Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apt-get dist-upgrade --dry-run without sudo #629

Closed
gavD opened this issue Apr 9, 2018 · 2 comments
Closed

apt-get dist-upgrade --dry-run without sudo #629

gavD opened this issue Apr 9, 2018 · 2 comments

Comments

@gavD
Copy link

gavD commented Apr 9, 2018
edited
Loading

Environment

Vuls

v0.4.2 ce56261

OS

Go

go version go1.9.4 linux/amd64

Current Output

[Apr  9 16:01:50]  INFO [myserver] apt-get update...
[Apr  9 16:01:54] ERROR [myserver] Failed to scan installed packages: Failed to LANGUAGE=en_US.UTF-8 apt-get dist-upgrade --dry-run. status: 100, stdout: E: Opening configuration file /etc/apt/apt.conf.d/02proxy - ifstream::ifstream (13: Permission denied)
, stderr:
[Apr  9 16:01:54] ERROR [localhost] Error: myserver, err: [Failed to LANGUAGE=en_US.UTF-8 apt-get dist-upgrade --dry-run. status: 100, stdout: E: Opening configuration file /etc/apt/apt.conf.d/02proxy - ifstream::ifstream (13: Permission denied)
, stderr: ]

Additional Details

Expected Behavior

It uses sudo to run apt-get dist-upgrade --dry-run

Actual Behavior

It does not seem to use sudo to run apt-get dist-upgrade --dry-run

Steps to reproduce the behaviour

Vuls runs just fine against localhost, but against my remote hosts, it always tries to run apt-get dist-upgrade --dry-run without sudo, which fails
@gavD gavD changed the title apt-get dis-upgrade --dry-run without sudo apt-get dist-upgrade --dry-run without sudo Apr 9, 2018
@gavD
Copy link
Author

gavD commented Apr 9, 2018

This patch fixed it for me. It may be because my Ubuntu node is hardened using the CIS hardening playbook (amongst other things), similar to https://github.com/oguya/cis-ubuntu-14-ansible, and therefore sudo may be necessary for me and not for others.

diff --git a/scan/debian.go b/scan/debian.go
index 528b7d3..1071d69 100644
--- a/scan/debian.go
+++ b/scan/debian.go
@@ -443,7 +443,7 @@ func (o *debian) fillCandidateVersion(updatables models.Packages) (err error) {
                names = append(names, name)
        }
        cmd := fmt.Sprintf("LANGUAGE=en_US.UTF-8 apt-cache policy %s", strings.Join(names, " "))
-       r := o.exec(cmd, noSudo)
+       r := o.exec(cmd, sudo)
        if !r.isSuccess() {
                return fmt.Errorf("Failed to SSH: %s", r)
        }
@@ -465,7 +465,7 @@ func (o *debian) fillCandidateVersion(updatables models.Packages) (err error) {

 func (o *debian) getUpdatablePackNames() (packNames []string, err error) {
        cmd := util.PrependProxyEnv("LANGUAGE=en_US.UTF-8 apt-get dist-upgrade --dry-run")
-       r := o.exec(cmd, noSudo)
+       r := o.exec(cmd, sudo)
        if r.isSuccess(0, 1) {
                return o.parseAptGetUpgrade(r.Stdout)
        }
(END)

@kotakanbe
Copy link
Member

@gavD Thanks for telling

Does anyone have the same problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gavD @kotakanbe