...
- Deploy a Test VM
- Copy the folder ~/.kube from Kubernetes master node to the Test VM
- Create SSH Key to access Kubernetes master node
Vuls
We use Ubuntu 20.04, so we run Vuls test as follow
Steps To Implement Security Scan Requirements#Vuls
Create directory
$ mkdir ~/vuls
$ cd ~/vuls
$ mkdir go-cve-dictionary-log goval-dictionary-log gost-logFetch NVD
$ docker run --rm -it \
-v $PWD:/go-cve-dictionary \
-v $PWD/go-cve-dictionary-log:/var/log/go-cve-dictionary \
vuls/go-cve-dictionary fetch nvdFetch OVAL
$ docker run --rm -it \
-v $PWD:/goval-dictionary \
-v $PWD/goval-dictionary-log:/var/log/goval-dictionary \
vuls/goval-dictionary fetch ubuntu 16 17 18 19 20Fetch gost
$ docker run --rm -i \
-v $PWD:/gost \
-v $PWD/gost-log:/var/log/gost \
vuls/gost fetch ubuntuCreate config.toml
[servers]
[servers.master]
host = "192.168.2.16"
port = "22"
user = "test-user"
keyPath = "/root/.ssh/id_rsa"Start vuls container to run tests
$ docker run --rm -it \
-v ~/.ssh:/root/.ssh:ro \
-v $PWD:/vuls \
-v $PWD/vuls-log:/var/log/vuls \
-v /etc/localtime:/etc/localtime:ro \
-e "TZ=Asia/Tokyo" \
vuls/vuls scan \
-config=./config.tomlGet the report
$ docker run --rm -it \
-v ~/.ssh:/root/.ssh:ro \
-v $PWD:/vuls \
-v $PWD/vuls-log:/var/log/vuls \
-v /etc/localtime:/etc/localtime:ro \
vuls/vuls report \
-format-list \
-config=./config.toml
...