Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check whether echo is executable with nopasswd #298

Merged
merged 1 commit into from
Jan 23, 2017
Merged

Check whether echo is executable with nopasswd #298

merged 1 commit into from
Jan 23, 2017

Conversation

knqyf263
Copy link
Contributor

OS : CentOS 6.8
Even if I forget to write /bin/echo in sudoers file, vuls configtest will succeed.
However, vuls scan will fail because echo N is used in getAllChangelog.

$ sudo cat /etc/sudoers | grep vuls
vuls ALL=(root) NOPASSWD: /usr/bin/yum
$ vuls configtest
[Jan 22 23:18:05]  INFO [localhost] Validating Config...
[Jan 22 23:18:05]  INFO [localhost] Detecting Server/Contianer OS...
[Jan 22 23:18:05]  INFO [localhost] Detecting OS of servers...
[Jan 22 23:18:06]  INFO [localhost] (1/1) Detected: vagrant: centos 6.8
[Jan 22 23:18:06]  INFO [localhost] Detecting OS of containers...
[Jan 22 23:18:06]  INFO [localhost] Checking sudo configuration...
[Jan 22 23:18:06]  INFO [vagrant] sudo ... OK
[Jan 22 23:18:06]  INFO [localhost] SSH-able servers are below...
vagrant
$ vuls scan
INFO[0000] Start scanning
INFO[0000] config: /vuls/config.toml
[Jan 21 23:21:46]  INFO [localhost] Validating Config...
[Jan 21 23:21:46]  INFO [localhost] Detecting Server/Contianer OS...
[Jan 21 23:21:46]  INFO [localhost] Detecting OS of servers...
[Jan 21 23:21:48]  INFO [localhost] (1/1) Detected: vagrant: centos 6.8
[Jan 21 23:21:48]  INFO [localhost] Detecting OS of containers...
[Jan 21 23:21:48]  INFO [localhost] Checking sudo configuration...
[Jan 21 23:21:48]  INFO [vagrant] sudo ... OK
[Jan 21 23:21:48]  INFO [localhost] Detecting Platforms...
[Jan 21 23:22:00]  INFO [localhost] (1/1) vagrant is running on other
[Jan 21 23:22:00]  INFO [localhost] Scanning vulnerabilities...
[Jan 21 23:22:00]  INFO [localhost] Check required packages for scanning...
[Jan 21 23:22:01]  INFO [localhost] Scanning vulnerable OS packages...
[Jan 22 01:02:01] ERROR [localhost] Failed to scan. err: Timed out: [vagrant]

To prevent this problem, I check whether echo is executable with nopasswd in checkIfSudoNoPasswd().
If I forget to write /bin/echo in sudoers file, vuls configtest will fail.

$ vuls configtest
[Jan 22 23:32:59]  INFO [localhost] Validating Config...
[Jan 22 23:32:59]  INFO [localhost] Detecting Server/Contianer OS...
[Jan 22 23:32:59]  INFO [localhost] Detecting OS of servers...
[Jan 22 23:33:00]  INFO [localhost] (1/1) Detected: vagrant: centos 6.8
[Jan 22 23:33:00]  INFO [localhost] Detecting OS of containers...
[Jan 22 23:33:00]  INFO [localhost] Checking sudo configuration...
[Jan 22 23:33:15] ERROR [localhost] Failed to sudo with nopassword via SSH. Define NOPASSWD in /etc/sudoers on target servers. err: [Timed out: [vagrant]]

Thanks!

@kotakanbe kotakanbe merged commit d60a411 into future-architect:master Jan 23, 2017
@kotakanbe
Copy link
Member

Many Thanks.

@knqyf263 knqyf263 deleted the check_echo branch January 23, 2017 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@knqyf263 @kotakanbe