Setting Up Vuls for Package Vulnerability Scanning on Linux Servers
When managing Linux servers, it's crucial to ensure they're free from vulnerabilities. I recently explored various package vulnerability scanners and stumbled upon Vuls, an open-source tool that impressed me with its power and simplicity. Here’s a rundown of how to set it up and what makes it stand out.
What is Vuls?
Vuls is a powerful vulnerability scanner designed for Linux systems. It simplifies the process of identifying security vulnerabilities by automating the scanning and reporting processes. You can run it directly on the host you're scanning or remotely, making it usable for a quick one off scan or scheduled in production.
How Vuls Works
The tool operates by collecting a list of installed packages (eg the same way you use the dpkg -l
command) and then comparing this list against a database of Common Vulnerabilities and Exposures (CVE). This comparison helps identify potential security threats present in the installed packages.
Installation Process
Getting Vuls up and running involves a few straightforward steps:
-
Initial Installation: Download and run the installation script:
wget https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh sudo bash install.sh
-
Clone the Repository: Clone the Vuls repository to your system:
git clone https://github.com/vulsio/vulsctl.git
Updating CVE Databases
Updating the CVE databases is a critical step, though it can be time-consuming. Here’s how to do it:
-
Prepare the Update Script: Customize the update script to avoid downloading unnecessary files for other operating systems:
cp vulsctl/install-host/update-all{,-custom-ubuntu}.sh nano vulsctl/install-host/update-all-custom-ubuntu.sh # Comment out the lines for operating systems you don't need
-
Run the Update: Execute the update script and allow some time for it to complete:
cd vulsctl/install-host time sudo bash update-all-custom-ubuntu.sh # real 77m29.339s # user 31m17.511s # sys 6m23.535s
Configuration for Scanning
To scan the localhost, ensure your configuration file is set up correctly:
cat config.toml
[servers]
[servers.localhost]
host = "127.0.0.1"
port = "local"
scanMode = ["fast"]
Running the Scan
Once everything is set up, running a scan is as simple as executing:
vuls scan
vuls report
This command will start the scanning process and then provide a report detailing any found vulnerabilities, including whether a patch is available.