Closed
Description
$ cat << EOS > Dockerfile
FROM public.ecr.aws/amazonlinux/amazonlinux:2023
RUN dnf upgrade -y && dnf install -y openssh-server glibc-langpack-en
RUN mkdir -p /var/run/sshd
RUN sed -i 's/#\?PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
COPY .ssh/id_rsa.pub /root/authorized_keys
RUN mkdir -p ~/.ssh && \
mv ~/authorized_keys ~/.ssh/authorized_keys && \
chmod 0600 ~/.ssh/authorized_keys
RUN ssh-keygen -A
RUN rm -rf /run/nologin
EXPOSE 22
# Vuls Setting
RUN dnf install -y dnf-utils which lsof procps-ng iproute
RUN dnf downgrade -y dnf
RUN curl -o /etc/yum.repos.d/newrelic-infra.repo https://download.newrelic.com/infrastructure_agent/linux/yum/amazonlinux/2023/x86_64/newrelic-infra.repo
CMD ["/usr/sbin/sshd", "-D"]
EOS
$ docker build -t vuls-target:latest .
$ docker run -d --name vuls-target -p 2222:22 vuls-target:latest
$ ssh-keygen -f "/home/vuls/.ssh/known_hosts" -R "[127.0.0.1]:2222" && ssh -i /home/vuls/.ssh/id_rsa -p 2222 root@127.0.0.1
...
, #_
~\_ ####_ Amazon Linux 2023
~~ \_#####\
~~ \###|
~~ \#/ ___ https://aws.amazon.com/linux/amazon-linux-2023
~~ V~' '->
~~~ /
~~._. _/
_/ _/
_/m/'
Last login: Tue May 27 02:17:04 2025 from 172.17.0.1
[root@51ad0b218afc ~]# repoquery --disablerepo "newrelic-infra" --upgrades --qf='%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPONAME}' -q
dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux
dnf-data 0 4.14.0 1.amzn2023.0.6 amazonlinux
python3-dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux
yum 0 4.14.0 1.amzn2023.0.6 amazonlinux$ cat << EOS > config.toml
version = "v2"
[default]
[servers]
[servers.docker]
host = "127.0.0.1"
port = "2222"
user = "root"
keyPath = "/home/vuls/.ssh/id_rsa"
scanMode = ["fast-root"]
scanModules = ["ospkg"]
EOS
$ curl -sL https://github.com/future-architect/vuls/releases/download/v0.32.0/vuls_0.32.0_linux_amd64.tar.gz | tar zxf - vuls
$ ./vuls scan -debug
[May 27 11:29:39] INFO [localhost] vuls-0.32.0-6accfb855ea1523c5a70b79c30c5430fd3b7a1a5-2025-05-16T07:24:16Z
...
[May 27 11:29:41] DEBUG [docker] Executing... repoquery --upgrades --qf='%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{REPONAME}' -q
[May 27 11:29:41] DEBUG [docker] execResult: servername: docker\n cmd: /usr/bin/ssh -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/cm-a3722a6d-%C -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/.ssh/id_rsa -o PasswordAuthentication=no 127.0.0.1\n exitstatus: 0\n stdout: Is this ok [y/N]: dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux\ndnf-data 0 4.14.0 1.amzn2023.0.6 amazonlinux\npython3-dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux\nyum 0 4.14.0 1.amzn2023.0.6 amazonlinux\n\n stderr: stty: 'standard input': Inappropriate ioctl for device\nImporting GPG key 0x8ECCE87C:\n Userid : \"infrastructure-eng <infrastructure-eng@newrelic.com>\"\n Fingerprint: A758 B3FB CD43 BE8D 123A 3476 BB29 EE03 8ECC E87C\n From : https://download.newrelic.com/infrastructure_agent/keys/newrelic_rpm_key_current.gpg\n\n err: %!s(<nil>)
...
Scan Summary
================
docker amazon2023.7.20250512 165 installed, 3 updatable
To view the detail, vuls tui is useful.
To send a report, run vuls report -h.Only when the value is less than 5 is it determined to be an unknown format, so the first line is not treated as an unknown format.
Is this ok [y/N]: dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux\ndnf-data 0 4.14.0 1.amzn2023.0.6 amazonlinux\npython3-dnf 0 4.14.0 1.amzn2023.0.6 amazonlinux\nyum 0 4.14.0 1.amzn2023.0.6 amazonlinux\n\n
Lines 821 to 824 in 19ee365