Improve setup/docker

README.ja.md

@@ -586,7 +586,13 @@ SSH Configが使えるので、ProxyCommandを使った多段SSHなどが可能
 
 ### Scan all servers defined in config file
 ```
-$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password -cve-dictionary-dbpath=$PWD/cve.sqlite3
+$ vuls scan \
+      --report-slack \ 
+      --report-mail \
+      --cvss-over=7 \
+      -ask-sudo-password \ 
+      -ask-key-password \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3
 ```
 この例では、
 - スキャン対象サーバのsudoパスワードを指定
@@ -598,7 +604,9 @@ $ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-k
 
 ### Scan specific servers
 ```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 server1 server2
+$ vuls scan \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3 \ 
+      server1 server2
 ```
 この例では、
 - SSH公開鍵認証（秘密鍵パスフレーズなし）
@@ -614,7 +622,11 @@ $ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 server1 server2
 - security credentialsを設定 [Configuring the AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)
 
 ```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 -aws-region=ap-northeast-1 -aws-s3-bucket=vuls -aws-profile=default
+$ vuls scan \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3 \ 
+      -aws-region=ap-northeast-1 \
+      -aws-s3-bucket=vuls \
+      -aws-profile=default 
 ```
 この例では、
 - SSH公開鍵認証（秘密鍵パスフレーズなし）

README.md

@@ -592,7 +592,13 @@ At the end of the scan, scan results will be available in the `$PWD/result/curre
 
 ### Scan all servers defined in config file
 ```
-$ vuls scan --report-slack --report-mail --cvss-over=7 -ask-sudo-password -ask-key-password -cve-dictionary-dbpath=$PWD/cve.sqlite3
+$ vuls scan \
+      --report-slack \ 
+      --report-mail \
+      --cvss-over=7 \
+      -ask-sudo-password \ 
+      -ask-key-password \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3
 ```
 With this sample command, it will ..
 - Ask sudo password and ssh key passsword before scanning
@@ -603,7 +609,9 @@ With this sample command, it will ..
 
 ### Scan specific servers
 ```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 server1 server2
+$ vuls scan \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3 \ 
+      server1 server2
 ```
 With this sample command, it will ..
 - Use SSH Key-Based authentication with empty password (without -ask-key-password option)
@@ -618,7 +626,11 @@ To put results in S3 bucket, configure following settings in AWS before scanning
 - Configure the security credentials. see [Configuring the AWS Command Line Interface](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)
 
 ```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3 -aws-region=ap-northeast-1 -aws-s3-bucket=vuls -aws-profile=default
+$ vuls scan \
+      -cve-dictionary-dbpath=$PWD/cve.sqlite3 \ 
+      -aws-region=ap-northeast-1 \
+      -aws-s3-bucket=vuls \
+      -aws-profile=default 
 ```
 With this sample command, it will ..
 - Use SSH Key-Based authentication with empty password (without -ask-key-password option)

setup/docker/README.ja.md

@@ -1,77 +1,94 @@
 # Vuls on Docker
 
-## Index
+## What's Vuls-On-Docker
 
-- テスト環境
-- サーバーセットアップ
-    - Dockerのインストール
-    - Docker Composeのインストール
-- vulsセットアップ
-    - sshキーの配置
-    - tomlの編集
-- Vuls 起動
-- Vuls scan実行
-- ブラウザから動作確認
+- 数個のコマンドを実行するだけでVulsとvulsrepoのセットアップが出来るスクリプト
+- Dockerコンテナ上にVulsと[vulsrepo](https://github.com/usiusi360/vulsrepo)をセットアップ可能
+- スキャン結果をvulsrepoでブラウザで分析可能
+- 脆弱性データベースの更新が可能
+- モジュールのアップデートが可能
 
+## Setting up your machine
+
+1. [Install Docker](https://docs.docker.com/engine/installation/)
+2. [Install Docker-Compose](https://docs.docker.com/compose/install/)
+3. 実行前に以下のコマンドが実行可能なことを確認する
 
-##テスト環境
+	```
+	$ docker version
+	$ docker-compose version
+	```
 
-- Server OS: ubuntu 14.04
+## Start A Vuls Container
 
-## サーバーセットアップ
+- 以下のコマンドを実行してコンテナをビルドする
 
-1. Dockerのインストール
-2. Docker Composeのインストール
+	```
+	$ cd $GOPATH/src/github.com/future-architect/vuls/setup/docker
+	$ docker-compose up -d
+	```
 
-### 作業ディレクトリの作成
+## Setting up Vuls
 
-```
-mkdir work
-cd work
-git clone https://github.com/hikachan/vuls
-cd vuls
-```
+1. スキャン対象サーバのSSH秘密鍵を保存(vuls/setup/docker/conf/)する
+2. config.toml(vuls/docker/conf/config.toml) を環境に合わせて作成する
+
+	```
+	[servers]
 
-## Vuls セットアップ
+  	[servers.172-31-4-82]
+  	host        = "172.31.4.82"
+  	user        = "ec2-user"
+  	keyPath     = "conf/id_rsa"
+	```
 
-### sshキーの配置(vuls/docker/conf/id_rsa)
+## Fetch Vulnerability database
 
-### tomlの編集(vuls/docker/conf/config.toml)
+- NVDから脆弱性データベースを取得する
+	```
+	$ docker exec -t vuls scripts/fetch_nvd_all.sh
+	```
 
-```
-[servers]
-
-#This is a sample
-[servers.172.17.0.1]
-host         = "172.17.0.1"
-port        = "22"
-user        = "ubuntu"
-keyPath     = "/root/.ssh/id_rsa"
-#containers = ["target_container"]
-```
+- レポートを日本語化する場合は、JVNから脆弱性データを取得する
+	```
+	$ docker exec -t vuls scripts/fetch_jvn_all.sh
+	```
 
-## Vuls 起動
+## Scan servers with Vuls-On-Docker
 
-```
-docker-compose up -d
-```
+- スキャンを実行する
+
+	```
+	$ docker exec -t vuls vuls prepare -config=conf/config.toml
+	$ docker exec -t vuls scripts/scan_for_vulsrepo.sh
+	```
 
-## Update cve
+## See the results in a browser 
 
 ```
-docker exec -t vuls scripts/update_cve.sh
+http://${Vuls_Host}/vulsrepo/
 ```
 
-## Vuls Scan 実行
+# Update modules
 
-```
-docker exec -t vuls vuls prepare -config=conf/config.toml
-docker exec -t vuls scripts/scan_for_vulsrepo.sh
-```
+- vuls, go-cve-dictionary, vulsrepoのモジュールをアップデートする
+	```
+	$ docker exec -t vuls scripts/update_modules.sh
+	```
 
-### Vuls Repo 接続確認
+# Update Vulnerability database
 
-```
-http://${Vuls_Host}/vulsrepo/
-```
+- NVDの過去２年分の脆弱性データベースを更新する
+	```
+	$ docker exec -t vuls scripts/fetch_nvd_last2y.sh
+	```
+
+- JVNの過去１ヶ月分の脆弱性データベースを更新する
+	```
+	$ docker exec -t vuls scripts/fetch_jvn_month.sh
+	```
 
+- JVNの過去1週間分の脆弱性データベースを更新する
+	```
+	$ docker exec -t vuls scripts/fetch_jvn_week.sh
+	```

setup/docker/README.md

@@ -1,21 +1,8 @@
 # Vuls on Docker
 
-## Table of Contens
-
-- [What's Vuls-On-Docker?](#whats-vuls-on-docker)
-- [Server Setup](#setting-up-your-machine)
-	- Install Docker
-	- Instal Docker Compose
-- [Start A Vuls Container](#start-a-vuls-container)
-- [Vuls Setup](#setting-up-vuls)
-	- Locate a appropriate ssh-key
-	- Edit toml
-- [Scan servers with Vuls-On-Docker](#scan-servers-with-vuls-on-docker)
-- [See the results in a browser](#see-the-results-in-a-browser)
-
 ## What's Vuls-On-Docker
 
-- This is a dockernized-Vuls with DockerRepo UI in it.
+- This is a dockernized-Vuls with vulsrepo UI in it.
 - It's designed to reduce the cost of installation and the dependencies that vuls requires.
 - You can run install and run Vuls on your machine with only a few commands.
 - The result can be viewed with a browser
@@ -31,26 +18,18 @@
 	$ docker-compose version
 	```
 
-4. Create a working directory for Vuls
-
-	```
-	mkdir work
-	cd work
-	git clone https://github.com/hikachan/vuls.git
-	cd vuls/docker
-	```
-
 ## Start A Vuls Container
 
 - Execute the following command to build and run a Vuls Container
 
-	``
-	docker-compose up -d
-	`` 
+	```
+	$ cd $GOPATH/src/github.com/future-architect/vuls/docker
+	$ docker-compose up -d
+	```
 
 ## Setting up Vuls
 
-1. Locate ssh-keys of servers in (vuls/docker/conf/id_rsa)
+1. Locate ssh-keys of targer servers in (vuls/docker/conf/)
 2. Create and ajust config.toml(vuls/docker/conf/config.toml) to your environment
 
 	```
@@ -60,20 +39,40 @@
   	host        = "172.31.4.82"
   	user        = "ec2-user"
   	keyPath     = "conf/id_rsa"
-  	containers = ["container_name_a", "4aa37a8b63b9"]
+	```
+
+## Fetch Vulnerability database
+
+- Fetch Vulnerability database from NVD
+	```
+	$ docker exec -t vuls scripts/fetch_nvd_all.sh
 	```
 
 ## Scan servers with Vuls-On-Docker
 
 - Use the embedded script to scan servers for vulsrepo(or run whatever with docker exec)
 
 	```
-	docker exec -t vuls vuls prepare -config=conf/config.toml
-	docker exec -t vuls scripts/scan_for_vulsrepo.sh
+	$ docker exec -t vuls vuls prepare -config=conf/config.toml
+	$ docker exec -t vuls scripts/scan_for_vulsrepo.sh
 	```
 
 ## See the results in a browser 
 
 ```
 http://${Vuls_Host}/vulsrepo/
 ```
+
+# Update modules
+
+- update vuls, go-cve-dictionary, vulsrepo
+	```
+	$ docker exec -t vuls scripts/update_modules.sh
+	```
+
+# Update Vulnerability database
+
+- Fetch Vulnerability database from NVD
+	```
+	$ docker exec -t vuls scripts/fetch_nvd_last2y.sh
+	```

setup/docker/dockerfile/Dockerfile

@@ -23,6 +23,15 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
 
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
 
+# glide install
+ENV GLIDE_VERSION 0.10.2
+ENV GLIDE_DOWNLOAD_URL https://github.com/Masterminds/glide/releases/download/$GLIDE_VERSION/glide-$GLIDE_VERSION-linux-amd64.tar.gz
+RUN curl -fsSL "$GLIDE_DOWNLOAD_URL" -o glide.tar.gz \
+    && mkdir /usr/local/glide \
+    && tar -C /usr/local/glide -xzf glide.tar.gz \
+    && ln -s /usr/local/glide/linux-amd64/glide /usr/local/bin/ \
+    && rm glide.tar.gz
+
 # nginx Install
 RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
     && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
@@ -49,11 +58,23 @@ COPY nginx.conf /etc/nginx/nginx.conf
 ENV VULS_ROOT /opt/vuls
 RUN mkdir -p /var/log/vuls ${VULS_ROOT}/conf /root/.ssh/
 RUN chmod 700 -R /var/log/vuls $VULS_ROOT
-RUN go get github.com/kotakanbe/go-cve-dictionary
-RUN go get github.com/future-architect/vuls
+#  RUN go get github.com/kotakanbe/go-cve-dictionary
+#  RUN go get github.com/future-architect/vuls
+
+RUN go get -v -d github.com/kotakanbe/go-cve-dictionary \
+    && cd $GOPATH/src/github.com/kotakanbe/go-cve-dictionary \
+    && glide install \
+    && go install
+
+RUN go get -v -d github.com/future-architect/vuls \
+    && cd $GOPATH/src/github.com/future-architect/vuls \
+    && glide install \
+    && go install
 
 # Copy custom Scripts
 COPY ./scripts/ ${VULS_ROOT}/scripts
+RUN chmod 755 ${VULS_ROOT}/scripts/*
+
 
 #Vulrepo Install
 RUN git clone https://github.com/usiusi360/vulsrepo /tmp/vulsrepo

setup/docker/dockerfile/scripts/fetch_jvn_all.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+VULS_ROOT=/opt/vuls
+#VULS_CONF=${VULS_ROOT}/conf
+cd $VULS_ROOT
+go-cve-dictionary fetchjvn -entire
+

setup/docker/dockerfile/scripts/fetch_jvn_month.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+VULS_ROOT=/opt/vuls
+#VULS_CONF=${VULS_ROOT}/conf
+cd $VULS_ROOT
+go-cve-dictionary fetchjvn -month
+

setup/docker/dockerfile/scripts/fetch_jvn_week.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+VULS_ROOT=/opt/vuls
+#VULS_CONF=${VULS_ROOT}/conf
+cd $VULS_ROOT
+go-cve-dictionary fetchjvn -week
+

setup/docker/dockerfile/scripts/fetch_nvd_last2y.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+VULS_ROOT=/opt/vuls
+#VULS_CONF=${VULS_ROOT}/conf
+cd $VULS_ROOT
+go-cve-dictionary fetchnvd -last2y
+