Vulners Cloud Agents for Vulnerability Management

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it’s not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable.

IP Summary

You can try it for free. Let’s see how to do it. For example we have a CentOS 7 server and we want to see vulnerabilities of this host in Vulners.

We go to the server.

ssh vmuser@192.168.56.102

$ uname -a
Linux localhost.localdomain 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Vulners repostory

First of all, we need to add repository with agent:

$ su -
# echo -e "[vulners]\nname=Vulners Agent\nbaseurl=https://repo.vulners.com/redhat/el7/\nenabled=1\ngpgcheck=0" > /etc/yum.repos.d/vulners.repo

So, the vulners.repo file will look like this:

# cat /etc/yum.repos.d/vulners.repo
[vulners]
name=Vulners Agent
baseurl=https://repo.vulners.com/redhat/el7/
enabled=1
gpgcheck=0

Vulners agent

Installation process is trivial. One yum command:

# yum install vulners-agent.noarch
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
vulners | 2.9 kB 00:00
(1/5): base/7/x86_64/group_gz | 155 kB 00:00
(2/5): vulners/7/primary_db | 1.8 kB 00:00
[...]
Resolving Dependencies
--> Running transaction check
---> Package vulners-agent.noarch 0:0.1.21-el7 will be installed
--> Finished Dependency
[...]
Installing:
vulners-agent noarch 0.1.21-el7 vulners 11 k
[...]
Total download size: 11 k
Installed size: 16 k
[...]
Installing : vulners-agent-0.1.21-el7.noarch 1/1
Verifying : vulners-agent-0.1.21-el7.noarch 1/1

Installed:
vulners-agent.noarch 0:0.1.21-el7

Complete!

Look how tiny agent is! Just a few kilobytes!

Getting an API key

Agent will send some information from the host to Vulners.com site. But how will Vulners decide whose host is it? It will be possible because of API key that you can generate an vulners.com web-site.

  1. Login at vulners.com
  2. Go to https://vulners.com/userinfo -> API KEYS
  3. Choose Scope “scan” and press “Generate new key”

You will get key like “HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EMMIQUSS”

Configuring the agent

Now when you have a key, you can add it to the config at /opt/vulners/conf/vulners.conf:

# cat /opt/vulners/conf/vulners.conf | sed 's/api_key =.*/api_key = HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EMMIQUSS/' > /tmp/vulners.conf; cp /tmp/vulners.conf /opt/vulners/conf/vulners.conf

The file should look like this:

# cat /opt/vulners/conf/vulners.conf
[main]
debug = false

[agent]
api_host =
ipaddr =
fqdn =
agent_id =
api_key = HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EMMIQUSS

Running the agent

Durring the installation this cron task will be created for regular scanning every 2 hours:

# cat /etc/cron.d/vulners_cron
#perform agent activity every 2 hours
0 */2 * * * nobody /opt/vulners/agent.py

But of course you can run it manually anytime with /opt/vulners/agent.py

Note, that it is pure python and you can figure out how it works and see what system information will be collected.

If you run this script it won’t make any output, but you can see it in /opt/vulners/logs/vulners.log

For example, execution of bash commands:

2017-06-20 19:14:41,122 DEBUG Executing ssh command - 'cat /etc/os-release'
2017-06-20 19:14:41,123 DEBUG Full ssh command - 'echo cbee7080; cat /etc/os-release; echo a2e63014 || echo 098a2231'
2017-06-20 19:14:41,125 DEBUG SSH Command result - 'cbee7080
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"


CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

a2e63014
'

Or this API request with information need for vulnerability assessment and and  responce with founded vulnerabilities:

2017-06-20 19:14:42,730 DEBUG {"agentId": "SEG1JBGFKVL6QQ1K2KSK3DCWE84LK3BAJJODU2CGKWNUGHWWYJS3U7OF3EKAOZ12", "apiKey": "HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EMMIQUSS", "os": "centos", "version": "7", "package": ["NetworkManager-team-1.4.0-12.el7.x86_64", "centos-release-7-3.1611.el7.centos.x86_64", "NetworkManager-wifi-1.4.0-12.el7.x86_64", [...] "rsyslog-7.4.7-16.el7.x86_64", "iprutils-2.4.13.1-1.el7.x86_64kernel-tools-3.10.0-514.el7.x86_64", "kernel-tools-libs-3.10.0-514.el7.x86_64", "kernel-3.10.0-514.el7.x86_64"]}
2017-06-20 19:14:43,079 DEBUG {"id": ["CESA-2016:2972", "CESA-2017:1308", "CESA-2016:2702", "CESA-2017:0294", "CESA-2016:2615", "CESA-2017:0286", "CESA-2017:1481", "CESA-2017:1382", "CESA-2017:1095", "CESA-2016:2824", "CESA-2017:0933", "CESA-2017:0386", "CESA-2016:2674", "CESA-2016:2779", "CESA-2017:0907", "CESA-2017:0086", "CESA-2017:1365", "CESA-2017:0276", "CESA-2017:1100", "CESA-2017:0062", "CESA-2016:2872"]}

During the first agent launch it will register automatically at vulners.com and will add unique agent_id in the config file, as well as fqdn of the host.

# cat /opt/vulners/conf/vulners.conf
[main]
debug = false


[agent]
api_host =
ipaddr =
fqdn = localhost.localdomain
agent_id = SEG1JBGFKVL6QQ1K2KSK3DCWE84LK3BAJJODU2CGKWNUGHWWYJS3U7OF3EKAOZ7I
api_key = HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EMMIQUUI

Dashboards at Vulners.com

Now you can go https://vulners.com/audit and see the results:

IP Summary tab with vulnerabilities of assets:

IP Summary

If you click on asset Vulns List will be opened with all vulnerabilities of the host:

Vulns List

Vulns Summary tab with all vulnerabilities:

Vulns Summary

You can filter assets and vulnerabilities using special filters in the left part of screen:

Vulners Filters

If you click on the vulnerability, you will see description:

Vulnerability decription

And finally the list of all scans:

Scan List

As you can see, the GUI is already quite powerful and will get even better. And if you do not want to store vulnerability scan results in a cloud solution, you can also try Vulners on-premise. If you are interested, please write to isox@vulners.com 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.