Since Vulners.com stores formalized security bulletins for all major Linux-distributions, it was logical decision to make a vulnerability assessment service. It takes informations about OS and installed packaged and returns list of vulnerabilities. Like regular vulnerability scanners do, but way more effective and for free.
Currently Vulners provides web-interface, which you can use to check your server, API for automation and PoC of agent for future cloud vulnerability management solutions. The following Linux distributions are supported: RedHat, CentOS, Fedora, Oracle Linux, Ubuntu, Debian.
The graphical interface is available on Audit tab. You can read OS version in /etc/os-release, /etc/centos-release, and other files specific for operating systems. To get installed packages in rpm-based systems use “rpm -qa”, for deb-based systems “dpkg-query -W -f=’${Package} ${Version} ${Architecture}n'”
List of vulnerabilities:
In similar way you can work with Audit API. Set the list of installed packages with OS version, and in return you will get a list of vulnerabilities.
curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"os":"centos","package":["pcre-8.32-15.el7.x86_64", "samba-common-4.2.3-11.el7_2.noarch", "gnu-free-fonts-common-20120503-8.el7.noarch", "libreport-centos-2.1.11-32.el7.centos.x86_64", "libacl-2.2.51-12.el7.x86_64", "sos-3.2-35.el7.centos.noarch" ],"version":"7"}' https://vulners.com/api/v3/audit/audit/
{
"result": "OK",
"data": {
"reasons": [
{
"providedPackage": "sos-3.2-35.el7.centos.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0188",
"providedVersion": "0:3.2-35.el7.centos",
"bulletinPackage": "sos-3.2-35.el7.centos.3.noarch.rpm",
"bulletinVersion": "3.2-35.el7.centos.3",
"package": "sos-3.2-35.el7.centos.noarch"
},
{
"providedPackage": "pcre-8.32-15.el7.x86_64",
"operator": "lt",
"bulletinID": "CESA-2016:1025",
"providedVersion": "0:8.32-15.el7",
"bulletinPackage": "pcre-8.32-15.el7_2.1.x86_64.rpm",
"bulletinVersion": "8.32-15.el7_2.1",
"package": "pcre-8.32-15.el7.x86_64"
},
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:1486",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.10-7.el7_2.noarch.rpm",
"bulletinVersion": "4.2.10-7.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
},
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0612",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.10-6.el7_2.noarch.rpm",
"bulletinVersion": "4.2.10-6.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
},
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0448",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.3-12.el7_2.noarch.rpm",
"bulletinVersion": "4.2.3-12.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
}
],
"vulnerabilities": [
"CESA-2016:1486",
"CESA-2016:1025",
"CESA-2016:0448",
"CESA-2016:0612",
"CESA-2016:0188"
],
"cvelist": [
"CVE-2015-5370",
"CVE-2015-7560",
"CVE-2016-2119",
"CVE-2016-2118",
"CVE-2015-7529",
"CVE-2016-2112",
"CVE-2016-2113",
"CVE-2016-3191",
"CVE-2015-8386",
"CVE-2015-8388",
"CVE-2015-8385",
"CVE-2016-2110",
"CVE-2015-5073",
"CVE-2015-8391",
"CVE-2015-2328",
"CVE-2016-2115",
"CVE-2015-3217",
"CVE-2016-2114",
"CVE-2016-2111"
],
"cvss": {
"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/",
"score": 9.0
},
"packages": {
"pcre-8.32-15.el7.x86_64": {
"CESA-2016:1025": [
{
"providedPackage": "pcre-8.32-15.el7.x86_64",
"operator": "lt",
"bulletinID": "CESA-2016:1025",
"providedVersion": "0:8.32-15.el7",
"bulletinPackage": "pcre-8.32-15.el7_2.1.x86_64.rpm",
"bulletinVersion": "8.32-15.el7_2.1",
"package": "pcre-8.32-15.el7.x86_64"
}
]
},
"sos-3.2-35.el7.centos.noarch": {
"CESA-2016:0188": [
{
"providedPackage": "sos-3.2-35.el7.centos.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0188",
"providedVersion": "0:3.2-35.el7.centos",
"bulletinPackage": "sos-3.2-35.el7.centos.3.noarch.rpm",
"bulletinVersion": "3.2-35.el7.centos.3",
"package": "sos-3.2-35.el7.centos.noarch"
}
]
},
"samba-common-4.2.3-11.el7_2.noarch": {
"CESA-2016:1486": [
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:1486",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.10-7.el7_2.noarch.rpm",
"bulletinVersion": "4.2.10-7.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
}
],
"CESA-2016:0448": [
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0448",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.3-12.el7_2.noarch.rpm",
"bulletinVersion": "4.2.3-12.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
}
],
"CESA-2016:0612": [
{
"providedPackage": "samba-common-4.2.3-11.el7_2.noarch",
"operator": "lt",
"bulletinID": "CESA-2016:0612",
"providedVersion": "0:4.2.3-11.el7_2",
"bulletinPackage": "samba-common-4.2.10-6.el7_2.noarch.rpm",
"bulletinVersion": "4.2.10-6.el7_2",
"package": "samba-common-4.2.3-11.el7_2.noarch"
}
]
}
}
}
And finally, the PoC agent for future cloud vulnerability management solutions.
Vulners stands for transparency of all its component. Agent was made fully functional. It not only collects data from the system, and sends it to a Vulners server for analysis and reporting, but also receives vulnerability data from the server and displays it in the console. Agent-based solution provides the fastest and most reliable vulnerability assessment. You do not need to create any user accounts, allow network connections for scanners and choose right time for scanning. At the moment, it’s just a python-script, but in the future packages for the systems will be available.
$ git clone https://github.com/videns/vulners-scanner
$ cd vulners-scanner
$ ./linuxScanner.py
_
__ ___ _| |_ __ ___ _ __ ___
/ / | | | | '_ / _ '__/ __|
V /| |_| | | | | | __/ | __
_/ __,_|_|_| |_|___|_| |___/
==========================================
Host info - Host machine
OS Name - centos, OS Version - 7
Total found packages: 1026
Vulnerable packages:
krb5-libs-1.13.2-10.el7.x86_64
CESA-2016:0532 - 'Moderate krb5 Security Update', cvss.score - 6.8
openssh-server-6.6.1p1-23.el7_2.x86_64
CESA-2016:0465 - 'Moderate openssh Security Update', cvss.score - 7.7
libtdb-1.3.6-2.el7.x86_64
CESA-2016:0612 - 'Critical ipa Security Update', cvss.score - 0.0
kernel-tools-3.10.0-327.4.5.el7.x86_64
CESA-2016:1033 - 'Important kernel Security Update', cvss.score - 0.0
CESA-2016:1633 - 'Important kernel Security Update', cvss.score - 4.3
CESA-2016:0185 - 'Important kernel Security Update', cvss.score - 7.2
CESA-2016:1539 - 'Important kernel Security Update', cvss.score - 7.2
CESA-2016:1277 - 'Important kernel Security Update', cvss.score - 7.2
openssl-libs-1.0.1e-51.el7_2.2.x86_64
CESA-2016:0301 - 'Important openssl Security Update', cvss.score - 0.0
CESA-2016:0722 - 'Important openssl Security Update', cvss.score - 10.0
nss-softokn-3.16.2.3-13.el7_1.x86_64
CESA-2016:0685 - 'Moderate nss-softokn Security Update', cvss.score - 6.8
...
As you can see vulnerability analysis of Linux hosts can be done efficiently without expensive vulnerability scanners.
2 thoughts on “Linux Vulnerability Audit in Vulners”