What You Need To Know About Vuls

Vuls is a vulnerability scanner designed using the go language. Another form of Vuls is that was developed to automate the process of installed software optimization on Linux servers that is renowned for security vulnerabilities.

Vuls is also helpful to check if any modifications have been published or not.

Additionally, it also determines the impact of vulnerability along with other information. Virtually, the Vuls is used for vulnerability scanning or system hardening.

Main Features

Vuls runs anywhere, be it is a cloud, docker, on-premise, and major distributions.

For providing a high-quality scan, vuls is used on multiple vulnerability databases OVAL/ELSA/RHSA/ALAS/FREEBSD-SA, etc.

It offers dynamic analysis that possibly acquires server executing the appropriate commands. It informs if scan target the server was updated the kernel or others but never restarts it.

Its remote scan mode helps to set up only one machine which is connected to other scan targeting servers using SSH. But you can use the Vuls in local scan mode if you don’t want the central Vuls server to access to each server using SSH.

Its fast scan mode scans eliminating the root privilege and no internet access in fact without any burden on scan target server. For the more detailed scan, you can go with the deep scan.

Benefits

To understand the benefits of Vuls, you need to go through the issues that have been covered after introducing features of Vuls.

It may be like a burden for a system administrator to maintain security vulnerability analysis and software updates regularly.

In order to avoid the downtime in a production environment, a system administrator will not go to use the automatic update option offered by the package manager to update manually.

This creates the below problems:

A system administrator requires watching out for any latest vulnerability in National Vulnerability Database or similar databases.

For the system administrator, it will be difficult almost impossible to watch out for all the software in case the server has installed a large number of software.

A process of analysis to determine the servers impacted by the latest vulnerabilities may be expensive to perform. It may have a possibility of overlooking a server during analysis exists there.

Now, learn how the Vuls solve all the above-mentioned problems.

Take a look:

It informs the users about the vulnerabilities these are related to the system administrator.

It let the users know about the affected servers.

Vulnerability detection proceeds automatically preventing any oversight.

It generates the report on a regular with the help of CRON or other methods to manage the vulnerability.

How to Configure Vuls Scans

In order to configure the scan, you have to deploy Vuls by running the deployment script that is /var/ossec/wodles/vuls/deploy_vuls.sh you may also need to include the name of the operating system and version of parameters, for example:

#/var/ossec/wodles/vuls/deploy_vuls.sh Ubuntu 16

This will install the dependencies, download the VULS, CVE and OVAL databases as well as work to configure the Vuls.

Before performing the deploy VULS, make sure your system has 2 GB RAM or more, 1 GB Ram for system deploy and 1 GB for SWAP Memory.

For the configuration of vulnerabilities scans, you must add the below block to ossec.conf

<wodle name=”command”>

<tag>Wazuh-VULS</tag>

<command>/usr/bin/python /var/ossec/wodles/vuls/vuls.py</command>

<interval>1d</interval>

<ignore_output>yes</ignore_output>

<run_on_start>yes</run_on_start>

</wodle>

Featured issues

Why don’t we make fund and support Vuls developer community? 🌈

Pentesters, system administrators and security professionals are Vuls targeted users.

This is all about introduction, you can configure it today and access it’s amazing benefits.