Local and Remote Scanning

In order to scan servers for vulnerabilities with FutureVuls, a scanner program must be installed. FutureVuls offers two modes.

  • Local Scan

    • Only the server itself, on which the scanner program is installed, will be scanned.
      • The installer defaults to local scan.
      • Local scan does not require SSH login configuration.
  • Remote Scan

    • Both Windows and Linux are supported.
      • The server where the scanner program is installed is used as the scan execution server, and SSH login to a server connected to the same network is used to perform the scan.
      • By adding settings to the configuration file, scanning can be performed without installing the scanner program on each server.
      • To login to the server to be scanned via SSH, a user account that can remotely login from the server to be scanned is required.

Local Scan

  1. log in to FutureVuls as a user with group administrator privileges and click on the icon in the upper right corner to access “Group Settings” 2.

  2. click on “Scanner” from the list on the left. Copy the installation commands as they appear.

On the server where the scanner program is to be installed, execute the command copied in “2. At this time, execute the command as a privileged user as follows: For Linux: Execute the command as a privileged user.

  • For Linux : Log in as a user who has been granted “root authority

If you get the following message, switch to a user with root privileges and execute again.

2017/11/08 06:04:19 [START      ]:      chkRootUser
2017/11/08 06:04:19 [ERROR      ]:      Please run as root user.
  • For Windows : Right click at command prompt startup and start from “Run as administrator”.

install

  1. After installation, when a scheduled run is performed, a scan is automatically performed and the scan results are uploaded to FutureVuls.

Remote Scan

This section describes how to set up remote scanning. The server on which the Scanner is set up is the “Scanner Server”, the The server to be vulnerability scanned is described as “scan target server”.

Preparation on the server to be scanned

Remote scan requires the following settings on the scan target server.

For local scans, the installer will automatically configure the above, but for remote scans, manual configuration is required.

Install Scanner

Install the scanner program on the scanner server as described above for local scan.

FutureVuls uses SSH login with RSA public key authentication when scanning remote servers (password authentication is not supported). Please have a user who can log in to the remote server, as well as a private key and a public key.

Modify config file

To scan remote servers, add the following configuration to the config file.

  • Config file path: /opt/vuls-saas/config.toml
$ vi /opt/vuls-saas/config.toml

[servers]

[servers.localhost]
  host = "localhost"
  port = "local"
# ↑↑ Local scan settings are automatically configured by the installer ↑↑

# ↓↓ Add the settings of the server to be scanned to your environment. ↓↓
# ex)
[servers.<server name>]
  user = "vuls-saas"                          ←<user name used for remote login>
  host = "192.168.0.100"                      ←<Server to remote login: IP address or name resolvable server name>
  port = "22"                                 ←<port number of the remote login destination>
  keyPath = "/opt/vuls-saas/vuls-saas.pem"    ←<Location of the private key>

  ~~~~

keyPath is the SSH private key of the server to be scanned. Duplicate content can be omitted by including it in “default”.

[default]
#port        = "22"
#user        = "username"
#keyPath     = "/home/username/.ssh/id_rsa"

For remote scanning of multiple servers

Define multiple servers to be scanned as follows. UUIDs will be generated automatically at report time if not defined.

  • Config file path: /opt/vuls-saas/config.toml
[default]
  port = "22"
  keyPath = "/home/vuls-saas/.ssh/stg.pem"
  scanMode = ["fast-root"]

[servers]

  [servers.ama2]
    user = "ec2-user"
    host = "13.113.92.xx"
    [servers.ama2.uuids]
      ama2 = "xxxxxxxxxxxxxxxxxxxxxxxxx"

  [servers.dev]
    user = "ubuntu"
    host = "54.248.62.xx"
    [servers.dev.uuids]
      dev = "zzzzzzzzzzzzzzzzzzzzzzzzzz"

To remotely scan all servers in range at once by specifying a CIDR range

By specifying a CIDR range in the configuration file, remote scanning can be performed on all servers within the range. Define as follows.

  • Config file path: /opt/vuls-saas/config.toml
[default]
  port = "22"
  scanMode = ["fast-root"]

[servers]

  [servers.testNW-target]
    user = "ec2-user"
    host = "192.168.0.60/31"
    keyPath = "/home/vuls-saas/.ssh/auth.pem"

When the scan is performed, the scanner will attempt a remote scan against all IP addresses in the specified range and overwrite them with configuration information for each server if successful.

  • Config file after scan.
[default]
  port = "22"
  scanMode = ["fast-root"]

[servers]

  [servers."testNW-target(192.168.0.60)"]
    user = "ec2-user"
    host = "192.168.0.60"
    keyPath = "/home/vuls-saas/.ssh/auth.pem"
    [servers."testNW-target(192.168.0.60)".uuids]
      "testNW-target(192.168.0.60)" = "bab806a2-59b7-628f-ff6b-c620df7191ca"

  [servers."testNW-target(192.168.0.61)"]
    user = "ec2-user"
    host = "192.168.0.61"
    keyPath = "/home/vuls-saas/.ssh/auth.pem"
    [servers."testNW-target(192.168.0.61)".uuids]
      "testNW-target(192.168.0.61)" = "dbad42bd-f045-5485-1189-f6a6e4d09a01"

For the second and subsequent scans, a remote scan is performed on each server based on the information in the configuration file.

How to specify a specific server for remote scanning

  • Change /opt/vuls-saas/vuls-saas.sh as follows
$ su - vuls-saas
$ cd /opt/vuls-saas
$ cp vuls-saas.sh vuls-saas.sh.bak
$ vim vuls-saas.sh
$ diff vuls-saas.sh*
diff vuls-saas.sh*
16c16
< ./vuls scan -ips ${@} > scan.log 2>&1
---
> ./vuls scan -ips > scan.log 2>&1
  • Perform a scan of a specific server (assuming the two ama2, dev machines in the previous section are defined)
./vuls-saas.sh dev
  • To scan multiple servers, specify server names (xxx in [servers.xxx] in config.toml) separated by spaces.
./vuls-saas.sh dev ama2
  • To scan all servers defined in config.toml
./vuls-saas.sh