Dave Hulbert's Today I Learned (TIL)

Setting Up Vuls for Package Vulnerability Scanning on Linux Servers

When managing Linux servers, it's crucial to ensure they're free from vulnerabilities. I recently explored various package vulnerability scanners and stumbled upon Vuls, an open-source tool that impressed me with its power and simplicity. Here’s a rundown of how to set it up and what makes it stand out.

What is Vuls?

Vuls is a powerful vulnerability scanner designed for Linux systems. It simplifies the process of identifying security vulnerabilities by automating the scanning and reporting processes. You can run it directly on the host you're scanning or remotely, making it usable for a quick one off scan or scheduled in production.

How Vuls Works

The tool operates by collecting a list of installed packages (eg the same way you use the dpkg -l command) and then comparing this list against a database of Common Vulnerabilities and Exposures (CVE). This comparison helps identify potential security threats present in the installed packages.

Installation Process

Getting Vuls up and running involves a few straightforward steps:

  1. Initial Installation: Download and run the installation script:

    wget https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh
sudo bash install.sh

  2. Clone the Repository: Clone the Vuls repository to your system:

    git clone https://github.com/vulsio/vulsctl.git

Updating CVE Databases

Updating the CVE databases is a critical step, though it can be time-consuming. Here’s how to do it:

  1. Prepare the Update Script: Customize the update script to avoid downloading unnecessary files for other operating systems:

    cp vulsctl/install-host/update-all{,-custom-ubuntu}.sh
nano vulsctl/install-host/update-all-custom-ubuntu.sh
# Comment out the lines for operating systems you don't need

  2. Run the Update: Execute the update script and allow some time for it to complete:

    cd vulsctl/install-host
time sudo bash update-all-custom-ubuntu.sh
# real	77m29.339s
# user	31m17.511s
# sys	6m23.535s

Configuration for Scanning

To scan the localhost, ensure your configuration file is set up correctly:

cat config.toml
[servers]

[servers.localhost]
host               = "127.0.0.1"
port               = "local"
scanMode           = ["fast"]

Running the Scan

Once everything is set up, running a scan is as simple as executing:

vuls scan
vuls report

This command will start the scanning process and then provide a report detailing any found vulnerabilities, including whether a patch is available.