Home / Malware & Threats / How Do You Install and Use Vuls for Linux Vulnerability Scanning?

How Do You Install and Use Vuls for Linux Vulnerability Scanning?

December 27, 2024

Vuls, a free and open-source vulnerability scanner for Linux, offers a robust solution for scanning networked machines efficiently and effectively. It’s specialized for various operating systems, provides multiple scanning methods, and doesn’t require the installation of agents on devices, making it a user-friendly option. By leveraging numerous vulnerability databases, Vuls ensures comprehensive scanning capabilities. In this guide, we’ll walk you through the process of installing and using Vuls, specifically on an instance of Ubuntu Server 22.04, and delve into both the essential and alternative approaches to setting it up.

1. Prerequisites

Before diving into the installation process, there are a few prerequisites you’ll need to fulfill to get Vuls up and running smoothly. First and foremost, make sure you have a running instance of Linux accompanied by a user account with superuser (sudo) privileges. For the purpose of this guide, we will use Ubuntu Server 22.04 as our example operating system. Ensuring you meet these basic requirements is crucial for successful installation and operation.

Additionally, keep in mind that Vuls requires SSH access for remote scanning and depends on databases such as NVD, JVN, OVAL, RHSA, ALAS, ELSA, FreeBSD-SA, and Changelog to detect vulnerabilities. Having a clear understanding of your operating environment and network configuration will facilitate better integration and execution of Vuls scans. With these prerequisites in place, let’s move on to updating your system and preparing it for Vuls installation.

2. System Update

In its deliberate approach to addressing the complexities of cryptocurrencies, the SEC opted for another delay in its verdict on the spot Ethereum ETF. The extension grants the SEC an opportunity not only to conduct an in-depth examination of Ethereum’s suitability for ETF status but also to source public insight, which could heavily sway the conclusion. This speaks to the SEC’s attentiveness to the nuances of digital assets and their integration into regulatory frameworks, which it does not take lightly. The situation closely parallels the stalling faced by Grayscale, who is also waiting for the green light to transform its Ethereum Trust into a spot ETF, raising questions about the contrasting regulatory processes for Bitcoin and Ethereum.

Keeping your system updated is fundamental for security and functionality. The first step in preparing your system for Vuls involves running an update and upgrade command. Running system updates ensures that your operating system and all installed packages are current. Open a terminal window and use the following command:

sudo apt-get update && sudo apt-get upgrade -y

This command will fetch the latest package lists from the repositories and upgrade any outdated packages to their latest versions. It’s advisable to perform this step during a maintenance window or a time when a system reboot is possible, as kernel upgrades may require a reboot. Ensuring your system is up to date minimizes potential compatibility issues during the installation process. Once the update and upgrade cycles are complete, you can proceed to the next step, which involves installing essential dependencies.

3. Install Dependencies

Dependencies are critical for the successful installation and operation of Vuls. Dependencies are software packages or libraries required for the proper functioning of a program. To proceed, install the necessary dependencies by running the following command in your terminal:

sudo apt-get install debian-goodies reboot-notifier -y

This command installs debian-goodies, a collection of utilities that can assist in the management and analysis of Debian packages, and reboot-notifier, which alerts users when a system reboot is required following updates. Successfully installing these dependencies ensures that your system is prepared for the Vuls installation script. Next, we will fetch the installer script to initiate the installation of Vuls.

4. Download Installer Script

To streamline the installation process, Vuls provides an installer script that automates several steps, ensuring a hassle-free setup experience. Download this installer script by running the following command:

wget https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh

The wget command retrieves the installer script from Vuls’ official repository on GitHub. This script will be crucial for the upcoming steps, enabling you to automatically configure and install Vuls on your system. Once the script is downloaded, the next step involves making it executable, ensuring that you have the necessary permissions to run it.

5. Make Script Executable

After downloading the installer script, you need to grant it executable permissions to run it successfully. Making a script executable is a common practice in Unix-based systems to allow for execution by the system. Use the following command:

chmod +x install.sh

This command changes the mode of the install.sh file, adding executable permissions. By doing this, you ensure that the script can be executed without any permission issues. With the script now executable, you are ready to proceed with the actual installation of Vuls, which will be carried out using this script.

6. Run Installer

Running the installer script is the next step in the Vuls installation process. This script will guide you through the installation by automating several tasks. Execute the installer by running the following command:

sudo ./install.sh

Once you execute this command, the installer will prompt you to confirm the installation. When prompted, type “y” and press Enter. The installation process typically takes between 2 to 5 minutes, depending on your system’s performance and network speed. The installer will download and configure the necessary components for Vuls. After the installation completes, the next crucial step is to verify that the installation was successful.

7. Verify Installation

Verification is an essential step to ensure that Vuls was installed correctly and is functioning as expected. To check if the installation was successful, you can use the following command:

vuls -h

Executing this command should display the contents of the help file, indicating that Vuls is ready for use. The help file provides a list of commands and options available in Vuls, which you can reference for further usage. Verifying the installation ensures there are no missing components or configurations. If you encounter any issues, reviewing the installation steps and logs can help identify and resolve problems. Now that the installation is verified, let’s explore an alternative, easier method for installing Vuls, which might be suitable for users looking for a quicker setup.

8. Alternative Installation Method

An alternative method for installing Vuls involves using the standard repository. While this method might not install the most up-to-date version of Vuls, it offers a quicker and easier installation process. To install Vuls from the repository, run the following command in your terminal:

sudo apt-get install vuls -y

This command fetches and installs Vuls from the Ubuntu repository. The advantage of using this method is its simplicity and speed. However, it may not provide the latest features and updates available with the manual installation method. Once the installation is complete, you can proceed with the configuration and setup steps to start using Vuls for vulnerability scanning.

9. Create Vuls Directory

To organize Vuls-related files, creating a dedicated directory is a good practice. This step ensures that all configurations, databases, and logs are neatly stored in one place. To create a new directory for Vuls, use the following command:

sudo mkdir /opt/vuls

This command creates a directory named vuls under the /opt directory, which is a common location for third-party software installations. Having a dedicated directory simplifies file management and makes it easier to locate Vuls-related files. Once the directory is created, change into this directory to proceed with further configurations and file setups.

10. Navigate to Directory

Now that the Vuls directory is created, navigate into it to continue the setup process. Changing to the new directory ensures that all subsequent operations are performed within the correct context. Use the following command:

cd /opt/vuls

This command changes the current working directory to /opt/vuls. From this directory, you will create and manage configuration files and databases required for Vuls. Having a specific working directory helps keep the setup organized and avoids cluttering other system directories with Vuls files. With the directory navigated, the next step is to create the configuration file for Vuls.

11. Create Configuration File

The configuration file for Vuls specifies various settings and parameters required for its operation. To create the configuration file, use the following command to open a text editor:

sudo nano config.toml

This command opens the nano text editor with a new file named config.toml. In this file, you will define the configuration for Vuls. Paste the following content into the file:

[cveDict]type = "sqlite3"SQLite3Path = "/opt/vuls/cve.sqlite3"[ovalDict]type = "sqlite3"SQLite3Path = "/opt/vuls/oval.sqlite3"[gost]type = "sqlite3"SQLite3Path = "/opt/vuls/gost.sqlite3"[metasploit]type = "sqlite3"SQLite3Path = "/opt/vuls/go-msfdb.sqlite3"[servers][servers.localhost]host = "localhost"port = "local"scanMode = ["fast-root"]

After pasting the content, save and close the file by pressing Ctrl+O to write the changes and Ctrl+X to exit the editor. This configuration file sets up the necessary dictionaries and defines the local server settings for scanning. With the configuration file in place, the next step is to test the configuration for any errors or issues.

12. Test Configuration

Testing the configuration file ensures that all settings are correctly defined and that Vuls can operate without issues. Run the following command to test the configuration:

sudo vuls configtest

This command initiates a configuration test, checking for any errors or warnings in the specified settings. If the configuration is valid, you will see output indicating that the test passed successfully. Testing the configuration helps identify any misconfigurations or missing components, allowing you to address them before proceeding further. With the configuration tested and validated, the next step involves creating the CVE database required for vulnerability scanning.

13. Create CVE Database

Creating the CVE (Common Vulnerabilities and Exposures) database is crucial for effective vulnerability scanning. The CVE database contains known vulnerabilities that Vuls will use to detect potential security issues. To generate the CVE database, run the following commands:

sudo gost fetch debian --dbpath /opt/vuls/gost.sqlite3sudo go-cve-dictionary fetch nvd --dbpath /opt/vuls/cve.sqlite3sudo goval-dictionary fetch debian 12 --dbpath /opt/vuls/oval.sqlite3sudo go-msfdb fetch msfdb --dbpath /opt/vuls/go-msfdb.sqlite3

These commands fetch vulnerability data from various sources and store them in the specified SQLite3 databases. Ensuring you have accurate and updated vulnerability data is essential for effective scanning. With the CVE databases created, you are now ready to perform your first local vulnerability scan.

14. Run Local Scan

Running a local vulnerability scan allows you to evaluate the security status of your local system. To initiate a scan on the local machine (localhost), use the following command:

sudo vuls scan

This command triggers a vulnerability scan based on the settings defined in the configuration file. The scan will analyze the local system, checking for known vulnerabilities and potential security issues. The duration of the scan may vary depending on the number of packages and the complexity of the system. Once the scan completes, you can view the results to identify any discovered vulnerabilities.

15. View Scan Results

After completing the local vulnerability scan, reviewing the results is the next crucial step. The scan results provide detailed information about any detected vulnerabilities, helping you take appropriate actions to address them. To view the scan results, use the following command:

sudo vuls tui

This command opens a multi-pane window that displays the scan results in an organized manner. The results highlight any vulnerabilities found, their severity, and other relevant details. Reviewing the scan results allows you to prioritize and remediate security issues effectively. With the local scan and results review process covered, let’s move on to scanning specific distributions by downloading the relevant OVAL CVE database.

16. Download OVAL CVE Database for Specific Distribution

Scanning specific distributions requires downloading the relevant OVAL (Open Vulnerability and Assessment Language) CVE database. For example, if you want to scan a Red Hat Enterprise Linux (RHEL) 9 server, you need the corresponding OVAL CVE database. Use the following command to fetch it:

sudo goval-dictionary fetch redhat 9 --dbpath /opt/vuls/oval.sqlite3

This command downloads the OVAL CVE database for RHEL 9 and stores it in the specified SQLite3 database. Having the database specific to your target distribution ensures accurate and comprehensive vulnerability detection. With the necessary CVE database in place, you can proceed with generating an SSH key for secure remote scanning.

17. Generate SSH Key

Secure remote scanning using Vuls requires SSH key-based authentication. SSH keys provide a more secure and convenient method for authentication compared to passwords. To generate an SSH key, use the following command:

ssh-keygen

This command initiates the SSH key generation process, prompting you to specify a file location and passphrase. By default, the key is saved to ~/.ssh/id_rsa. Generating an SSH key ensures that you can establish secure connections to remote servers without needing to enter passwords. Once the SSH key is generated, the next step is to copy it to the remote server you intend to access.

18. Copy SSH Key to Remote Server

Copying the generated SSH key to the remote server facilitates secure communication and enables Vuls to perform remote scans. To transfer the SSH key to the remote server, use the following command:

ssh-copy-id USERNAME@192.168.1.100

Replace USERNAME with a valid username on the remote server and 192.168.1.100 with the server’s IP address. This command copies the SSH public key to the remote server’s authorized keys, allowing passwordless SSH authentication. Successfully transferring the SSH key ensures that Vuls can connect to the remote server securely. With the SSH key in place, the next step is to modify the Vuls configuration file to include the remote server’s details.

19. Edit Configuration File for Remote Server

To enable remote scanning, you need to update the Vuls configuration file with the remote server’s details. Open the configuration file using the following command:

sudo nano /opt/vuls/config.toml

The SEC’s Cautious Approach and Call for Public Comment

At the bottom of the file, add the following content:

[servers.rhel]host = "192.168.10.100"port = "22"user = "USERNAME"keyPath = "/home/USERNAME/.ssh/id_rsa"scanMode = ["fast-root"]

Replace 192.168.10.100 with the actual IP address of your remote server and USERNAME with the username on that server. This configuration entry specifies the remote server’s connection details and scanning mode. Save and close the file after making the necessary changes. Updating the configuration file with accurate remote server details ensures that Vuls can perform remote scans effectively. Next, test the updated configuration to validate the settings.

20. Test Configuration Again

Testing the updated configuration after adding the remote server details is crucial to ensure everything is correctly set up. Run the following command to test the configuration:

sudo vuls configtest

This command checks the entire configuration file, including the newly added remote server settings. If the configuration is valid and there are no errors, you will receive a confirmation message. Testing the configuration helps identify any misconfigurations or connectivity issues before proceeding with the actual scan. With the configuration validated, you are now ready to perform a remote scan using Vuls.

21. Run Remote Scan

Executing a remote scan using Vuls allows you to assess the security status of your remote servers. To initiate the remote scan, navigate to the /opt/vuls directory and use the following command:

sudo vuls scan

This command triggers the scan based on the configuration settings, including the remote server details. The scan will connect to the remote server over SSH, analyze it for vulnerabilities, and report back the findings. The duration of the scan may vary depending on the size and complexity of the remote system. Once the scan is complete, you can review the results to identify any detected vulnerabilities and take appropriate actions to mitigate them.

22. View Remote Scan Results

Vuls is a free, open-source vulnerability scanner designed specifically for Linux systems, providing an efficient and comprehensive way to scan networked computers. Its compatibility with various operating systems and multiple scanning methods highlights its versatility. Vuls stands out for not requiring the installation of agents on devices, enhancing its user-friendliness. By leveraging several vulnerability databases, Vuls ensures that its scanning capabilities are thorough and far-reaching.

In this comprehensive guide, we will walk you through the installation and use of Vuls on a specific instance of Ubuntu Server 22.04. You’ll learn both the essential steps and see alternative approaches to setting it up. The guide aims to equip you with the knowledge needed to fully utilize Vuls, making sure your networked machines are thoroughly scanned for any potential vulnerabilities. Whether you’re a novice or an experienced user, this guide on setting up and using Vuls will ensure that your systems are secure and efficiently monitored.