In today’s digital landscape, cybersecurity is of utmost importance. As businesses rely more on technology, protecting their systems from vulnerabilities becomes crucial. This is where vulnerability scanners come in. One such scanner is Vuls, an agentless, open-source tool designed for Linux and FreeBSD systems. In this article, we will guide you through the process of installing and using Vuls on an Ubuntu 22.04 server.

Prerequisites

Before we dive into the installation process, let’s ensure that we have everything we need:

• A Linux server running Ubuntu 22.04 (we’ll refer to it as ‘vuls’ with the IP address ‘192.168.5.20’).
• A non-root user with sudo or root administrator privileges.
• An additional server that will be used as the target machine for remote server scanning via Vuls.

Now that we have our prerequisites in place, let’s proceed with the installation.

Installing Vuls via Installer Script

Vuls can be installed manually or using an installer script. In this section, we will opt for the latter. Follow the steps below to install Vuls automatically on your Ubuntu 22.04 machine:

1. Open your terminal and run the following command to download the Vuls installer script ‘install.sh’ and execute it on your server:

bash <( curl -s https://raw.githubusercontent.com/vulsio/vulsctl/master/install-host/install.sh)

2. The installer script will handle the installation process for you. It will install basic dependencies like gcc, git, wget, curl, and the sqlite3 database tool. Additionally, it will manually install the latest version of Go from the binary package and compile and install Vuls along with other necessary tools.
3. Once the installation is complete, the Vuls binary file and other tools will be stored in the ‘/usr/local/bin’ directory. You can verify this by running the following command:

ls /usr/local/bin/

If you see the Vuls binary file along with other tools, congratulations! You have successfully installed Vuls on your Ubuntu machine.

Configuring Vuls Vulnerability Scanner

Before using Vuls, we need to configure it by creating the configuration file and setting up the data directory. Follow the steps below to complete the configuration:

1. Create the Vuls data directory ‘/usr/share/vuls-data’ by running the following command:

mkdir -p /usr/share/vuls-data

2. Next, create a new Vuls configuration file ‘config.toml’ using the touch command:

touch /usr/share/vuls-data/config.toml

3. Open the config file using your preferred text editor:

nano /usr/share/vuls-data/config.toml

4. Add the following lines to the file:

[cveDict]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/cve.sqlite3"

[ovalDict]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/oval.sqlite3"

[gost]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/gost.sqlite3"

[metasploit]
type = "sqlite3"
SQLite3Path = "/usr/share/vuls-data/go-msfdb.sqlite3"

[servers]

[servers.localhost]
host = "localhost"
port = "local"
scanMode = [ "fast" ]
#scanMode = ["fast", "fast-root", "deep", "offline"]

5. Save and close the file.

With these configurations, we have defined four Vuls databases – CVE, OVAL, Gost, and Metasploit – all stored in the ‘/usr/share/vuls-data/’ directory. Additionally, we have set up a scan called ‘localhost’ with the scan mode set to ‘fast’, which does not require root privileges.

Building Vuls CVE Databases

Now that our Vuls configuration is complete, we need to build the Vuls databases before we can start scanning. Follow the steps below to build the databases:

1. Ensure that you are in the ‘/usr/share/vuls-data/’ directory. If not, navigate to it by running the following command:

cd /usr/share/vuls-data/

2. Run the following command to build the Gost database for the Ubuntu system:

gost fetch ubuntu --dbpath /usr/share/vuls-data/gost.sqlite3

3. Next, generate the CVE database using the ‘go-cve-dictionary’ command. In this example, we will fetch the CVE database from NVD (NIST National Vulnerability Database) and store it in ‘/usr/share/vuls-data/cve.sqlite3’:

go-cve-dictionary fetch nvd --dbpath /usr/share/vuls-data/cve.sqlite3

4. Now, let’s generate the OVAL database using the ‘goval-dictionary’ command. This command fetches the OVAL database for Ubuntu 22 and stores it in ‘/usr/share/vuls-data/oval.sqlite3’:

goval-dictionary fetch ubuntu22 --dbpath /usr/share/vuls-data/oval.sqlite3

5. Lastly, generate the Metasploit-Framework CVEs database using the ‘go-msfdb’ command. This will store the database file at ‘/usr/share/vuls-data/go-msfdb.sqlite3’:

go-msfdb fetch msfdb --dbpath /usr/share/vuls-data/go-msfdb.sqlite3

6. Verify that the Vuls databases have been generated by running the following command:

ls /usr/share/vuls-data/*.sqlite3

If you see the databases ‘gost.sqlite3’, ‘cve.sqlite3’, ‘oval.sqlite3’, and ‘go-msfdb.sqlite3’, congratulations! You have successfully built the Vuls databases.

Scanning the Local Machine with Vuls

With the Vuls databases in place, we can now start scanning our local machine. Follow the steps below to perform a scan:

1. Navigate to the ‘/usr/share/vuls-data/’ directory if you’re not already there:

cd /usr/share/vuls-data/

2. Run the following command to start scanning all available target servers listed in the ‘config.toml’ file:

vuls scan

Alternatively, if you want to scan a specific target server, use the scan name as the parameter:

vuls scan localhost

3. Once the scanning process is complete, you will receive an output showing the detected operating systems and the scan summary.
4. To view the detailed reports of your scan, use the following command:

vuls tui

This command will display a terminal-based user interface with columns representing the list of target servers, detected CVEs, details of the CVEs, and the list of affected packages. Use the TAB button to switch between columns.

5. Press Ctrl+C to exit the vuls viewer.

You have now successfully scanned your local machine using Vuls. The scan results provide valuable insights into any vulnerabilities present in your system.

Scanning a Remote Server with Vuls

Apart from scanning the local machine, Vuls also allows you to scan remote servers via SSH. In this section, we will guide you through the process of scanning a remote server. Follow the steps below:

1. Ensure that the target remote server has the necessary dependencies installed. In this example, we will install ‘debian-goodies’ and ‘reboot-notifier’ on the target Debian server. Run the following command on the target server:

sudo apt install debian-goodies reboot-notifier

2. Retrieve additional CVE databases for your specific system. In this example, we will add the Debian 11 distribution’s OVAL content to the existing ‘oval.sqlite3’ database. On the Vuls server, run the following command:

goval-dictionary fetch debian11 --dbpath /usr/share/vuls-data/oval.sqlite3

3. Open the Vuls config file ‘/usr/share/vuls-data/config.toml’ and add the following lines at the bottom:

[servers.debian-server]
host = "192.168.5.75"
port = "22"
user = "debian"
keyPath = "~/.ssh/id_ed25519"
scanMode = ["fast-root"]

Ensure you replace the values with the appropriate details for your remote server.

4. Save and close the file.
5. Verify the configuration file by running the following command:

vuls configtest

6. Start scanning the target server by running the following command:

vuls scan debian-server

7. Once the scanning process is complete, you can view the results using the ‘vuls tui’ command as explained in the previous section.

You have now successfully scanned a remote server using Vuls. The scan results provide valuable insights into any vulnerabilities present in the target system.

Integrating VulsRepo as a Web Dashboard for Vuls

To enhance the usability of Vuls, you can integrate it with VulsRepo, a web application that allows you to view and showcase Vuls scan results via a web browser. In this section, we will guide you through the process of integrating VulsRepo with Vuls. Follow the steps below:

1. Move to the Vuls data directory ‘/usr/share/vuls-data/’ and generate Vuls reports in JSON format by running the following command:

vuls report-format-json

2. Move to the ‘/opt’ directory and clone the VulsRepo source code from the GitHub repository:

cd /opt
git clone https://github.com/ishiDACo/vulsrepo.git

3. Change the working directory to ‘/opt/vulsrepo/server/’:

cd /opt/vulsrepo/server/

4. Copy the default configuration file and open it using the nano editor:

cp vulsrepo-config.toml.sample vulsrepo-config.toml
nano vulsrepo-config.toml

5. Update the configuration file with the following lines:

[Server]
rootPath = "/opt/vulsrepo"
resultsPath  = "/usr/share/vuls-data/results"
serverPort  = "5111"
serverIP = "192.168.5.20"

Ensure you replace the values with the appropriate details for your server.

6. Save and close the file.
7. Execute the VulsRepo binary file by running the following command:

./vulsrepo-server

8. Open your web browser and visit the server IP address followed by port 5111 (e.g., http://192.168.5.20:5111/). You should now see the VulsRepo web application page.
9. On the left-side menu, you will find a list of available scan results in JSON format. Select the desired scan result and click ‘Submit’ to view it.

By integrating VulsRepo with Vuls, you can now easily view and showcase your Vuls scan results via a web browser.

Conclusion

In this article, we have provided a comprehensive guide on how to install and use the Vuls vulnerability scanner on an Ubuntu 22.04 server. We covered the installation process, configuration of Vuls, building Vuls databases, scanning the local and remote machines, and integrating VulsRepo as a web dashboard for Vuls.

By implementing Vuls, you can ensure the security of your systems by identifying vulnerabilities and taking appropriate measures to mitigate them. With VulsRepo, you can conveniently view and showcase your scan results in a user-friendly web interface.

For reliable and scalable cloud hosting solutions, consider Shape.host’s Linux SSD VPS services. Shape.host provides efficient and secure hosting solutions, empowering businesses with cutting-edge technology and top-notch support. Visit Shape.host to learn more about their services.