configtest
$ vuls configtest --help
configtest:
configtest
[-config=/path/to/config.toml]
[-log-dir=/path/to/log]
[-timeout=300]
[-debug]
[SERVER]...
-config string
/path/to/toml (default "/Users/kotakanbe/go/src/github.com/future-architect/vuls/config.toml")
-debug
debug mode
-http-proxy string
http://proxy-url:port (default: empty)
-log-dir string
/path/to/log (default "/var/log/vuls")
-timeout int
Timeout(Sec) (default 300)
configtestサブコマンドは、config.tomlで定義されたサーバ/コンテナに対してSSH可能かどうかをチェックする。
Dependencies
fast scan mode
Distribution | Release | Requirements |
---|---|---|
Alpine | 3.2 and later | - |
Ubuntu | 14, 16, 18, 20, 21, 22 | - |
Debian | 7, 8, 9, 10, 11 | (reboot-notifier) |
CentOS | 6, 7, 8, stream8, stream9 | - |
AlmaLinux | 8, 9 | - |
Rocky Linux | 8, 9 | - |
Amazon | All | - |
RHEL | 5, 6, 7, 8, 9 | - |
Fedora | 32, 33, 34, 35 | - |
Oracle Linux | 5, 6, 7 | - |
openSUSE | tumbleweed | - |
openSUSE Leap | 15.2, 15.3 | - |
SUSE Enterprise | 11, 12, 15 | - |
FreeBSD | 10, 11 | - |
Raspbian | Jessie, Stretch, Buster | - |
fast-root scan mode
fast-root
のとき、configtestサブコマンドはスキャン対象のサーバにパッケージがインストールされていることと、/etc/sudoers
を確認します。
Distribution | Release | Requirements |
---|---|---|
Alpine | 3.2 and later | - |
Ubuntu | 14, 16, 18, 20, 21, 22 | debian-goodies |
Debian | 8, 9, 10, 11 | debian-goodies, reboot-notifier |
CentOS | 6, 7, 8, stream8, stream9 | - |
AlmaLinux | 8, 9 | - |
Rocky Linux | 8, 9 | - |
Amazon | All | - |
RHEL | 6, 7 | - |
RHEL | 8, 9 | lsof |
Fedora | 32, 33, 34, 35 | - |
Oracle Linux | 5, 6, 7 | - |
openSUSE | tumbleweed | - |
openSUSE Leap | 15.2, 15.3 | - |
SUSE Enterprise | 11, 12, 15 | - |
FreeBSD | 10, 11 | - |
Raspbian | Jessie, Stretch, Buster | debian-goodies |
deep scan mode
fast-root
モードと同じです。
/etc/sudoers on Target Servers
configtestサブコマンドは、スキャン対象サーバのsudo設定を確認して、VulsがSSH越しにnopasswordでSUDOできるかも確認します。
if you got the below error, requiretty
should be defined in /etc/sudoers.
stderr: sudo: sorry, you must have a tty to run sudo
Defaults:vuls !requiretty
/etc/sudoers
Distribution | fast | fast-root | deep |
---|---|---|---|
Ubuntu 14, 16, 18, 20, 21, 22 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n | fast-root と同じ |
Debian 8, 9, 10, 11 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n | fast-root と同じ |
CentOS 6, 7, 8, stream8, stream9 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | fast-root と同じ |
AlmaLinux 8, 9 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | fast-root と同じ |
Rocky Linux 8 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | fast-root と同じ |
Amazon Linux | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | fast-root と同じ |
Amazon Linux 2 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | fast-root と同じ |
Amazon Linux 2022 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | same as fast-root |
Amazon Linux 2023 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/sbin/lsof -i -P -n | same as fast-root |
RHEL 6, 7, 8, 9 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyes, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -n | same as fast-root |
Oracle Linux 6, 7 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/stat, /usr/bin/needs-restarting, /usr/bin/which, /usr/bin/repoquery, /usr/bin/yum makecache --assumeyes | same as fast-root |
SUSE Enterprise 11, 12, 15 | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/which, /usr/bin/zypper ps, /usr/bin/which, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n, /usr/sbin/lsof -i -P -n | same as fast-root |
FreeBSD 10 | - | - | - |
Raspbian | - | vuls ALL=(ALL) NOPASSWD:SETENV: /usr/bin/apt-get update, /usr/bin/stat *, /usr/sbin/checkrestart, /bin/ls -l /proc/*/exe, /bin/cat /proc/*/maps, /usr/bin/lsof -i -P -n | same as fast-root |
If your server is behind a proxy, also add the following.
Defaults:vuls env_keep="http_proxy https_proxy HTTP_PROXY HTTPS_PROXY"