diff --git a/README.md b/README.md index dba5ebae0c..3c9857d296 100644 --- a/README.md +++ b/README.md @@ -152,15 +152,6 @@ $ ls -alh cve.sqlite3 -rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cve.sqlite3 ``` -Now we successfully collected vulnerbility data, then start as server. -```bash -$ go-cve-dictionary server -[Mar 24 15:21:55] INFO Opening DB. datafile: /home/ec2-user/cve.sqlite3 -[Mar 24 15:21:55] INFO Migrating DB -[Mar 24 15:21:56] INFO Starting HTTP Sever... -[Mar 24 15:21:56] INFO Listening on 127.0.0.1:1323 -``` - ## Step5. Deploy Vuls Launch a new terminal and SSH to the ec2 instance. @@ -195,8 +186,12 @@ see [Usage: Prepare](https://github.com/future-architect/vuls#usage-prepare) ## Step8. Start Scanning ``` -$ vuls scan -INFO[0000] Begin scanning (config: /home/ec2-user/config.toml) +$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 +INFO[0000] Start scanning (config: /home/ec2-user/config.toml) +INFO[0000] Start scanning +INFO[0000] config: /home/ec2-user/config.toml +INFO[0000] cve-dictionary: /home/ec2-user/cve.sqlite3 + ... snip ... @@ -477,6 +472,7 @@ scan: [-lang=en|ja] [-config=/path/to/config.toml] [-dbpath=/path/to/vuls.sqlite3] + [--cve-dictionary-dbpath=/path/to/cve.sqlite3] [-cve-dictionary-url=http://127.0.0.1:1323] [-cvss-over=7] [-ignore-unscored-cves] @@ -495,6 +491,8 @@ scan: Ask sudo password of target servers before scanning -config string /path/to/toml (default "$PWD/config.toml") + --cve-dictionary-dbpath string + /path/to/sqlite3 (For get cve detail from cve.sqlite3) -cve-dictionary-url string http://CVE.Dictionary (default "http://127.0.0.1:1323") -cvss-over float @@ -552,14 +550,9 @@ all.txt includes the scan results of all servres and servername.txt includes the ## example -Run go-cve-dictionary as server mode before scanning. -``` -$ go-cve-dictionary server -``` - ### Scan all servers defined in config file ``` -$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password +$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password -cve-dictionary-dbpath=$PWD/cve.sqlite3 ``` With this sample command, it will .. - Ask sudo password and ssh key passsword before scanning @@ -570,7 +563,7 @@ With this sample command, it will .. ### Scan specific servers ``` -$ vuls scan server1 server2 +$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 server1 server2 ``` With this sample command, it will .. - Use SSH Key-Based authentication with empty password (without -ask-key-password option) @@ -696,6 +689,18 @@ $ ./vuls history | peco | ./vuls tui [![asciicast](https://asciinema.org/a/emi7y7docxr60bq080z10t7v8.png)](https://asciinema.org/a/emi7y7docxr60bq080z10t7v8) +# Usage: go-cve-dictonary on different server + +Run go-cve-dictionary as server mode before scanning on 192.168.10.1 +``` +$ go-cve-dictionary server -bind=192.168.10.1 -port=1323 +``` + +Run Vuls with -cve-dictionary-url option. + +``` +$ vuls scan -cve-dictionary-url=http://192.168.0.1:1323 +``` # Usage: Update NVD Data diff --git a/commands/scan.go b/commands/scan.go index 6c75b10195..f743480065 100644 --- a/commands/scan.go +++ b/commands/scan.go @@ -77,7 +77,7 @@ func (*ScanCmd) Usage() string { [-lang=en|ja] [-config=/path/to/config.toml] [-dbpath=/path/to/vuls.sqlite3] - [-cvedbpath=/path/to/cve.sqlite3] + [-cve-dictionary-dbpath=/path/to/cve.sqlite3] [-cve-dictionary-url=http://127.0.0.1:1323] [-cvss-over=7] [-ignore-unscored-cves] @@ -107,7 +107,11 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) { defaultDBPath := filepath.Join(wd, "vuls.sqlite3") f.StringVar(&p.dbpath, "dbpath", defaultDBPath, "/path/to/sqlite3") - f.StringVar(&p.cvedbpath, "cvedbpath", "", "/path/to/sqlite3 (For get cve detail from cve.sqlite3)") + f.StringVar( + &p.cvedbpath, + "cve-dictionary-dbpath", + "", + "/path/to/sqlite3 (For get cve detail from cve.sqlite3)") defaultURL := "http://127.0.0.1:1323" f.StringVar( @@ -203,7 +207,13 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) return subcommands.ExitUsageError } - logrus.Infof("Start scanning (config: %s)", p.configPath) + logrus.Info("Start scanning") + logrus.Infof("config: %s", p.configPath) + if p.cvedbpath != "" { + logrus.Infof("cve-dictionary: %s", p.cvedbpath) + } else { + logrus.Infof("cve-dictionary: %s", p.cveDictionaryURL) + } target := make(map[string]c.ServerInfo) for _, arg := range f.Args() { found := false diff --git a/config/config.go b/config/config.go index c481c700e0..fcbf278789 100644 --- a/config/config.go +++ b/config/config.go @@ -67,7 +67,7 @@ func (c Config) Validate() bool { if len(c.CveDBPath) != 0 { if ok, _ := valid.IsFilePath(c.CveDBPath); !ok { errs = append(errs, fmt.Errorf( - "SQLite3 DB(Cve Doctionary) path must be a *Absolute* file path. dbpath: %s", c.CveDBPath)) + "SQLite3 DB(Cve Dictionary) path must be a *Absolute* file path. dbpath: %s", c.CveDBPath)) } } diff --git a/cveapi/cve_client.go b/cveapi/cve_client.go index 76031a1348..866a14cf97 100644 --- a/cveapi/cve_client.go +++ b/cveapi/cve_client.go @@ -144,7 +144,7 @@ func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails c log.Debugf("open cve-dictionary db") if err := cvedb.OpenDB(); err != nil { return []cve.CveDetail{}, - fmt.Errorf("go-cve-dictionary:OpenDB Error: %v", err) + fmt.Errorf("Failed to open DB. err: %s", err) } for _, cveID := range cveIDs { cveDetail := cvedb.Get(cveID)