec 17 11:29:55]  INFO [localhost] Detecting OS of containers...
[Dec 17 11:29:55]  INFO [localhost] Detecting Platforms...
[Dec 17 11:30:06]  INFO [localhost] (1/1) localhost is running on other
[Dec 17 11:30:06]  INFO [localhost] Scanning vulnerabilities...
[Dec 17 11:30:06]  INFO [localhost] Scanning vulnerable OS packages...


One Line Summary
================
localhost       ubuntu16.04     50 updatable packages

レポート作成

$ vuls report -lang=ja -format-one-line-text -cvedb-path=$PWD/cve.sqlite3 -ovaldb-path=$PWD/oval.sqlite3
[Dec 17 11:31:43]  INFO [localhost] Validating config...
[Dec 17 11:31:43]  INFO [localhost] cve-dictionary: /home/vuls/cve.sqlite3
[Dec 17 11:31:43]  INFO [localhost] Loaded: /home/vuls/results/2017-11-31T11:30:06+09:00
[Dec 17 11:31:43]  INFO [localhost] Fill CVE detailed information with OVAL
[Dec 17 11:31:43]  INFO [localhost] OVAL is fresh: ubuntu 16.04
[Dec 17 11:31:45]  INFO [localhost] Fill CVE detailed information with CVE-DB


One Line Summary
================
localhost       Total: 249 (High:62 Medium:153 Low:33 ?:1)      50 updatable packages

$ vuls report -lang=ja -format-short-text |less
localhost (ubuntu16.04)
=======================
Total: 249 (High:62 Medium:153 Low:33 ?:1)      50 updatable packages

CVE-2017-13815          10.0 HIGH (nvd)
                        An issue was discovered in certain Apple products. macOS before 10.13.1 is
                        affected. The issue involves the third-party "file" product. Versions before
                        5.31 allow remote attackers to cause a denial of service (application crash) or
                        possibly have unspecified other impact.
                        ---
                        https://nvd.nist.gov/vuln/detail/CVE-2017-13815
                        http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13815 (Ubuntu-CVE)
                        10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (nvd)
                        https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-13815
                        Confidence: 100 / OvalMatch

CVE-2017-13846          10.0 HIGH (nvd)
                        An issue was discovered in certain Apple products. macOS before 10.13.1 is
                        affected. The issue involves the third-party "PCRE" product. Versions before
                        8.40 allow remote attackers to cause a denial of service (application crash) or
                        possibly have unspecified other impact.
                        ---
                        https://nvd.nist.gov/vuln/detail/CVE-2017-13846
                        http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13846 (Ubuntu-CVE)
                        10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C (nvd)
                        https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2017-13846
                        Confidence: 100 / OvalMatch
:
:

$ vuls tui

localhost (ubuntu16.04)                 x[  1] CVE-2017-13815   | 10.0 | 100 | A
                                        x[  2] CVE-2017-13846   | 10.0 | 100 | A
                                        x[  3] CVE-2017-16995   |  8.9 | 100 | T
                                        x[  4] CVE-2017-16996   |  8.9 | 100 | k
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
CVE-2017-13815                          xfile-1:5.25-2ubuntu1 ->
==============                          x------------------------
                                        x
CVSS Scores                             x
--------------                          x
HIGH 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C nvdx
                                        x
                                        x
Summary                                 x
--------------                          x
 An issue was discovered in certain Applx
e products. macOS before 10.13.1 is affex
cted. The issue involves the third-partyx
 "file" product. Versions before 5.31 alx
low remote attackers to cause a denial ox
f service (application crash) or possiblx
y have unspecified other impact. (nvd)  x
                                        x

まとめ

Ubuntu16.04でのVulsの構築手順を書きました。 セキュリティの対応はどれだけ迅速アップデートを適用できるかが重要と思うので、それを検知できるこういったツールはとてもうれしいです。

参考

dshimizu 読者になる

広告を非表示にする
コメントを書く