mirror of
https://github.com/fleetdm/fleet
synced 2026-05-14 12:38:41 +00:00
ef73039559
Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
87 lines
1.9 KiB
Go
87 lines
1.9 KiB
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"os"
|
|
|
|
"github.com/fleetdm/fleet/v4/pkg/fleethttp"
|
|
"github.com/fleetdm/fleet/v4/server/vulnerabilities"
|
|
"github.com/fleetdm/fleet/v4/server/vulnerabilities/oval"
|
|
"github.com/urfave/cli/v2"
|
|
)
|
|
|
|
func vulnerabilityDataStreamCommand() *cli.Command {
|
|
var dir string
|
|
return &cli.Command{
|
|
Name: "vulnerability-data-stream",
|
|
Usage: "Download the vulnerability data stream",
|
|
UsageText: `
|
|
fleetctl vulnerability-data-stream [options]
|
|
|
|
Downloads (if needed) the data streams that can be used by the Fleet server to process software for vulnerabilities.
|
|
`,
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "dir",
|
|
EnvVars: []string{"DIR"},
|
|
Value: "",
|
|
Destination: &dir,
|
|
Usage: "Directory to place the data streams in",
|
|
},
|
|
configFlag(),
|
|
contextFlag(),
|
|
debugFlag(),
|
|
},
|
|
Action: func(c *cli.Context) error {
|
|
if dir == "" {
|
|
return errors.New("No directory provided")
|
|
}
|
|
err := os.MkdirAll(dir, 0o700)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log(c, "[-] Downloading CPE database...")
|
|
client := fleethttp.NewClient()
|
|
err = vulnerabilities.DownloadCPEDatabase(dir, client)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
log(c, " Done\n")
|
|
|
|
log(c, "[-] Downloading NVD CVE feed...")
|
|
err = vulnerabilities.DownloadNVDCVEFeed(dir, "")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log(c, " Done\n")
|
|
|
|
log(c, "[-] Downloading EPSS feed...")
|
|
|
|
err = vulnerabilities.DownloadEPSSFeed(dir, client)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
log(c, " Done\n")
|
|
|
|
log(c, "[-] Downloading CISA known exploits feed...")
|
|
|
|
err = vulnerabilities.DownloadCISAKnownExploitsFeed(dir, client)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
log(c, " Done\n")
|
|
log(c, "[-] Downloading Oval definitions...")
|
|
err = oval.Sync(client, dir, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
log(c, " Done\n")
|
|
|
|
log(c, "[+] Data streams successfully downloaded!\n")
|
|
return nil
|
|
},
|
|
}
|
|
}
|