Linux Vulnerability Audit in Vulners

Since Vulners.com stores formalized security bulletins for all major Linux-distributions, it was logical decision to make a vulnerability assessment service. It takes informations about OS and installed packaged and returns list of vulnerabilities. Like regular vulnerability scanners do, but way more effective and for free.

Audit interface

Currently Vulners provides web-interface, which you can use to check your server, API for automation and PoC of agent for future cloud vulnerability management solutions. The following Linux distributions are supported: RedHat, CentOS, Fedora, Oracle Linux, Ubuntu, Debian.

The graphical interface is available on Audit tab. You can read OS version in /etc/os-release, /etc/centos-release, and other files specific for operating systems. To get installed packages in rpm-based systems use “rpm -qa”, for deb-based systems “dpkg-query -W -f=’${Package} ${Version} ${Architecture}n'”

Audit input CentOS
List of vulnerabilities:

CentOS Audit results

In similar way you can work with Audit API. Set the list of installed packages with OS version, and in return you will get a list of vulnerabilities.

curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"os":"centos","package":["pcre-8.32-15.el7.x86_64", "samba-common-4.2.3-11.el7_2.noarch", "gnu-free-fonts-common-20120503-8.el7.noarch", "libreport-centos-2.1.11-32.el7.centos.x86_64", "libacl-2.2.51-12.el7.x86_64", "sos-3.2-35.el7.centos.noarch" ],"version":"7"}'  https://vulners.com/api/v3/audit/audit/
{
  "result": "OK",
  "data": {
    "reasons": [
      {
        "providedPackage": "sos-3.2-35.el7.centos.noarch",
        "operator": "lt",
        "bulletinID": "CESA-2016:0188",
        "providedVersion": "0:3.2-35.el7.centos",
        "bulletinPackage": "sos-3.2-35.el7.centos.3.noarch.rpm",
        "bulletinVersion": "3.2-35.el7.centos.3",
        "package": "sos-3.2-35.el7.centos.noarch"
      },
      {
        "providedPackage": "pcre-8.32-15.el7.x86_64",
        "operator": "lt",
        "bulletinID": "CESA-2016:1025",
        "providedVersion": "0:8.32-15.el7",
        "bulletinPackage": "pcre-8.32-15.el7_2.1.x86_64.rpm",
        "bulletinVersion": "8.32-15.el7_2.1",
        "package": "pcre-8.32-15.el7.x86_64"
      },
      {
        "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
        "operator": "lt",
        "bulletinID": "CESA-2016:1486",
        "providedVersion": "0:4.2.3-11.el7_2",
        "bulletinPackage": "samba-common-4.2.10-7.el7_2.noarch.rpm",
        "bulletinVersion": "4.2.10-7.el7_2",
        "package": "samba-common-4.2.3-11.el7_2.noarch"
      },
      {
        "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
        "operator": "lt",
        "bulletinID": "CESA-2016:0612",
        "providedVersion": "0:4.2.3-11.el7_2",
        "bulletinPackage": "samba-common-4.2.10-6.el7_2.noarch.rpm",
        "bulletinVersion": "4.2.10-6.el7_2",
        "package": "samba-common-4.2.3-11.el7_2.noarch"
      },
      {
        "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
        "operator": "lt",
        "bulletinID": "CESA-2016:0448",
        "providedVersion": "0:4.2.3-11.el7_2",
        "bulletinPackage": "samba-common-4.2.3-12.el7_2.noarch.rpm",
        "bulletinVersion": "4.2.3-12.el7_2",
        "package": "samba-common-4.2.3-11.el7_2.noarch"
      }
    ],
    "vulnerabilities": [
      "CESA-2016:1486",
      "CESA-2016:1025",
      "CESA-2016:0448",
      "CESA-2016:0612",
      "CESA-2016:0188"
    ],
    "cvelist": [
      "CVE-2015-5370",
      "CVE-2015-7560",
      "CVE-2016-2119",
      "CVE-2016-2118",
      "CVE-2015-7529",
      "CVE-2016-2112",
      "CVE-2016-2113",
      "CVE-2016-3191",
      "CVE-2015-8386",
      "CVE-2015-8388",
      "CVE-2015-8385",
      "CVE-2016-2110",
      "CVE-2015-5073",
      "CVE-2015-8391",
      "CVE-2015-2328",
      "CVE-2016-2115",
      "CVE-2015-3217",
      "CVE-2016-2114",
      "CVE-2016-2111"
    ],
    "cvss": {
      "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/",
      "score": 9.0
    },
    "packages": {
      "pcre-8.32-15.el7.x86_64": {
        "CESA-2016:1025": [
          {
            "providedPackage": "pcre-8.32-15.el7.x86_64",
            "operator": "lt",
            "bulletinID": "CESA-2016:1025",
            "providedVersion": "0:8.32-15.el7",
            "bulletinPackage": "pcre-8.32-15.el7_2.1.x86_64.rpm",
            "bulletinVersion": "8.32-15.el7_2.1",
            "package": "pcre-8.32-15.el7.x86_64"
          }
        ]
      },
      "sos-3.2-35.el7.centos.noarch": {
        "CESA-2016:0188": [
          {
            "providedPackage": "sos-3.2-35.el7.centos.noarch",
            "operator": "lt",
            "bulletinID": "CESA-2016:0188",
            "providedVersion": "0:3.2-35.el7.centos",
            "bulletinPackage": "sos-3.2-35.el7.centos.3.noarch.rpm",
            "bulletinVersion": "3.2-35.el7.centos.3",
            "package": "sos-3.2-35.el7.centos.noarch"
          }
        ]
      },
      "samba-common-4.2.3-11.el7_2.noarch": {
        "CESA-2016:1486": [
          {
            "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
            "operator": "lt",
            "bulletinID": "CESA-2016:1486",
            "providedVersion": "0:4.2.3-11.el7_2",
            "bulletinPackage": "samba-common-4.2.10-7.el7_2.noarch.rpm",
            "bulletinVersion": "4.2.10-7.el7_2",
            "package": "samba-common-4.2.3-11.el7_2.noarch"
          }
        ],
        "CESA-2016:0448": [
          {
            "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
            "operator": "lt",
            "bulletinID": "CESA-2016:0448",
            "providedVersion": "0:4.2.3-11.el7_2",
            "bulletinPackage": "samba-common-4.2.3-12.el7_2.noarch.rpm",
            "bulletinVersion": "4.2.3-12.el7_2",
            "package": "samba-common-4.2.3-11.el7_2.noarch"
          }
        ],
        "CESA-2016:0612": [
          {
            "providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
            "operator": "lt",
            "bulletinID": "CESA-2016:0612",
            "providedVersion": "0:4.2.3-11.el7_2",
            "bulletinPackage": "samba-common-4.2.10-6.el7_2.noarch.rpm",
            "bulletinVersion": "4.2.10-6.el7_2",
            "package": "samba-common-4.2.3-11.el7_2.noarch"
          }
        ]
      }
    }
  }

And finally, the PoC agent for future cloud vulnerability management solutions.

Vulners stands for transparency of all its component. Agent was made fully functional. It not only collects data from the system, and sends it to a Vulners server for analysis and reporting, but also receives vulnerability data from the server and displays it in the console. Agent-based solution provides the fastest and most reliable vulnerability assessment. You do not need to create any user accounts, allow network connections for scanners and choose right time for scanning. At the moment, it’s just a python-script, but in the future packages for the systems will be available.

$ git clone https://github.com/videns/vulners-scanner
$ cd vulners-scanner
$ ./linuxScanner.py 

             _
__   ___   _| |_ __   ___ _ __ ___
  / / | | | | '_  / _  '__/ __|
  V /| |_| | | | | |  __/ |  __ 
  _/  __,_|_|_| |_|___|_|  |___/

==========================================
Host info - Host machine
OS Name - centos, OS Version - 7
Total found packages: 1026
Vulnerable packages:
    krb5-libs-1.13.2-10.el7.x86_64
        CESA-2016:0532 - 'Moderate krb5 Security Update', cvss.score - 6.8
    openssh-server-6.6.1p1-23.el7_2.x86_64
        CESA-2016:0465 - 'Moderate openssh Security Update', cvss.score - 7.7
    libtdb-1.3.6-2.el7.x86_64
        CESA-2016:0612 - 'Critical ipa Security Update', cvss.score - 0.0
    kernel-tools-3.10.0-327.4.5.el7.x86_64
        CESA-2016:1033 - 'Important kernel Security Update', cvss.score - 0.0
        CESA-2016:1633 - 'Important kernel Security Update', cvss.score - 4.3
        CESA-2016:0185 - 'Important kernel Security Update', cvss.score - 7.2
        CESA-2016:1539 - 'Important kernel Security Update', cvss.score - 7.2
        CESA-2016:1277 - 'Important kernel Security Update', cvss.score - 7.2
    openssl-libs-1.0.1e-51.el7_2.2.x86_64
        CESA-2016:0301 - 'Important openssl Security Update', cvss.score - 0.0
        CESA-2016:0722 - 'Important openssl Security Update', cvss.score - 10.0
    nss-softokn-3.16.2.3-13.el7_1.x86_64
        CESA-2016:0685 - 'Moderate nss-softokn Security Update', cvss.score - 6.8
...

As you can see vulnerability analysis of Linux hosts can be done efficiently without expensive vulnerability scanners.

2 thoughts on “Linux Vulnerability Audit in Vulners

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s