IssueHuntfuture-architect/vuls
Do you want to work on this issue?
You can request for a bounty in order to promote it!
Scan returns 0 packages installed #1123
FabiolaBusch posted onGitHub
What did you do? (required. The issue will be closed when not provided.)
Run vulsctl scan via docker
docker run --rm -it -v ~/.ssh:/root/.ssh -v $PWD:/vuls -v $PWD/vuls-log:/var/log/vuls vuls/vuls scan -config=./config.toml
What did you expect to happen?
A Scan Summary such as:
Scan Summary
================
remotehost suse.linux.enterprise.server12.4 1793 installedThe scan should detect installed rpms.
Detailed expected output:
[Jan 11 10:49:05] INFO [localhost] Start scanning
[Jan 11 10:49:05] INFO [localhost] config: ./config.toml
[Jan 11 10:49:05] INFO [localhost] Validating config...
[Jan 11 10:49:05] INFO [localhost] Detecting Server/Container OS...
[Jan 11 10:49:05] INFO [localhost] Detecting OS of servers...
Enter passphrase for key '/root/.ssh/id_rsa':
Enter passphrase for key '/root/.ssh/id_rsa':
[Jan 11 10:49:14] INFO [localhost] (1/1) Detected: remotehost: suse.linux.enterprise.server 12.4
[Jan 11 10:49:14] INFO [localhost] Detecting OS of containers...
[Jan 11 10:49:14] INFO [localhost] Checking Scan Modes...
[Jan 11 10:49:14] INFO [localhost] Detecting Platforms...
[Jan 11 10:49:14] INFO [localhost] (1/1) remotehost is running on unknown
[Jan 11 10:49:14] INFO [localhost] Detecting IPS identifiers...
[Jan 11 10:49:14] INFO [localhost] (1/1) remotehost has 0 IPS integration
[Jan 11 10:49:14] INFO [localhost] Scanning vulnerabilities...
[Jan 11 10:49:14] INFO [localhost] Scanning vulnerable OS packages...
[Jan 11 10:49:14] INFO [remotehost] Scanning in fast-root offline mode
Scan Summary
================
remotehost suse.linux.enterprise.server12.4 1793 installed What happened instead?
Scan Summary
================
remotehost suse.linux.enterprise.server12.4 0 installed The scan did not detect any installed rpms.
- Current Output
Please re-run the command using -debug and provide the output below.
docker run --rm -it -v ~/.ssh:/root/.ssh -v $PWD:/vuls -v $PWD/vuls-log:/var/log/vuls vuls/vuls scan -config=./config.toml -debug
[Jan 11 09:40:33] INFO [localhost] Start scanning
[Jan 11 09:40:33] INFO [localhost] config: ./config.toml
[Jan 11 09:40:33] DEBUG [localhost] map[string]config.ServerInfo{}
[Jan 11 09:40:33] INFO [localhost] Validating config...
[Jan 11 09:40:33] INFO [localhost] Detecting Server/Container OS...
[Jan 11 09:40:33] INFO [localhost] Detecting OS of servers...
[Jan 11 09:40:33] DEBUG [localhost] Executing... ls /etc/debian_version
[Jan 11 09:40:33] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/debian_version
exitstatus: 2
stdout: ls: cannot access '/etc/debian_version': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:33] DEBUG [localhost] Not Debian like Linux. execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/debian_version
exitstatus: 2
stdout: ls: cannot access '/etc/debian_version': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:33] DEBUG [localhost] Executing... ls /etc/fedora-release
[Jan 11 09:40:33] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/fedora-release
exitstatus: 2
stdout: ls: cannot access '/etc/fedora-release': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:33] DEBUG [localhost] Executing... ls /etc/oracle-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/oracle-release
exitstatus: 2
stdout: ls: cannot access '/etc/oracle-release': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Executing... ls /etc/centos-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/centos-release
exitstatus: 2
stdout: ls: cannot access '/etc/centos-release': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Executing... ls /etc/redhat-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/redhat-release
exitstatus: 2
stdout: ls: cannot access '/etc/redhat-release': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Executing... ls /etc/system-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/system-release
exitstatus: 2
stdout: ls: cannot access '/etc/system-release': No such file or directory
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Not RedHat like Linux. servername: remotehost
[Jan 11 09:40:34] DEBUG [localhost] Executing... ls /etc/os-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; ls /etc/os-release
exitstatus: 0
stdout: /etc/os-release
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Executing... zypper -V
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; zypper -V
exitstatus: 0 stdout: zypper 1.13.45
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] Executing... cat /etc/os-release
[Jan 11 09:40:34] DEBUG [localhost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; cat /etc/os-release
exitstatus: 0
stdout: NAME="SLES"
VERSION="12-SP4"
VERSION_ID="12.4"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP4"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp4"
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [localhost] SUSE Linux. Host: 172.220.123.123:22
[Jan 11 09:40:34] INFO [localhost] (1/1) Detected: remotehost: suse.linux.enterprise.server 12.4
[Jan 11 09:40:34] INFO [localhost] Detecting OS of containers...
[Jan 11 09:40:34] INFO [localhost] Checking Scan Modes...
[Jan 11 09:40:34] INFO [localhost] Detecting Platforms...
[Jan 11 09:40:34] INFO [localhost] (1/1) remotehost is running on unknown
[Jan 11 09:40:34] INFO [localhost] Detecting IPS identifiers...
[Jan 11 09:40:34] INFO [localhost] (1/1) remotehost has 0 IPS integration
[Jan 11 09:40:34] INFO [localhost] Scanning vulnerabilities...
[Jan 11 09:40:34] INFO [localhost] Scanning vulnerable OS packages...
[Jan 11 09:40:34] INFO [remotehost] Scanning in fast-root offline mode
[Jan 11 09:40:34] DEBUG [remotehost] Executing... /sbin/ip -o addr
[Jan 11 09:40:34] DEBUG [remotehost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; /sbin/ip -o addr
exitstatus: 0
stdout: 1: lo <comment from OP: removed due to privacy reasons>
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [remotehost] Executing... uname -r
[Jan 11 09:40:34] DEBUG [remotehost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; uname -r
exitstatus: 0
stdout: 4.12.14-94.41-default
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [remotehost] Executing... rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"
[Jan 11 09:40:34] DEBUG [remotehost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"
exitstatus: 0
stdout:
stderr:
err: %!s(<nil>)
[Jan 11 09:40:34] DEBUG [remotehost] Executing... rpm -q --last kernel-default
[Jan 11 09:40:35] DEBUG [remotehost] execResult: servername: remotehost
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; rpm -q --last kernel-default
exitstatus: 0
stdout: kernel-default-4.12.14-94.41.1.x86_64 Fri 05 Apr 2019 02:20:17 PM UTC
stderr:
err: %!s(<nil>)
Scan Summary
================
remotehost suse.linux.enterprise.server12.4 0 installed Steps to reproduce the behaviour
I cannot reproduce this behaviour myself. I executed the command on another machine with the same docker image, the target server was a suse.linux.enterprise.server12.4 as well and it worked fine.
Configuration (MUST fill this out):
- Go version (
go version):
I am using the docker image vuls/vuls with ID 357aa1103259 .
- Go environment (
go env):
I am using the docker image vuls/vuls with ID 357aa1103259 .
- Vuls environment:
Hash : cfbf779f9b86bea7f81623952b00df01d41860db
- config.toml:
[servers]
[servers.remotehost]
host = "172.220.123.123"
user = "user"
port = "22"
keyPath = "/root/.ssh/id_rsa"
scanMode = ["fast-root","offline"] [cveDict]
type = "sqlite3"
SQLite3Path = "/vuls/cve.sqlite3" [ovalDict]
type = "sqlite3"
SQLite3Path = "/vuls/oval.sqlite3" [gost]
type = "sqlite3"
SQLite3Path = "/vuls/gost.sqlite3" [exploit]
type = "sqlite3"
SQLite3Path = "/vuls/go-exploitdb.sqlite3" [metasploit]
type = "sqlite3"
SQLite3Path = "/vuls/go-msfdb.sqlite3" - command:
docker run --rm -it -v ~/.ssh:/root/.ssh -v $PWD:/vuls -v $PWD/vuls-log:/var/log/vuls vuls/vuls scan -config=./config.toml
Interestingly the query that fails in docker does work when executed manually:
/usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/root/.vuls/controlmaster-%r-remotehost.%p -o Controlpersist=10m user@172.220.123.123 -p 22 -i /root/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"