本站之前写过两篇关于漏洞扫描的系列文章,分别如下:
实战利用trivy对Linux系统进行漏洞扫描
实战用vuls漏洞扫描器对Linux系统和Python项目进行扫描和审计
首先vuls呢,在trivy那边博客中说了,从centos换到Ubuntu后就失效了,再就是trivy,我发现会太过于敏感,会扫出太多的Ubuntu官方都没有报的漏洞,所以我们今天来介绍一下Ubuntu官方推荐的基于OVAL的漏洞扫描。
首先,安装一下依赖:
sudo apt -y install libopenscap8 bzip2然后准备一下扫描脚本,我们在这命名为OpenSCAP_scan.sh:
rm -rfv com.ubuntu.$(lsb_release -cs).usn.oval.xml
wget https://security-metadata.canonical.com/oval/com.ubuntu.$(lsb_release -cs).usn.oval.xml.bz2
bunzip2 com.ubuntu.$(lsb_release -cs).usn.oval.xml.bz2
oscap oval eval --report report.html com.ubuntu.$(lsb_release -cs).usn.oval.xml紧接着就是我们的主角,Python脚本了,如下:
# coding=utf-8
import subprocess
from bs4 import BeautifulSoup
import smtplib
from email.mime.text import MIMEText
import time
def mail_send(subject, mail_body):
HOST = 'smtp.qq.com'
PORT = 587
SENDER='[email protected]'
RECEIVER='[email protected]'
PWD='xxxxx'
try:
host = HOST
port = PORT
msg = MIMEText(mail_body, 'plain', 'utf-8')
msg['Subject'] = subject
msg['From'] = SENDER
msg['To'] = RECEIVER
s = smtplib.SMTP(host, port)
s.debuglevel = 0
s.login(SENDER, PWD)
s.sendmail(SENDER, RECEIVER, msg.as_string())
print('成功发送了一封邮件!')
s.quit()
except smtplib.SMTPException as e:
print(str(e))
exit(1)
subprocess.check_call("bash OpenSCAP_scan.sh", shell=True)
current_date= time.strftime("%Y-%m-%d", time.localtime())
subject = current_date + " 漏洞扫描报告"
vuls_list = []
with open("report.html") as f:
data = BeautifulSoup(f.read(), 'html5lib')
all_tr = data.find_all('tr')
for tr in all_tr:
all_td = tr.find_all('td')
# print(all_td)
if len(all_td) == 5:
id = all_td[0].get_text()
result = all_td[1].get_text()
ref_id = all_td[3].get_text()
title = all_td[4].get_text()
# print(title)
if result == 'true' and id != 'oval:com.ubuntu.jammy:def:100':
vuls_list.append("Title: " + title + '\n' + "Reference ID: " + ref_id)
if not vuls_list:
mail_send(subject=subject, mail_body="本次扫描暂无漏洞!")
else:
mail_send(subject=subject, mail_body='\n'.join(vuls_list))上述准备好后,赶紧去配置一下你的cron定时任务吧,爱你们~😘