Vuls will be integrated with Blueprint Validation Framework (Bluval User Guide)
Below are the list of tasks for integration.
Install Vuls containers (https://vuls.io/docs/en/install-with-docker.html). Vuls containers can be found at: https://hub.docker.com/u/vuls/
Detailed instruction can be found at https://vuls.io/docs/en/tutorial-docker.html
cd /path/to/working/dir
mkdir go-cve-dictionary-log goval-dictionary-log gost-log
for i in `seq 2002 $(date +"%Y")`; do \ docker run --rm -it \ -v $PWD:/vuls \ -v $PWD/go-cve-dictionary-log:/var/log/vuls \ vuls/go-cve-dictionary fetchnvd -years $i; \ done
docker run --rm -it \ -v $PWD:/vuls \ -v $PWD/goval-dictionary-log:/var/log/vuls \ vuls/goval-dictionary fetch-redhat 5 6 7
docker run --rm -i \ -v $PWD:/vuls \ -v $PWD/goval-log:/var/log/gost \ vuls/gost fetch redhat
[servers]
[servers.c74]
host = "54.249.93.16"
port = "22"
user = "vuls-user"
keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker
All High and Medium vulnerabilities detected by Vuls must be patched/fixed. After patches/fixes are applied Vuls must be run again to verify that the vulnerability is no longer detected.
Exceptions for vulnerabilities must be sent to the security sub-committee.
Lynis requires to run on SUT (System Under Test). The overall test framework will the similar to that of Vuls. As to the Lynis installation, there are two options:
Considering the complexity of installing application on target system, it is recommended that option 1 is to be used.
For more information about Lynis, please check the link below:
https://cisofy.com/documentation/lynis/get-started/
yum install lynis
lynis audit system
After running, detailed test logs are stored in /var/log/lynis.log, information for each test includes:
In addition to log file, Lynis also creates a report and stores it in /var/log/lynis-report.dat. The report file contains the following information:
The following list of tests MUST complete as passing as described below.
In the lynis.log outputfile each test suite has one or more individual tests. The beginning and ending of a test suite is marked with "====". For example, the 'ID BOOT-5122' test suite should display:
020-04-08 15:36:28 ====
2020-04-08 15:36:28 Performing test ID BOOT-5122 (Check for GRUB boot password)
...
2020-04-08 15:36:29 Hardening: assigned maximum number of hardening points for this item (3).
2020-04-08 15:36:29 ===
If any tests in the test suit failed, there would be the following:
2020-04-08 15:36:29 Suggestion: <Description of failed test>
Also, the 'Hardening' line show above would not say 'assigned maximum number of hardening points', instead it would say 'assigned partial number of hardening points'.
Performing test ID BOOT-5122 (Check for GRUB boot password) |
Performing test ID BOOT-5184 (Check permissions for boot files/scripts) |
Test: Checking presence /var/run/reboot-required.pkgs |
Performing test ID AUTH-9228 (Check password file consistency with pwck) |
Performing test ID AUTH-9229 (Check password hashing methods) |
Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs |
Test: Checking PASS_MAX_DAYS option in /etc/login.defs |
Test: collecting accounts which have an expired password (last day changed + maximum change time) |
Performing test ID AUTH-9328 (Default umask values) |
Performing test ID FILE-6368 (Checking ACL support on root file system) |
Performing test ID USB-2000 (Check USB authorizations) |
Performing test ID USB-3000 (Check for presence of USBGuard) |
Performing test ID PKGS-7370 (Checking for debsums utility) |
Performing test ID PKGS-7388 (Check security repository in apt sources.list file) |
Performing test ID SSH-7408 (Check SSH specific defined options) |
Test: Checking AllowTcpForwarding in /tmp/lynis.ZotHQ7RQAj |
Test: Checking ClientAliveCountMax in /tmp/lynis.ZotHQ7RQAj |
Test: Checking ClientAliveInterval in /tmp/lynis.ZotHQ7RQAj |
Test: Checking FingerprintHash in /tmp/lynis.ZotHQ7RQAj |
Test: Checking IgnoreRhosts in /tmp/lynis.ZotHQ7RQAj |
Test: Checking MaxAuthTries in /tmp/lynis.ZotHQ7RQAj |
Test: Checking MaxSessions in /tmp/lynis.ZotHQ7RQAj |
Test: Checking Port in /tmp/lynis.ZotHQ7RQAj |
Test: Checking StrictModes in /tmp/lynis.ZotHQ7RQAj |
Test: Checking TCPKeepAlive in /tmp/lynis.ZotHQ7RQAj |
Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) |
Test: checking for file /etc/network/if-up.d/ntpdate |
Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) |
Test: Check if one or more compilers can be found on the system |
Jira tickets tracking integration with Bluval: