Merge pull request #291 from future-architect/localscan

Add local scan mode(Scan without SSH when target server is localhost)

README.ja.md

@@ -169,6 +169,7 @@ NVDから脆弱性データベースを取得する。
 環境によって異なるが、AWS上では10分程度かかる。
 
 ```bash
+$ cd $HOME
 $ for i in {2002..2016}; do go-cve-dictionary fetchnvd -years $i; done
 ... snip ...
 $ ls -alh cve.sqlite3
@@ -320,8 +321,18 @@ $ vuls tui
 
 # Architecture
 
+## A. Scan via SSH Mode
+
 ![Vuls-Architecture](img/vuls-architecture.png)
 
+## B. Scan without SSH (Local Scan Mode)
+
+Vulsをスキャン対象サーバにデプロイする。Vulsはローカルホストにコマンドを発行する(SSH経由ではない）。スキャン結果のJSONを別サーバに集約する。スキャン結果の詳細化のためにはCVEデータベースへのアクセスが必要なので、事前にgo-cve-dictionaryをserver modeで起動しておく。
+その集約サーバ上で、あなたはWebUIやTUIを用いて各スキャン対象サーバのスキャン結果を参照することが可能。
+
+![Vuls-Architecture Local Scan Mode](img/vuls-architecture-localscan.png)
+[詳細](#example-scan-via-shell-instead-of-ssh)
+
 ## [go-cve-dictionary](https://github.com/kotakanbe/go-cve-dictionary)  
 - NVDとJVN(日本語)から脆弱性データベースを取得し、SQLite3に格納する。
 
@@ -532,11 +543,13 @@ host         = "172.31.4.82"
     #cpeNames = [
     #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
     #]
-    #containers = ["${running}"]
     #ignoreCves = ["CVE-2016-6314"]
     #optional = [
     #    ["key", "value"],
     #]
+    #containers = ["${running}"]
+    #[servers.172-31-4-82.container]
+    #type = "lxd"
     ```
 
     serversセクションの値は、defaultセクションの値よりも優先される。
@@ -547,9 +560,9 @@ host         = "172.31.4.82"
     - user: SSH username
     - keyPath: SSH private key path
     - cpeNames: see [Usage: Scan vulnerability of non-OS package](https://github.com/future-architect/vuls/blob/master/README.ja.md#usage-scan-vulnerability-of-non-os-package)
-    - containers: see [Usage: Scan Docker containers](https://github.com/future-architect/vuls/blob/master/README.ja.md#usage-scan-docker-containers)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: JSONレポートに含めたい追加情報
+    - containers: see [Usage: Scan Docker containers](https://github.com/future-architect/vuls/blob/master/README.ja.md#usage-scan-docker-containers)
 
 
     Vulsは各サーバにSSHで接続するが、Goのネイティブ実装と、OSコマンドの２種類のSSH接続方法をサポートしている。
@@ -714,11 +727,29 @@ $ vuls scan server1 server2
 - ノーパスワードでsudoが実行可能
 - configで定義されているサーバの中の、server1, server2のみスキャン
 
-## Example: Scan Docker containers
+## Example: Scan via shell instead of SSH.
+
+ローカルホストのスキャンする場合、SSHではなく直接コマンドの発行が可能。  
+config.tomlのhostに`localhost または 127.0.0.1`かつ、portに`local`を設定する必要がある。  
+For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
+
+- config.toml
+  ```
+  [servers]
+
+  [servers.localhost]
+  host         = "localhost" # or "127.0.0.1"
+  port         = "local" 
+  ```
 
-DockerコンテナはSSHデーモンを起動しないで運用するケースが一般的。  
+## Example: Scan containers (Docker/LXD)
+
+
+コンテナはSSHデーモンを起動しないで運用するケースが一般的。  
  [Docker Blog:Why you don't need to run SSHd in your Docker containers](https://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/)
 
+### Docker
+
 Vulsは、DockerホストにSSHで接続し、`docker exec`でDockerコンテナにコマンドを発行して脆弱性をスキャンする。  
 詳細は、[Architecture section](https://github.com/future-architect/vuls#architecture)を参照
 
@@ -747,9 +778,24 @@ Vulsは、DockerホストにSSHで接続し、`docker exec`でDockerコンテナ
     keyPath     = "/home/username/.ssh/id_rsa"
     containers = ["container_name_a", "4aa37a8b63b9"]
     ```
+
 - コンテナのみをスキャンする場合（ホストはスキャンしない）  
   --containers-onlyオプションを指定する
 
+### LXDコンテナをスキャンする場合  
+
+Vulsは、ホストにSSHで接続し、`lxc exec`でLXDコンテナにコマンドを発行して脆弱性をスキャンする。  
+```
+[servers]
+
+[servers.172-31-4-82]
+host         = "172.31.4.82"
+user        = "ec2-user"
+keyPath     = "/home/username/.ssh/id_rsa"
+containers = ["${running}"]
+[servers.172-31-4-82.container]
+type = "lxd"
+```
 
 # Usage: Report
 

README.md

@@ -173,6 +173,7 @@ Fetch vulnerability data from NVD.
 It takes about 10 minutes (on AWS).  
 
 ```bash
+$ cd $HOME
 $ for i in {2002..2016}; do go-cve-dictionary fetchnvd -years $i; done
 ... snip ...
 $ ls -alh cve.sqlite3
@@ -319,8 +320,18 @@ see https://github.com/future-architect/vuls/tree/master/setup/docker
 
 # Architecture
 
+## A. Scan via SSH Mode
+
 ![Vuls-Architecture](img/vuls-architecture.png)
 
+## B. Scan without SSH (Local Scan Mode)
+
+Deploy Vuls to the scan target server. Vuls issues a command to the local host (not via SSH). Aggregate the JSON of the scan result into another server. Since it is necessary to access the CVE database in order to refine the scan result, start go-cve-dictionary in server mode beforehand.
+On the aggregation server, you can refer to the scanning result of each scan target server using WebUI or TUI.
+
+![Vuls-Architecture Local Scan Mode](img/vuls-architecture-localscan.png)
+[Details](#example-scan-via-shell-instead-of-ssh)
+
 ## [go-cve-dictinary](https://github.com/kotakanbe/go-cve-dictionary)  
 - Fetch vulnerability information from NVD and JVN(Japanese), then insert into SQLite3 or MySQL.
 
@@ -445,11 +456,13 @@ host         = "172.31.4.82"
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
-#containers = ["${running}"]
 #ignoreCves = ["CVE-2016-6313"]
 #optional = [
 #    ["key", "value"],
 #]
+#containers = ["${running}"]
+#[servers.172-31-4-82.container]
+#type = "lxd"
 ```
 
 You can customize your configuration using this template.
@@ -538,11 +551,13 @@ You can customize your configuration using this template.
     #cpeNames = [
     #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
     #]
-    #containers = ["${running}"]
     #ignoreCves = ["CVE-2016-6314"]
     #optional = [
     #    ["key", "value"],
     #]
+    #containers = ["${running}"]
+    #[servers.172-31-4-82.container]
+    #type = "lxd"
     ```
 
     You can overwrite the default value specified in default section.  
@@ -552,9 +567,9 @@ You can customize your configuration using this template.
     - user: SSH username
     - keyPath: SSH private key path
     - cpeNames: see [Usage: Scan vulnerability of non-OS package](https://github.com/future-architect/vuls#usage-scan-vulnerability-of-non-os-package)
-    - containers: see [Usage: Scan Docker containers](https://github.com/future-architect/vuls#usage-scan-docker-containers)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: Add additional information to JSON report.
+    - containers: see [Example: Scan containers (Docker/LXD)(#example-scan-containers-dockerlxd)
 
     Vuls supports two types of SSH. One is native go implementation. The other is external SSH command. For details, see [-ssh-external option](https://github.com/future-architect/vuls#-ssh-external-option)
 
@@ -721,11 +736,27 @@ With this sample command, it will ..
 - Use SSH Key-Based authentication with empty password (without -ask-key-password option)
 - Scan only 2 servers (server1, server2)
 
-## Example: Scan Docker containers
+## Example: Scan via shell instead of SSH.
+
+Vuls scans localhost instead of SSH if the host address is `localhst or 127.0.0.1` and the port is `local` in config.
+For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
+
+- config.toml
+  ```
+  [servers]
 
-It is common that keep Docker containers running without SSHd daemon.  
+  [servers.localhost]
+  host         = "localhost" # or "127.0.0.1"
+  port         = "local" 
+  ```
+
+## Example: Scan containers (Docker/LXD)
+
+It is common that keep containers running without SSHd daemon.  
 see [Docker Blog:Why you don't need to run SSHd in your Docker containers](https://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/)
 
+### Docker
+
 Vuls scans Docker containers via `docker exec` instead of SSH.  
 For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
 
@@ -758,6 +789,21 @@ For more details, see [Architecture section](https://github.com/future-architect
 - To scan containers only
   - --containers-only option is available.
 
+### LXD
+
+Vuls scans lxd via `lxc exec` instead of SSH.  
+```
+[servers]
+
+[servers.172-31-4-82]
+host         = "172.31.4.82"
+user        = "ec2-user"
+keyPath     = "/home/username/.ssh/id_rsa"
+containers = ["${running}"]
+[servers.172-31-4-82.container]
+type = "lxd"
+```
+
 ----
 
 # Usage: Report

commands/discover.go

@@ -116,11 +116,12 @@ subjectPrefix = "[vuls]"
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
 #dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#containers = ["${running}"]
 #ignoreCves = ["CVE-2014-6271"]
 #optional = [
 #    ["key", "value"],
 #]
+#containers = ["${running}"]
+
 
 [servers]
 {{- $names:=  .Names}}
@@ -134,11 +135,15 @@ host         = "{{$ip}}"
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
 #dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#containers = ["${running}"]
 #ignoreCves = ["CVE-2014-0160"]
 #optional = [
 #    ["key", "value"],
 #]
+#containers = ["${running}"]
+#[servers.{{index $names $i}}.container]
+#type = "docker" #or "lxd" defualt: docker
+
+
 {{end}}
 
 `

config/tomlloader.go

@@ -62,15 +62,6 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 
 		s := ServerInfo{ServerName: name}
 
-		switch {
-		case v.User != "":
-			s.User = v.User
-		case d.User != "":
-			s.User = d.User
-		default:
-			return fmt.Errorf("%s is invalid. User is empty", name)
-		}
-
 		s.Host = v.Host
 		if len(s.Host) == 0 {
 			return fmt.Errorf("%s is invalid. host is empty", name)
@@ -85,6 +76,17 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			s.Port = "22"
 		}
 
+		switch {
+		case v.User != "":
+			s.User = v.User
+		case d.User != "":
+			s.User = d.User
+		default:
+			if s.Port != "local" {
+				return fmt.Errorf("%s is invalid. User is empty", name)
+			}
+		}
+
 		s.KeyPath = v.KeyPath
 		if len(s.KeyPath) == 0 {
 			s.KeyPath = d.KeyPath