Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(rocky): fix Scan in Rocky Linux #1266

Merged
merged 8 commits into from
Jul 7, 2021
Merged

fix(rocky): fix Scan in Rocky Linux #1266

merged 8 commits into from
Jul 7, 2021

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Jul 2, 2021
edited
Loading

What did you implement:

With #1260, an attempt to support Rocky Linux has been incorporated into master. However, this implementation is inadequate and will be fixed in this PR to work properly.

Please note that Trivy does not yet support Rocky Linux.(2021/07/02)
aquasecurity/trivy#1053
https://github.com/future-architect/vuls/blob/master/contrib/trivy/parser/parser.go#L145-L169

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • This change requires a documentation update

How Has This Been Tested?

$ vuls scan
[Jul  2 16:02:03]  INFO [localhost] vuls-v0.15.11-build-20210702_160035_1179f50
[Jul  2 16:02:03]  INFO [localhost] Start scanning
[Jul  2 16:02:03]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Jul  2 16:02:03]  INFO [localhost] Validating config...
[Jul  2 16:02:03]  INFO [localhost] Detecting Server/Container OS... 
[Jul  2 16:02:03]  INFO [localhost] Detecting OS of servers... 
[Jul  2 16:02:03]  INFO [localhost] (1/1) Detected: vuls-target: rocky 8.4
[Jul  2 16:02:03]  INFO [localhost] Detecting OS of containers... 
[Jul  2 16:02:03]  INFO [localhost] Checking Scan Modes... 
[Jul  2 16:02:03]  INFO [localhost] Detecting Platforms... 
[Jul  2 16:02:04]  INFO [localhost] (1/1) vuls-target is running on other
[Jul  2 16:02:04]  INFO [vuls-target] Scanning OS pkg in fast mode


Scan Summary
================
vuls-target	rocky8.4	189 installed, 0 updatable





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

$ vuls report
[Jul  2 16:02:10]  INFO [localhost] vuls-v0.15.11-build-20210702_160035_1179f50
[Jul  2 16:02:10]  INFO [localhost] Validating config...
[Jul  2 16:02:10]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/usr/share/vuls-data/cve.sqlite3
[Jul  2 16:02:10]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/usr/share/vuls-data/oval.sqlite3
[Jul  2 16:02:10]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/usr/share/vuls-data/gost.sqlite3
[Jul  2 16:02:10]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/usr/share/vuls-data/go-exploitdb.sqlite3
[Jul  2 16:02:10]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/usr/share/vuls-data/go-msfdb.sqlite3
[Jul  2 16:02:10]  INFO [localhost] Loaded: /home/mainek00n/github/github.com/MaineK00n/vuls/results/2021-07-02T16:02:04+09:00
[Jul  2 16:02:10]  INFO [localhost] OVAL rocky 8.4 found. defs: 611
[Jul  2 16:02:10]  INFO [localhost] OVAL rocky 8.4 is fresh. lastModified: 2021-07-02T15:44:50+09:00
[Jul  2 16:02:10]  INFO [localhost] vuls-target: 7 CVEs are detected with OVAL
[Jul  2 16:02:10]  INFO [localhost] vuls-target: 26 unfixed CVEs are detected with gost
[Jul  2 16:02:10]  INFO [localhost] vuls-target: 0 CVEs are detected with CPE
[Jul  2 16:02:11]  INFO [localhost] vuls-target: 0 PoC are detected
[Jul  2 16:02:11]  INFO [localhost] vuls-target: 0 exploits are detected
vuls-target (rocky8.4)
======================
Total: 32 (Critical:2 High:9 Medium:16 Low:5 ?:0)
7/32 Fixed, 2 poc, 0 exploits, en: 0, ja: 0 alerts
189 installed

+----------------+------+--------+-----+------+---------+-------------------------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC | CERT |  FIXED  |                       NVD                       |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+
| CVE-2021-20231 |  9.8 |  AV:N  | POC |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20231 |
| CVE-2021-20232 |  9.8 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20232 |
| CVE-2021-3517  |  8.6 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3517  |
| CVE-2021-3518  |  8.6 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3518  |
| CVE-2021-3520  |  8.6 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3520  |
| CVE-2020-35448 |  7.8 |  AV:L  | POC |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-35448 |
| CVE-2021-3516  |  7.8 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3516  |
| CVE-2019-20838 |  7.5 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20838 |
| CVE-2021-27218 |  7.5 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-27218 |
| CVE-2021-33560 |  7.5 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-33560 |
| CVE-2021-3537  |  7.5 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3537  |
| CVE-2021-20271 |  6.9 |  AV:L  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20271 |
| CVE-2021-3541  |  6.9 |  AV:N  |     |      |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3541  |
| CVE-2021-3487  |  6.5 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3487  |
| CVE-2021-35938 |  6.5 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35938 |
| CVE-2021-35939 |  6.5 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35939 |
| CVE-2021-3445  |  6.4 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3445  |
| CVE-2021-35937 |  6.3 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-35937 |
| CVE-2020-13529 |  6.1 |  AV:A  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13529 |
| CVE-2021-33574 |  5.9 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-33574 |
| CVE-2021-3580  |  5.9 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3580  |
| CVE-2020-14155 |  5.3 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14155 |
| CVE-2021-28153 |  5.3 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-28153 |
| CVE-2021-20269 |  4.7 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20269 |
| CVE-2021-20284 |  4.7 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20284 |
| CVE-2021-3421  |  4.7 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3421  |
| CVE-2021-20197 |  4.2 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20197 |
| CVE-2021-22876 |  3.7 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22876 |
| CVE-2021-3200  |  3.3 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3200  |
| CVE-2021-20266 |  3.1 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20266 |
| CVE-2021-22898 |  3.1 |  AV:N  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-22898 |
| CVE-2021-27645 |  2.5 |  AV:L  |     |      | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2021-27645 |
+----------------+------+--------+-----+------+---------+-------------------------------------------------+

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Jul 2, 2021
@MaineK00n MaineK00n mentioned this pull request Jul 2, 2021
Merged
@MaineK00n MaineK00n changed the title [WIP] fix(rocky): fix Scan in Rocky Linux fix(rocky): fix Scan in Rocky Linux Jul 2, 2021
@MaineK00n MaineK00n requested a review from kotakanbe July 2, 2021 08:00
@kotakanbe kotakanbe merged commit 0bf1241 into future-architect:master Jul 7, 2021
@MaineK00n MaineK00n deleted the fix-rocky-scan branch July 7, 2021 21:03
kazuminn pushed a commit to kazuminn/vuls that referenced this pull request Jul 9, 2021
@MaineK00n @kazuminn
fix(rocky): fix Scan in Rocky Linux (future-architect#1266)
d1cb454 
* fix(rocky): fix OVAL scan in Rocky Linux

* chore: add FreeBSD13 EOL, fix future-architect#1245

* chore(rocky): add Rocky Linux EOL tests

* feat(rocky): implement with reference to CentOS

* feat(raspbian): add Raspbian to Server mode

* feat(rocky): support gost scan

* fix(rocky): rocky support lessThan

* chore: update doc and comment
kazuminn added a commit to kazuminn/vuls that referenced this pull request Jul 9, 2021
@kazuminn
fix pointed out and like future-architect#1266
12bff42
kazuminn added a commit to kazuminn/vuls that referenced this pull request Jul 10, 2021
@kazuminn
fix : like future-architect#1266 and error Failed to parse CentOS
974a672
kotakanbe pushed a commit that referenced this pull request Aug 1, 2021
@kazuminn
feat(os) : support Alma Linux (#1261)
ff83cad 
* support Alma Linux

* fix miss

* feat(os) : support Rocky linux  (#1260)

* support rocky linux scan

* fix miss

* lint

* fix : like #1266 and error Failed to parse CentOS

* pass make test

* fix miss

* fix pointed out with comment

* fix golangci-lint error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kotakanbe kotakanbe Awaiting requested review from kotakanbe

Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaineK00n @kotakanbe