'yum update --changelog' stalled in 'vuls scan'. if ssh user is not 'root'.

[r-hirakawa]

If user is not 'root' in ssh connection.
'yum update --changelog' looks like stalled by waiting user input 'Is this ok [y/d/N]: ',
Because 'echo N | ' is not concatenated for command string in 'getAllChangelog' function.

scan/redhat.go

579:    command := ""
580:    if o.ServerInfo.User == "root" {
581:        command = "echo N | "
582:    }

[question]
Is vuls recommended to use 'root' user for ssh connection ?
I think 'root' user check is unnecessary.
I want to use administrator (not 'root') user for security reasons.

[kotakanbe]

It works fine on my environment. ( CentOS5, non-root user)
I want to reproduce the issue. Let me know your OS version of the target server.

Please update to the latest version, and run with --debug option to get more information.

user for ssh

Vuls supports non-root user for ssh user.
You have to define NOPASSWD in /etc/sudoers on the target server if you use non-root user.
For details, see https://github.com/future-architect/vuls#usage-configtest

• CentOS, Amazon Linux, RedHat Enterprise Linux

vuls ALL=(root) NOPASSWD: /usr/bin/yum

• Ubuntu, Debian

vuls ALL=(root) NOPASSWD: /usr/bin/apt-get, /usr/bin/apt-cache

[kotakanbe]

Please join vuls-slack team.
https://docs.google.com/forms/d/e/1FAIpQLSfMyxCKV0C1ukTE0Mc9oyOHDI_2nbz4L75LAMj0D_A2vx_fMA/viewform?c=0&w=1

And add a GitHub Star if you favorite Vuls.

[kotakanbe]

I reproduced the problem on CentOS7 (without -ssh-external).
I will fix it soon :)

[kotakanbe]

The bug was fixed.
Please test on your environment.
Thanks for reporting :)