Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"user" keyword not working in config.toml #1455

Open
barszpaw opened this issue May 2, 2022 · 2 comments
Open

"user" keyword not working in config.toml #1455

barszpaw opened this issue May 2, 2022 · 2 comments
Assignees
@MaineK00n
Labels
bug

Comments

@barszpaw
Copy link

barszpaw commented May 2, 2022
edited
Loading

What did you do?

scan remote host by ssh using username specified in config.toml

[default]
port               = "22"
user               = "scanuser"
keyPath            = "/home/vuls/.ssh/id_rsa"
scanMode           = ["deep"]
scanModules        = ["ospkg"]
sshConfigPath      = "/home/vuls/.ssh/config"

[servers]

[servers.my-server]
host               = "my-server"

What did you expect to happen?

scan via ssh with username scanuser those differ from current linux user vuls

What happened instead?

Command vuls scan use $USER env as user for ssh login

  • Current Output
vuls@vuls:~$ vuls scan -debug
[May  3 01:25:46]  INFO [localhost] vuls-v0.19.7-build-20220502_215403_91ed318
[May  3 01:25:46]  INFO [localhost] Start scanning
[May  3 01:25:46]  INFO [localhost] config: /home/vuls/config.toml
[May  3 01:25:46] DEBUG [localhost] map[string]config.ServerInfo{
  "my-server": config.ServerInfo{
    ServerName:    "my-server",
    User:          "scanuser",
    Host:          "my-server",
    JumpServer:    []string{},
    Port:          "22",
    SSHConfigPath: "/home/vuls/.ssh/config",
    KeyPath:       "/home/vuls/.ssh/id_rsa",
    CpeNames:      []string{},
    ScanMode:      []string{
      "deep",
    },
    ScanModules: []string{
      "ospkg",
    },
    OwaspDCXMLPath:     "",
    ContainersOnly:     false,
    ContainersIncluded: []string{},
    ContainersExcluded: []string{},
    ContainerType:      "",
    Containers:         map[string]config.ContainerSetting{},
    IgnoreCves:         []string{},
    IgnorePkgsRegexp:   []string{},
    GitHubRepos:        map[string]config.GitHubConf{},
    UUIDs:              map[string]string{},
    Memo:               "",
    Enablerepo:         []string{},
    Optional:           map[string]interface {}{},
    Lockfiles:          []string{},
    FindLock:           false,
    Type:               "",
    IgnoredJSONKeys:    []string{},
    WordPress:          &config.WordPressConf{
      OSUser:  "",
      DocRoot: "",
      CmdPath: "",
    },
    PortScan: &config.PortScanConf{
      IsUseExternalScanner: false,
      ScannerBinPath:       "",
      HasPrivileged:        false,
      ScanTechniques:       []string{},
      SourcePort:           "",
    },
    IPv4Addrs:       []string{},
    IPv6Addrs:       []string{},
    IPSIdentifiers:  map[string]string{},
    LogMsgAnsiColor: "\x1b[32m",
    Container:       config.Container{
      ContainerID: "",
      Name:        "",
      Image:       "",
    },
    Distro: config.Distro{
      Family:  "",
      Release: "",
    },
    Mode: config.ScanMode{
      flag: 0x04,
    },
    Module: config.ScanModule{
      flag: 0x01,
    },
  },
}
[May  3 01:25:46]  INFO [localhost] Validating config...
[May  3 01:25:46]  INFO [localhost] Detecting Server/Container OS... 
[May  3 01:25:46]  INFO [localhost] Detecting OS of servers... 
[May  3 01:25:46] DEBUG [localhost] Validating SSH Settings for Server:my-server ...
[May  3 01:25:46] DEBUG [localhost] Executing... /usr/bin/ssh -G -F /home/vuls/.ssh/config -p 22 -l scanuser my-server
[May  3 01:25:46] DEBUG [localhost] Setting SSH User:scanuser for Server:my-server ...
[May  3 01:25:46] DEBUG [localhost] Setting SSH Port:22 for Server:my-server ...
[May  3 01:25:46] DEBUG [localhost] Executing... ls /etc/debian_version
vuls@my-server's password: [May  3 01:25:50] DEBUG [localhost] Executing... ls /etc/debian_version
vuls@my-server's password:

Steps to reproduce the behaviour

use as config.toml these content:

[default]
port               = "22"
user               = "scanuser"
keyPath            = "/home/vuls/.ssh/id_rsa"
scanMode           = ["deep"]
scanModules        = ["ospkg"]
sshConfigPath      = "/home/vuls/.ssh/config"

[servers]

[servers.my-server]
host               = "my-server"

and as 'vuls' username try scan remote host with username "scanuser" ( remote username should exists on remote host )

Configuration

  • Go version (go version):
    go version go1.18.1 linux/amd64

  • Go environment (go env):

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/vuls/.cache/go-build"
GOENV="/home/vuls/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/vuls/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/vuls/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1279271044=/tmp/go-build -gno-record-gcc-switches"

To check the commit hash of HEAD
$ vuls -v
vuls-v0.19.7-build-20220502_215403_91ed318

  • config.toml:
[default]
port               = "22"
user               = "scanuser"
keyPath            = "/home/vuls/.ssh/id_rsa"
scanMode           = ["deep"]
scanModules        = ["ospkg"]
sshConfigPath      = "/home/vuls/.ssh/config"

[servers]

[servers.my-server]
host               = "my-server"
  • command:
    vuls scan
@barszpaw barszpaw added the bug label May 2, 2022
@MaineK00n
Copy link
Collaborator

MaineK00n commented May 9, 2022
edited
Loading

@barszpaw

In my environment, if $USER and user in config.toml are different, the user in config.toml is used and your bug is not reproduced.

Here are the config.toml and .ssh/config files I tried.

  • config.toml
[default]
port               = "2222"
user               = "root"
sshConfigPath	   = "/home/mainek00n/.ssh/config"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/.ssh/id_rsa"
scanMode           = ["fast"]
scanModules        = ["ospkg"]

[servers]

[servers.vuls-target]
host                = "vuls-target"
  • /home/mainek00n/.ssh/config
Host vuls-target
    HostName 127.0.0.1

Run scan with the debug option.

$ echo $USER
mainek00n

$ vuls scan -debug
[May  9 16:18:20]  INFO [localhost] vuls-v0.19.7-build-20220509_161107_2158fc6c
[May  9 16:18:20]  INFO [localhost] Start scanning
[May  9 16:18:20]  INFO [localhost] config: ./config.toml
[May  9 16:18:20] DEBUG [localhost] map[string]config.ServerInfo{
  "vuls-target": config.ServerInfo{
    ServerName:    "vuls-target",
    User:          "root",
    Host:          "vuls-target",
    JumpServer:    []string{},
    Port:          "2222",
    SSHConfigPath: "/home/mainek00n/.ssh/config",
    KeyPath:       "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/.ssh/id_rsa",
    CpeNames:      []string{},
    ScanMode:      []string{
      "fast",
    },
    ScanModules: []string{
      "ospkg",
    },
    OwaspDCXMLPath:     "",
    ContainersOnly:     false,
    ContainersIncluded: []string{},
    ContainersExcluded: []string{},
    ContainerType:      "",
    Containers:         map[string]config.ContainerSetting{},
    IgnoreCves:         []string{},
    IgnorePkgsRegexp:   []string{},
    GitHubRepos:        map[string]config.GitHubConf{},
    UUIDs:              map[string]string{},
    Memo:               "",
    Enablerepo:         []string{},
    Optional:           map[string]interface {}{},
    Lockfiles:          []string{},
    FindLock:           false,
    Type:               "",
    IgnoredJSONKeys:    []string{},
    WordPress:          &config.WordPressConf{
      OSUser:  "",
      DocRoot: "",
      CmdPath: "",
    },
    PortScan: &config.PortScanConf{
      IsUseExternalScanner: false,
      ScannerBinPath:       "",
      HasPrivileged:        false,
      ScanTechniques:       []string{},
      SourcePort:           "",
    },
    IPv4Addrs:       []string{},
    IPv6Addrs:       []string{},
    IPSIdentifiers:  map[string]string{},
    LogMsgAnsiColor: "\x1b[32m",
    Container:       config.Container{
      ContainerID: "",
      Name:        "",
      Image:       "",
    },
    Distro: config.Distro{
      Family:  "",
      Release: "",
    },
    Mode: config.ScanMode{
      flag: 0x01,
    },
    Module: config.ScanModule{
      flag: 0x01,
    },
  },
}
[May  9 16:18:20]  INFO [localhost] Validating config...
[May  9 16:18:20]  INFO [localhost] Detecting Server/Container OS... 
[May  9 16:18:20]  INFO [localhost] Detecting OS of servers... 
[May  9 16:18:20] DEBUG [localhost] Validating SSH Settings for Server:vuls-target ...
[May  9 16:18:20] DEBUG [localhost] Executing... /usr/bin/ssh -G -F /home/mainek00n/.ssh/config -p 2222 -l root vuls-target
[May  9 16:18:20] DEBUG [localhost] Setting SSH User:root for Server:vuls-target ...
[May  9 16:18:20] DEBUG [localhost] Setting SSH Port:2222 for Server:vuls-target ...
[May  9 16:18:20] DEBUG [localhost] Checking if the host's public key is in known_hosts...
[May  9 16:18:20] DEBUG [localhost] Executing... /usr/bin/ssh-keygen -F "[127.0.0.1]:2222" -f ~/.ssh/known_hosts
[May  9 16:18:20] DEBUG [localhost] Executing... ls /etc/debian_version
[May  9 16:18:21] DEBUG [localhost] execResult: servername: vuls-target
  cmd: /usr/bin/ssh -tt -F /home/mainek00n/.ssh/config -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/.ssh/id_rsa -o PasswordAuthentication=no vuls-target stty cols 1000; ls /etc/debian_version
  exitstatus: 0
  stdout: /etc/debian_version

  stderr: Connection to 127.0.0.1 closed.

  err: %!s(<nil>)

...

Scan Summary
================
vuls-target	ubuntu22.04	321 installed





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

@MaineK00n MaineK00n self-assigned this May 9, 2022
@MaineK00n
Copy link
Collaborator

MaineK00n commented May 9, 2022
edited
Loading

@barszpaw

Show the Scan log with the vvv option.

$ vuls scan -debug -vvv

Or check if SSH can connect without password.

$ /usr/bin/ssh -F /home/vuls/.ssh/config -p 22 -l scanuser -i /home/vuls/.ssh/id_rsa -o PasswordAuthentication=no -vvv my-server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaineK00n MaineK00n

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barszpaw @MaineK00n