vuls_autoscan_for_zabbix can work together the contents Vuls detects to zabbix.
vuls_autoscan_for_zabbix is performed as follows.
- create_config.sh
- Automatically generate config.toml from Zabbix
- vuls_autoscan_for_zabbix.sh
- Vulnerability information (NVD / JVN / OVAL) update
- Vuls scan & report
- Result cooperation to Zabbix (The number of detected CVEID and the maximum value of the score of NVD are sent to zabbix.)
- Rotation of Vuls JSON file
Put shell script to "Home Folder" on Vuls. And set the execution authority.
$ cd /opt/vuls
$ wget https://github.com/usiusi360/vuls_autoscan_for_zabbix/raw/master/create_config.sh
$ wget https://github.com/usiusi360/vuls_autoscan_for_zabbix/raw/master/vuls_autoscan_for_zabbix.sh
$ chmod 700 create_config.sh vuls_autoscan_for_zabbix.sh
Change the address, ID, and password of the Zabbix server in the script according to the environment.
$ vi create_config.sh
---------
ZABBIX_SERVER="localhost"
ZABBIX_USER="Admin"
ZABBIX_PASS="hogehoge"
$ vi vuls_autoscan_for_zabbix.sh
---------
ZABBIX_SERVER="localhost"
If you jq and zabbix-sender is not installed, you must install.
$ yum install jq zabbix-sender
Create a master file.
$ cd /opt/vuls
$ vi config.toml.master
[default]
port = "22"
user = "username"
keyPath = "/home/username/.ssh/id_rsa"
Running create_config.sh will generate config.toml.
$ ./create_config.sh
$ cat config.toml
[default]
port = "22"
user = "username"
keyPath = "/home/username/.ssh/id_rsa"
[servers]
[servers.web001]
host = "192.168.0.1"
[servers.app001]
host = "192.168.0.2"
~~~~
Download the "Template_Vuls.xml" and imported into the Zabbix.
Link to the scanned host of Vuls.
Requirements Zabbix >= 3.0.
0 13 * * * vuls-user bash -l /opt/vuls/vuls_autoscan_for_zabbix.sh > /tmp/vuls.log 2>&1
To update oval's data, uncomment it
## update oval ##
#update_oval redhat "5 6 7"
#update_oval debian "7 8 9 10"
#update_oval ubuntu "12 14 16"
#update_oval oracle
To rotate files, uncomment out
## rotate ##
#rotate
Jq in EPEL is old (ver1.3).
Ex) Jq '[.KnownCves []?
Because "?" Can not be used, an error occurs. You need to download and replace the ver1.5 binary at https://stedolan.github.io/jq/download/