Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan #1384

Merged
merged 7 commits into from Feb 15, 2022
Merged

fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan #1384

merged 7 commits into from Feb 15, 2022

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Feb 9, 2022
edited

What did you implement:

Fixes #1138, #983, #696

Fixed goval-dictinoary so that vuls can detect vulnerabilities in openSUSE, openSUSE Leap, SLES, and SLED.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

$ go run cmd/vuls/main.go scan
[Feb 12 19:47:50]  INFO [localhost] vuls-`make build` or `make install` will show the version-
[Feb 12 19:47:50]  INFO [localhost] Start scanning
[Feb 12 19:47:50]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Feb 12 19:47:50]  INFO [localhost] Validating config...
[Feb 12 19:47:50]  INFO [localhost] Detecting Server/Container OS... 
[Feb 12 19:47:50]  INFO [localhost] Detecting OS of servers... 
[Feb 12 19:47:51]  INFO [localhost] (1/1) Detected: vagrant: opensuse.leap 15.3
[Feb 12 19:47:51]  INFO [localhost] Detecting OS of containers... 
[Feb 12 19:47:51]  INFO [localhost] Checking Scan Modes... 
[Feb 12 19:47:51]  INFO [localhost] Detecting Platforms... 
[Feb 12 19:47:52]  INFO [localhost] (1/1) vagrant is running on other
[Feb 12 19:47:52]  INFO [vagrant] Scanning OS pkg in fast mode


Scan Summary
================
vagrant	opensuse.leap15.3	302 installed, 18 updatable





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.


$ go run cmd/vuls/main.go report
[Feb 12 19:48:27]  INFO [localhost] vuls-`make build` or `make install` will show the version-
[Feb 12 19:48:27]  INFO [localhost] Validating config...
[Feb 12 19:48:27]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/usr/share/vuls-data/cve.sqlite3
[Feb 12 19:48:27]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/usr/share/vuls-data/oval.sqlite3
[Feb 12 19:48:27]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/usr/share/vuls-data/gost.sqlite3
[Feb 12 19:48:27]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/usr/share/vuls-data/go-exploitdb.sqlite3
[Feb 12 19:48:27]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/usr/share/vuls-data/go-msfdb.sqlite3
[Feb 12 19:48:27]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/usr/share/vuls-data/go-kev.sqlite3
[Feb 12 19:48:27]  INFO [localhost] Loaded: /home/mainek00n/github/github.com/MaineK00n/vuls/results/2022-02-12T19:47:52+09:00
[Feb 12 19:48:27]  INFO [localhost] OVAL opensuse.leap 15.3 found. defs: 1253
[Feb 12 19:48:27]  INFO [localhost] OVAL opensuse.leap 15.3 is fresh. lastModified: 2022-02-12T16:12:25+09:00
[Feb 12 19:48:27]  INFO [localhost] vagrant: 11 CVEs are detected with OVAL
[Feb 12 19:48:27]  INFO [localhost] vagrant: 0 unfixed CVEs are detected with gost
[Feb 12 19:48:27]  INFO [localhost] vagrant: 0 CVEs are detected with CPE
[Feb 12 19:48:27]  INFO [localhost] vagrant: 0 PoC are detected
[Feb 12 19:48:27]  INFO [localhost] vagrant: 0 exploits are detected
[Feb 12 19:48:27]  INFO [localhost] vagrant: total 11 CVEs detected
[Feb 12 19:48:27]  INFO [localhost] vagrant: 0 CVEs filtered by --confidence-over=80
vagrant (opensuse.leap15.3)
===========================
Total: 11 (Critical:2 High:4 Medium:1 Low:1 ?:3)
11/11 Fixed, 3 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
302 installed

+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |                       NVD                       |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-2022-23218 |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2022-23218 |
| CVE-2022-23219 |  9.8 |  AV:N  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2022-23219 |
| CVE-2021-3999  |  8.1 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-3999  |
| CVE-2020-27840 |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-27840 |
| CVE-2021-20277 |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20277 |
| CVE-2021-36222 |  7.5 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-36222 |
| CVE-2021-20316 |  5.9 |  AV:N  |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-20316 |
| CVE-2021-43566 |  2.6 |  AV:A  | POC |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-43566 |
| CVE-2021-44141 |  0.0 |        |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-44141 |
| CVE-2021-44142 |  0.0 |        |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-44142 |
| CVE-2022-0336  |  0.0 |        |     |           |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2022-0336  |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+

fast-root scan

$ go run cmd/vuls/main.go scan
[Feb 12 19:46:53]  INFO [localhost] vuls-`make build` or `make install` will show the version-
[Feb 12 19:46:53]  INFO [localhost] Start scanning
[Feb 12 19:46:53]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Feb 12 19:46:53]  INFO [localhost] Validating config...
[Feb 12 19:46:53]  INFO [localhost] Detecting Server/Container OS... 
[Feb 12 19:46:53]  INFO [localhost] Detecting OS of servers... 
[Feb 12 19:46:53]  INFO [localhost] (1/1) Detected: vagrant: opensuse.leap 15.3
[Feb 12 19:46:53]  INFO [localhost] Detecting OS of containers... 
[Feb 12 19:46:53]  INFO [localhost] Checking Scan Modes... 
[Feb 12 19:46:53]  INFO [localhost] Detecting Platforms... 
[Feb 12 19:46:54]  INFO [localhost] (1/1) vagrant is running on other
[Feb 12 19:46:54]  INFO [vagrant] Scanning OS pkg in fast-root mode


Scan Summary
================
vagrant	opensuse.leap15.3	302 installed, 18 updatable





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Feb 9, 2022
@MaineK00n MaineK00n changed the title fix(suse): fix openSUSE, openSUSE Leap scan fix(suse): fix openSUSE, openSUSE Leap, SLES, SLED scan Feb 9, 2022
@MaineK00n MaineK00n force-pushed the MaineK00n/fix-suse branch 2 times, most recently from 7356d87 to 54b71b9 Compare February 12, 2022 10:32
This was linked to issues Feb 12, 2022
support SUSE distributions #983
Closed
Detect need-restarting procs on SUSE #696
Closed
@MaineK00n MaineK00n force-pushed the MaineK00n/fix-suse branch 5 times, most recently from 0144797 to ebc1271 Compare February 12, 2022 12:01
@MaineK00n MaineK00n marked this pull request as ready for review February 12, 2022 12:03
@MaineK00n MaineK00n mentioned this pull request Feb 12, 2022
Merged
@MaineK00n MaineK00n force-pushed the MaineK00n/fix-suse branch 2 times, most recently from 8813f14 to e6551bc Compare February 12, 2022 12:56
@kotakanbe kotakanbe self-requested a review February 13, 2022 19:46
@kotakanbe kotakanbe merged commit 787604d into master Feb 15, 2022
@kotakanbe kotakanbe deleted the MaineK00n/fix-suse branch February 15, 2022 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kotakanbe kotakanbe Awaiting requested review from kotakanbe

Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failed to check EOL support SUSE distributions Detect need-restarting procs on SUSE
2 participants
@MaineK00n @kotakanbe