Merge branch 'master' of /~https://github.com/future-architect/vuls

* 'master' of /~https://github.com/future-architect/vuls: Fix yum to yum --color=never #36 Update README
future-architect · Apr 21, 2016 · d7e1566 · d7e1566
2 parents c3604aa + 5e037b1
commit d7e1566
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/docker/README.md b/docker/README.md
@@ -1,2 +1,7 @@
-# Must do
-* Edit your config.toml to match your infrastructure
+# Before building the docker
+
+Since it's not on docker hub because blablabla, you have to :
+* Edit your [config.toml](/~https://github.com/future-architect/vuls#step6-config) to match your infrastructure
+* generate a keypair dedicated to this docker : ```ssh-keygen -t rsa -b 4096 -C "your_email@example.com"```
+  * it's **highly** recommanded to use a restrained `authorized_keys` files with this key to be sure that it will be only usable from a single IP (after all it's a root executed software) : ```from="1.2.3.4,1.2.3.5" ssh-rsa [...] your_email@example.com```
+* Deploy your ssh key on the targetted machines
diff --git a/scan/redhat.go b/scan/redhat.go
@@ -287,7 +287,7 @@ func (o *redhat) scanUnsecurePackages() ([]CvePacksInfo, error) {
 //TODO return whether already expired.
 func (o *redhat) scanUnsecurePackagesUsingYumCheckUpdate() (CvePacksList, error) {
 
-	cmd := "yum check-update"
+	cmd := "yum --color=never check-update"
 	r := o.ssh(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess(0, 100) {
 		//returns an exit code of 100 if there are available updates.
@@ -467,6 +467,8 @@ func (o *redhat) getChangelog(packageNames string) (stdout string, err error) {
 	if 0 < len(config.Conf.HTTPProxy) {
 		command += util.ProxyEnv()
 	}
+
+	// yum update --changelog doesn't have --color option.
 	command += fmt.Sprintf(" yum update --changelog %s | grep CVE", packageNames)
 
 	r := o.ssh(command, sudo)
@@ -493,7 +495,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 			"yum updateinfo is not suppported on CentOS")
 	}
 
-	cmd := "yum repolist"
+	cmd := "yum --color=never repolist"
 	r := o.ssh(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
 		return nil, fmt.Errorf(
@@ -502,7 +504,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 	}
 
 	// get advisoryID(RHSA, ALAS) - package name,version
-	cmd = "yum updateinfo list available --security"
+	cmd = "yum --color=never updateinfo list available --security"
 	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
 		return nil, fmt.Errorf(
@@ -513,7 +515,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 
 	// get package name, version, rel to be upgrade.
 	//  cmd = "yum check-update --security"
-	cmd = "yum check-update"
+	cmd = "yum --color=never check-update"
 	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess(0, 100) {
 		//returns an exit code of 100 if there are available updates.
@@ -543,7 +545,7 @@ func (o *redhat) scanUnsecurePackagesUsingYumPluginSecurity() (CvePacksList, err
 	}
 
 	// get advisoryID(RHSA, ALAS) - CVE IDs
-	cmd = "yum updateinfo --security update"
+	cmd = "yum --color=never updateinfo --security update"
 	r = o.ssh(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
 		return nil, fmt.Errorf(