The following example should work on Fedora based Linux distributions, which include: CentOS, RedHat, Amazon Linux etc (tested on CentOS and Red Hat 7).
Vulsctl was created to ease setup. Each shell script is a wrapper around Docker commands.
$ sudo systemctl start docker
$ git clone https://github.com/vulsio/vulsctl.git $ cd vulsctl
Fetch Vulnerability Databases
This will take some time ...
Config, Scan, Report
Prepare the config.toml in the vulsctl install directory similar to the configuration below.
[servers] [servers.hostos] host = "188.8.131.52" port = "22" user = "centos" # if ssh config file exists in .ssh, path to ssh config file in docker sshConfigPath = "/root/.ssh/config" # keypath in the Vuls docker container keyPath = "/root/.ssh/id_rsa"
config exists in
.ssh, vuls refers to
/root/.ssh/config in the docker container when connecting to SSH.
However, an error occurs because the local user does not match the user in Docker.
To deal with this, specify
The scan.sh will mount $HOME/.ssh from the host operating system into the Docker container, however you will need to SSH into the target server beforehand which will add your fingerprint to $HOME/.ssh/known_hosts.
$ ssh [email protected]184.108.40.206 -i ~/.ssh/id_rsa.pem
$ ./scan.sh $ ./report.sh $ ./tui.sh
For details, see
vuls on the host
You can deploy
vuls on your host easily while using the install-host.sh script.
$ sudo bash install-host.sh
The support for RHEL and CentOS 6.x / 7.x is in pull requests.
$ ./vulsrepo.sh $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 39c8830dbeac ishidaco/vulsrepo "vulsrepo-server" 3 seconds ago Up 1 second 0.0.0.0:5111->5111/tcp focused_wu
Vulsrepo is running on http://host-ip:5111 .