Fast-Root Scan
| Distribution | スキャン速度 | root権限 | OVAL | インターネットアクセス |
|---|---|---|---|---|
| Alpine | 速い | 不要 | 対応 | 必要 |
| CentOS | 速い | 必要 | 対応 | 必要 |
| AlmaLinux | 速い | 必要 | 対応 | 必要 |
| Rocky Linux | 速い | 必要 | 対応 | 必要 |
| RHEL | 速い | 必要 | 対応 | 必要 |
| Fedora | 速い | 必要 | 対応 | 必要 |
| Oracle | Fast | Need | Supported | 必要 |
| Ubuntu | Fast | Need | Supported | 必要 |
| Debian | Fast | Need | Supported | 必要 |
| Raspbian | 1st time: Slow, From 2nd time: Fast | Need | Partially Supported | 必要 |
| FreeBSD | Fast | No | No | Need |
| Amazon | Fast | Need | Supported | Need |
| openSUSE | Fast | No | Supported | Need |
| openSUSE Leap | Fast | No | Supported | Need |
| SUSE Enterprise | Fast | No | Supported | Need |
Raspbian has been modified from its previous Changelog only scan to scan using Debian OVAL and Debian Security Tracker, Changelog. The difference between Fast-Root scan and Deep scan is that the packages that use change logs are limited (because Debian OVAL and Debian Security Tracker cannot detect packages that only exist on the Raspberry Pi). In summary, the behavior of each scan mode in Raspbian is shown in the table below.
| Scan Mode | fast | fast-root | deep |
|---|---|---|---|
| v0.11 | (deep scan) | (deep scan) | changelog |
| v0.12 |
- OVAL
- Debian Security Tracker
|
- OVAL
- Debian Security Tracker
- changelog(only raspberrypi package)
|
- OVAL
- Debian Security Tracker
- changelog(all updatable package)
|
For more information, see This Pull Request (https://github.com/future-architect/vuls/pull/1019).
-offlineオプションのとき
Scan with -offline option, vuls scans with no internet access.
| Distribution | Scan Speed | Need Root Privilege | OVAL | Need Internet Access |
|---|---|---|---|---|
| Alpine | Fast | No | Supported | No |
| CentOS | Fast | Need | Supported | No |
| AlmaLinux | Fast | Need | Supported | No |
| Rocky Linux | Fast | Need | Supported | No |
| RHEL | Fast | Need | Supported | No |
| Fedora | Fast | Need | Supported | No |
| Oracle | Fast | Need | Supported | No |
| Ubuntu | Fast | Need | Supported | No |
| Debian | Fast | Need | Supported | No |
| Amazon | Fast | Need | Supported | No |
| openSUSE | Fast | No | Supported | No |
| openSUSE Leap | Fast | No | Supported | No |
| SUSE Enterprise | Fast | No | Supported | No |
Offline scan mode is not supported FreeBSD, Raspbian.
In Fast-Root Scan and Deep Scan, Raspbian scans a combination of Debian OVAL and Debian Security Tracker, Changelog, so Offline Scan mode cannot be provided completely. If you execute Offline Scan, you can get the result of Debian OVAL and Debian Security Tracker only (same result as Fast Scan).
依存関係と/etc/sudoers
For details, see
- Dependencies: usage-configtest
- /etc/sudoers: /etc/sudoers
実行時検査
パッケージをアップデートすることで影響を受けるプロセスの検知
It is possible to know processes affecting software update in advance using yum-ps on RedHat, CentOS, AlmaLinux, Rocky Linux,OracleLinux and Amazon Linux
再起動されなかったプロセスの検知
Detect processes which updated before but not restarting yet using checkrestart of debian-goodies on Debian and Ubuntu