Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages icon日本語
    • English
  • GitHub
  • vulsdoc

›Architecture

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress
  • Scan Port

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Development

  • Contribute
  • Integration Testing

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • go-kev
  • go-cti
  • Related Projects
  • Tips
Edit

Fast-Root Scan

Vuls-Scan-Flow

Distributionスキャン速度root権限OVALインターネットアクセス
Alpine速い不要対応必要
CentOS速い必要対応必要
AlmaLinux速い必要対応必要
Rocky Linux速い必要対応必要
RHEL速い必要対応必要
Fedora速い必要対応必要
OracleFastNeedSupported必要
UbuntuFastNeedSupported必要
DebianFastNeedSupported必要
Raspbian1st time: Slow, From 2nd time: FastNeedPartially Supported必要
FreeBSDFastNoNoNeed
AmazonFastNeedSupportedNeed
openSUSEFastNoSupportedNeed
openSUSE LeapFastNoSupportedNeed
SUSE EnterpriseFastNoSupportedNeed

Raspbian has been modified from its previous Changelog only scan to scan using Debian OVAL and Debian Security Tracker, Changelog. The difference between Fast-Root scan and Deep scan is that the packages that use change logs are limited (because Debian OVAL and Debian Security Tracker cannot detect packages that only exist on the Raspberry Pi). In summary, the behavior of each scan mode in Raspbian is shown in the table below.

Scan Modefastfast-rootdeep
v0.11(deep scan)(deep scan)changelog
v0.12
  • OVAL
  • Debian Security Tracker

|

  • OVAL
  • Debian Security Tracker
  • changelog(only raspberrypi package)

|

  • OVAL
  • Debian Security Tracker
  • changelog(all updatable package)

|

For more information, see This Pull Request (https://github.com/future-architect/vuls/pull/1019).

-offlineオプションのとき

Scan with -offline option, vuls scans with no internet access.

DistributionScan SpeedNeed Root PrivilegeOVALNeed Internet Access
AlpineFastNoSupportedNo
CentOSFastNeedSupportedNo
AlmaLinuxFastNeedSupportedNo
Rocky LinuxFastNeedSupportedNo
RHELFastNeedSupportedNo
FedoraFastNeedSupportedNo
OracleFastNeedSupportedNo
UbuntuFastNeedSupportedNo
DebianFastNeedSupportedNo
AmazonFastNeedSupportedNo
openSUSEFastNoSupportedNo
openSUSE LeapFastNoSupportedNo
SUSE EnterpriseFastNoSupportedNo

Offline scan mode is not supported FreeBSD, Raspbian.

In Fast-Root Scan and Deep Scan, Raspbian scans a combination of Debian OVAL and Debian Security Tracker, Changelog, so Offline Scan mode cannot be provided completely. If you execute Offline Scan, you can get the result of Debian OVAL and Debian Security Tracker only (same result as Fast Scan).

依存関係と/etc/sudoers

For details, see

  • Dependencies: usage-configtest
  • /etc/sudoers: /etc/sudoers

実行時検査

パッケージをアップデートすることで影響を受けるプロセスの検知

It is possible to know processes affecting software update in advance using yum-ps on RedHat, CentOS, AlmaLinux, Rocky Linux,OracleLinux and Amazon Linux

再起動されなかったプロセスの検知

Detect processes which updated before but not restarting yet using checkrestart of debian-goodies on Debian and Ubuntu

← Fast ScanDeep Scan →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2023 kotakanbe