+4 votes
38 views
Linux Vulnerability Analysis | vuls

in Linux/Unix by (551k points)
reopened | 38 views

1 Answer

+5 votes
Best answer

How to do a Vulnerability Scan with Vuls

Current operating systems, as well as their components (services, processes and applications), currently suffer attacks of various types both internally and externally by categorized threats of all kinds and if we are administrators or advanced users we will have to be prepared before these attacks and learn to have a special system of protection. But for this the basic thing is to determine what vulnerabilities the team presents to work on them, TechnoWikis in this tutorial will clearly explain how to use Vuls to carry out this analysis..

 

 

what is vuls
Vuls has been developed as an open source vulnerability scanning tool that has the ability to detect vulnerabilities in operating systems and applications in a local network environment using various sources of vulnerability information. Within these we find databases of public vulnerabilities, security bulletins from software providers and threat intelligence services, this is key since these databases are updated every day and thus we are on par with new vulnerabilities that appear.

 

Vuls is compatible with multiple operating systems and applications, and makes use of various types of scanning for vulnerability detection tasks, this ranges from port scans, verification of software versions to the detection of vulnerabilities in files and configurations which can being hidden as something normal worse trigger a series of problems in the system.

 

Vuls Characteristics
Among the main features of Vuls we find:

 

  • Integration with popular vulnerability management systems such as JIRA and GitHub in order to automate the management of vulnerabilities that are detected.
  • Automatic system and application scanning function.
  • Create detailed reports about the vulnerabilities detected, this report has analysis of the severity of the vulnerability, as well as a series of recommendations to correct them.
  • Support for multiple operating systems and applications.
  • Compatible with Apache, MySQL and more.
  • Scan in offline mode without Internet access.
  • It allows scanning without root privileges and without dependencies.
  • You can detect processes that are affected by update processes using yum-ps.
  • Local scan mode.
  • Does not require SSH.
  • It is possible to start Vuls in server mode and have it listen as an HTTP server.
  • Scan results can be created in JSON format.
  • We can do analysis of middleware, programming language libraries and frames to detect vulnerabilities.
  • Support software registered with CPE.

 

 

Let's see how to use this powerful tool to keep our systems functional..

 

 

To stay up to date, remember to subscribe to our YouTube channel!
SUBSCRIBE ON YOUTUBE

 

How to do a Vulnerability Scan with Vuls

 

Step 1

We open the terminal and we are going to install the dependencies, we create the directory for the data:
 sudo mkdir /usr/share/vuls-data 
image

 

Step 2

We assign user access:
 sudo chown -R (user) /usr/share/vuls-data 
image

 

Step 3

We update the system:
 sudo apt update 
image

 

 

Step 4

After this we install the necessary utilities so that everything works optimally:
 sudo apt install sqlite git debian-goodies gcc make wget 
image

 

step 5

We confirm the operation by entering the letter S:

 

image

 

step 6

We hope this process will come to an end:

 

image
step 7

 

sqlite is a database system with which the vulnerability information will be stored, debian-goodies integrates the checkrestart utility which offers information about the packages that can and should be restarted in part of the process.

 

Now we are going to install Go, this is an efficient programming language thanks to which it will be possible to manage large and complex applications in a simple way, its structure is simple and allows you to create high-performance applications, some of its features are..

 

  • Makes effective use of various CPU cores and has native support for concurrency
  • Your variables must be declared with a specific data type
  • It has support for cross-compiling
  • Integrates a garbage collector that allows memory management

 

step 8

For its installation we execute:
 sudo snap install go –classic 
image

 

step 9

We hope it reaches the end:

 

image

 

step 10

For optimal operation, Go needs to have environment variables where GOPATH and PATH will be configured, GOPATH specifies the working directory for Go and PATH, it is where the directories where the programs will go are stored, these environment variables must be configured each time that the user logs in, but to avoid this and automate the action we are going to create a new executable file called go-env.sh in /etc/profile.d, for this we enter:
 sudo nano /etc/profile.d/go-env.sh 
image

 

step 11

We enter the following. The "export" command sets the environment variable to the specified value.
 export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin:/snap/bin 
image

 

 

step 12

We save the changes using the following key combination:

 

Ctrl + O

 

We exit the editor using:

 

Ctrl + X

 

 

step 13

We assign execution permissions:
 sudo chmod +x /etc/profile.d/go-env.sh 
image

 

step 14

To avoid the login we execute the following:
 source /etc/profile.d/go-env.sh 
image

 

step 15

As we mentioned, the vulnerabilities are hosted in various libraries where Vuls will go to update itself and allow the system to be in optimal conditions, go-cve-dictionary, a Go package, provides us with access to the National Vulnerability Database or NVD ( National Vulnerability Database), NVD is the US government's repository for publicly available cybersecurity vulnerabilities.

 

There we find vulnerability identifications (CVE, vulnerabilities), summaries and analysis of the impact of these vulnerabilities on the machine and it is in a readable format, Go will store the packages in $GOPATH/src/, we install the Go-cve-dictionary, For this we create the directory:

 sudo mkdir -p $GOPATH/src/github.com/vulsio 
image

 

step 16

We access the folder:
 cd $GOPATH/src/github.com/vulsio 
step 17

We clone the dictionary from the repositories:
 sudo git clone https://github.com/vulsio/go-cve-dictionary.git 
image

 

step 18

We access the directory:
 cd go cve dictionary 
step 19

We compile the files:
 sudo make install 
image

 

step 20

We wait for this process to finish:

 

image

 

step 21

You can copy the files to the base system:
 sudo cp $GOPATH/bin/go-cve-dictionary /usr/local/bin 
step 22

go-cve-dictionary requires access to a log output directory, so we create it:
 sudo mkdir /var/log/vuls 
image

 

Step 23

We assign the permissions:
 sudo chmod 700 /var/log/vuls 
image

 

step 24

Allow user access:
 sudo chown -R (user) /var/log/vuls 
image

 

step 25

We run the vulnerability scan from NVD:
 go-cve-dictionary fetchnvd --dbpath /usr/share/vuls-data/cve.sqlite3 
image

 

Step 26

The analysis process will start:

 

image

 

Step 27

We will see specific details of each vulnerability:

 

image

 

Step 28

The go-cve-dictionary options are:

 

  • jvn: get the JVN vulnerability dictionary
  • nvd: Retrieves the NVD vulnerability dictionary
  • --config string: configure the string configuration file
  • --dbpath string: is the SQL connection string
  • --debug: indicates debugging mode (default: false)
  • --debug-sql: is SQL debugging mode
  • --log-json: create a JSON log output
  • --log-to-file: create a log of output to file

 

 

Step 29

Another vulnerability dictionary is Goval, this is a Go package with which you have access to the OVAL database for Ubuntu, OVAL (Open Vulnerability and Assessment Language), is an open language to express checks in order to determine if there are software vulnerabilities in the system, it will use the NVD database as its source of information for vulnerabilities.
We are going to install the Goval dictionary, for this we go to the route:
 cd $GOPATH/src/github.com/vulsio 
step 30

We clone the directory:
 sudo git clone https://github.com/vulsio/goval-dictionary.git 
image

 

step 31

We access the directory:
 cd goval dictionary 
step 32

We install the plugins:
 sudo make install 
image

 

 

Step 33

We ran an analysis for some of the available distributions:

 sudo goval-dictionary fetch-ubuntu --dbpath=/usr/share/vuls-data/oval.sqlite3 22 
image

 

Step 34

With the fetch parameter we can add systems like:

 

  • Red Hat, CentOS, Alma Linux, Rocky Linux
  • ubuntu
  • Debian
  • Oracle
  • suse
  • Alpine

 

step 35

In the final part we enter the number of the version to analyze. It is time to install Vuls, we install Vuls from the repositories, first of all, we create the directory:
 sudo mkdir -p $GOPATH/src/github.com/future-architect 
image

 

Step 36

Access the directory:
 cd $GOPATH/src/github.com/future-architect 
Step 37

Try to download the repository from the official site:
 sudo git clone https://github.com/future-architect/vuls.git 
image

 

Step 38

There we must have an account created, but with the latest versions we will see the following:

 

image

 

Step 39

We see that there is no support for this type of authentication, in this case we access as root using "sudo -i", then we execute:
 bash <( curl -s https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh ) 
image

 

step 40

We validate the binaries:
 ls /usr/local/bin/ 
image

 

Step 41

We create a new directory and create the configuration file:
 mkdir -p /usr/share/vuls-data touch /usr/share/vuls-data/config.toml 
image

 

step 42

We edit the file:
 nano /usr/share/vuls-data/config.toml 
Step 43

We enter the values:
 [cveDict] type = "sqlite3" SQLite3Path = "/usr/share/vuls-data/cve.sqlite3" [ovalDict] type = "sqlite3" SQLite3Path = "/usr/share/vuls-data/oval.sqlite3" [gost ] type = "sqlite3" SQLite3Path = "/usr/share/vuls-data/gost.sqlite3" [metasploit] type = "sqlite3" SQLite3Path = "/usr/share/vuls-data/go-msfdb.sqlite3" [servers ] [servers.localhost] host = "localhost" port = "local" scanMode = [ "fast" ] #scanMode = ["fast", "fast-root", "deep", "offline"] 
image

 

Step 44

We see each recorded data:

 

image

 

step 45

4 vuls databases will be defined using the SQLite3 format which are:

 

  • CVE (Common Vulnerabilities and Exposures)
  • OVAL (Open Language of Assessment and Vulnerability)
  • Gost – This uses the security scanner from Linux distributions like Redhat, Debian, Ubuntu, and Microsoft Windows.
  • CVE of the Metasploit-Framework modules

 

Step 46

We save the changes using the following key combination:

 

Ctrl + O

 

We exit the editor using:

 

Ctrl + X

 

Step 47

We access the directory:
 cd /usr/share/vuls-data/ 
Step 48

Run the configuration test:
 vuls config test 
image

 

Step 49

We create a configuration file:
 vuls discover 127.0.0.1/32 
image

 

step 50

We run a general scan:
 vuls scan 
image

 

step 51

For a scan on a specific computer run:
 vuls scan localhost 
image

 

step 52

There we see details such as the type of system, number of packages installed and threats detected.
To see the data graphically (applies when vulnerabilities are detected) execute:
 vuls tui 
image

 

step 53

To review the history we execute:
 vuls history 
image

 

Vuls is an integral utility to check our system, or other equipment, and thus be sure that they do not have any threat that puts their integrity at risk.

 


by (3.5m points)
edited

Related questions

+3 votes
1 answer
asked Nov 7, 2019 in Linux / Unix by backtothefuture (551k points) | 257 views
+5 votes
1 answer
asked Oct 19, 2023 in Linux/Unix by backtothefuture (551k points) | 28 views
+5 votes
1 answer
asked Oct 13, 2023 in Linux/Unix by backtothefuture (551k points) | 29 views
+4 votes
1 answer
asked Oct 12, 2023 in Linux/Unix by backtothefuture (551k points) | 25 views
+4 votes
1 answer
asked Oct 7, 2023 in Linux/Unix by backtothefuture (551k points) | 35 views
Sponsored articles cost $40 per post. You can contact us via Feedback
10,632 questions
10,764 answers
510 comments
3 users