Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v0.4.0 #449

Merged
merged 116 commits into from
Aug 25, 2017
Merged

v0.4.0 #449

merged 116 commits into from
Aug 25, 2017

Conversation

kotakanbe
Copy link
Member

@kotakanbe kotakanbe commented Jul 18, 2017
edited
Loading

v0.4.0

We are pleased to announce the new Version, v0.4.0.
This version is not backward compatible.
But many new functions have been added.

How to install newly

How to update to the latest verison

Fast nosudo scan mode and Deep scan mode

Fast nosudo scan mode (Default)

  • This mode scans

    • Ultra high speed
    • Without root privilege
    • Not consume so much resources on the servers to be scanned.
    • Scanning is possible in an environment without Internet connection
      • Some OS needs internet connection ... Amazon, FreeBSD, Raspbian

  • Scan Method

    • RHEL, CentOS, Debian, Ubuntu, Oracle
      • Only collect information of the packages installed
    • Amazon
      • yum-plugin-security
    • FreeBSD
      • pkg-audit

  • Report

    • Compare package version to detect CVE-IDs using local OVAL DB.
    • Use vulnerability information such as NVD, JVN, OVAL

Deep scan mode

This mode may consume resources on the server to be scanned and some commands may need root privilege. However, deep scan mode is more accurate vulnerability detection and more detailed information than fast scan mode.

  • Scan Method

    • Ubuntu, Debian
      • parse changelog to detect CVE-IDs
      • need sudo(apt-get update)
    • CentOS
      • parse changelog to detect CVE-IDs
      • no sudo
    • RHEL
      • collect changelogs (no parse)
      • collect information of yum-plugin-seucrity
      • need sudo
    • Amazon Linux
      • collect changelogs (no parse)
      • collect information of yum-plugin-seucrity
      • no sudo

  • Report

    • Compare package version to detect CVE-IDs using local OVAL DB.
    • Use vulnerability information such as NVD, JVN, OVAL

Improvement of vulnerabilities detection accuracy

Detect the vulnerability that is not yet fixed

  • CentOS
    • There are many packages that has been fixed in RedHat, but not been fixed in CentOS.
  • Ubuntu, Debian
    • OVAL has this information

Notify Reboot Required

Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

Change the structure of models

The structure of the model has changed.
This version is not backward compatible.

Obtain changelog

  • Use yum changelog in yum-utils instead of yum update --changelog in yum-plugin-changelog to fetch changelogs without root privilege.
  • Use version comparison logic when parsing change log (Ubuntu, Debian)

Display the information of yum plugin-security on TUI

  • for RHEL, Amazon, Oracle
  • Changelogs will be fetched with --deep flag of scan subcommand.
    1____applications__tmux_

@kotakanbe kotakanbe force-pushed the support_oval branch 7 times, most recently from 0acc65e to 23f1d58 Compare August 7, 2017 01:19
This was referenced Aug 8, 2017
Closed
Closed
Closed
Closed
Closed
@kotakanbe
Copy link
Member Author

CentOS 7

  • v0.3.0
 One Line Summary
================
cent7idcf       centos7.2.1511  169 CVEs        223 updatable packages
  • v0.4.0 fast scan mode
One Line Summary
================
cent7idcf       Total: 364 (High:142 Medium:190 Low:32 ?:0)     223 updatable packages
  • v0.4.0 deep scan mode
One Line Summary
================
cent7idcf       Total: 389 (High:147 Medium:210 Low:32 ?:0)     223 updatable packages

@kotakanbe kotakanbe force-pushed the support_oval branch 2 times, most recently from b93f005 to b86259b Compare August 25, 2017 01:21
@kotakanbe kotakanbe changed the title [WIP]v0.4.0 v0.4.0 Aug 25, 2017
@kotakanbe kotakanbe merged commit fec13bc into master Aug 25, 2017
@kotakanbe kotakanbe added this to the v0.4.0 milestone Aug 25, 2017
@kotakanbe kotakanbe deleted the support_oval branch September 27, 2017 01:53
This was referenced Dec 5, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Breaking Changes bug enhancement refactoring
Projects
None yet
Milestone
v0.4.0
Development

Successfully merging this pull request may close these issues.
4 participants
@kotakanbe @knqyf263 @sadayuki-matsuno @ymomoi