vuls fails to detect OS on CentOS Stream 8 host

[alexagr]

What did you do? (required. The issue will be closed when not provided.)

• Install vuls on Ubuntu 20.04 host
• Install clean CentOS Stream 8 host (either from ISO image or from Azure marketplace image)
• Create configuration file for remote scan
• Run "vuls configtest -config=config.toml"

What did you expect to happen?

Config test to finish successfully.

What happened instead?

Config test produces "Panic: runtime error: slice bounds out of range [:-1]" and gets stuck.

• Current Output

Please re-run the command using -debug and provide the output below.

$ vuls configtest -debug -config=config.toml1
[Feb 14 16:59:46]  INFO [localhost] vuls-v0.19.3-build-20220213_175535_0733561
[Feb 14 16:59:46]  INFO [localhost] Validating config...
[Feb 14 16:59:46]  INFO [localhost] Detecting Server/Container OS...
[Feb 14 16:59:46]  INFO [localhost] Detecting OS of servers...
[Feb 14 16:59:46] DEBUG [localhost] Validating SSH Settings for Server:remotehost ...
[Feb 14 16:59:46] DEBUG [localhost] Executing... /usr/bin/ssh -G -p 22 -l sbcadmin 20.94.220.14
[Feb 14 16:59:46] DEBUG [localhost] Setting SSH User:sbcadmin for Server:remotehost ...
[Feb 14 16:59:46] DEBUG [localhost] Validating SSH HostName:20.94.220.14 for Server:remotehost ...
[Feb 14 16:59:46] DEBUG [localhost] Setting SSH Port:22 for Server:remotehost ...
[Feb 14 16:59:46] DEBUG [localhost] Checking if the host's public key is in known_hosts...
[Feb 14 16:59:46] DEBUG [localhost] Executing... /usr/bin/ssh-keygen -F 20.94.220.14 -f ~/.ssh/known_hosts
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/debian_version
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/debian_version
  exitstatus: 2
  stdout: ls: cannot access '/etc/debian_version': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Not Debian like Linux. execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/debian_version
  exitstatus: 2
  stdout: ls: cannot access '/etc/debian_version': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/fedora-release
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/fedora-release
  exitstatus: 2
  stdout: ls: cannot access '/etc/fedora-release': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/oracle-release
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/oracle-release
  exitstatus: 2
  stdout: ls: cannot access '/etc/oracle-release': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/almalinux-release
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/almalinux-release
  exitstatus: 2
  stdout: ls: cannot access '/etc/almalinux-release': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/rocky-release
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/rocky-release
  exitstatus: 2
  stdout: ls: cannot access '/etc/rocky-release': No such file or directory

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... ls /etc/centos-release
[Feb 14 16:59:46] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; ls /etc/centos-release
  exitstatus: 0
  stdout: /etc/centos-release

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:46] DEBUG [localhost] Executing... cat /etc/centos-release
[Feb 14 16:59:47] DEBUG [localhost] execResult: servername: remotehost
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/sbcadmin/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m -l sbcadmin -p 22 -i /home/sbcadmin/.ssh/id_rsa -o PasswordAuthentication=no 20.94.220.14 stty cols 1000; cat /etc/centos-release
  exitstatus: 0
  stdout: CentOS Stream release 8

  stderr:
  err: %!s(<nil>)
[Feb 14 16:59:47] DEBUG [localhost] Panic: runtime error: slice bounds out of range [:-1] on remotehost

Steps to reproduce the behaviour

Run vuls remote scan for CentOS Stream 8 host.

Configuration (MUST fill this out):

• Go version (go version):

go version go1.17.7 linux/amd64

• Go environment (go env):

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/sbcadmin/.cache/go-build"
GOENV="/home/sbcadmin/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.7"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1991210076=/tmp/go-build -gno-record-gcc-switches"

• Vuls environment:

Hash : 0733561

vuls-v0.19.3-build-20220213_175535_0733561

• config.toml:

[servers]

[servers.remotehost]
host               = "20.94.220.14"
user               = "sbcadmin"
port               = "22"
keyPath            = "/home/sbcadmin/.ssh/id_rsa"
scanMode           = ["fast"]

• command:

vuls configtest -config=config.toml

[alexagr]

The following "hack" on the CentOS Stream 8 server resolves the problem:

sed -i 's/8/8.0/' /etc/centos-release

[MaineK00n]

@alexagr
Thanks for the bug report!

This will be fixed by this PR.
#1393