实战利用trivy对Linux系统进行漏洞扫描

我们这里以Ubuntu 20.04 LTS为例，之前本站写过一个利用vulscan扫描系统漏洞的，如下所示：

当时写这篇文章的时候用的是Centos系统一切正常，当我切换到Ubuntu后经历了大半年扫描不到任何一个漏洞的尴尬情况，

所以这篇文章算是对vulscan的一个替代，大家视情况，视喜好自行选择哈，trivy的开源项目地址如下：

它的安装和部署我就不赘述了，大家自行前往项目的readme中看一下，下面说一下本次实战的核心命令，如下：

/root/trivy/trivy fs --scanners vuln -s HIGH --skip-dirs /root/src/ --skip-dirs /var/lib/jenkins --skip-dirs /var/cache/jenkins --skip-dirs /usr/local/go/ --format json -q /

解释一下：

fs这个subcommand子命令代表扫描文件系统
--scanners vuln 这个参数代表只扫描漏洞
-s HIGH 代表漏洞的最低等级
--skip-dirs 这个参数代表跳过一些文件夹，这里我跳过了一些不提供端口监听的服务的路径，或者服务本身在NGINX的basic auth保护之下的
--format json 代表输出json格式，方便我们下面用python脚本解析
-q 代表静默输出，主要是为了方便解析上面的json文本

下面我写了一个简单的扫描到漏洞给你发通知邮件的Python脚本，如下：

import json
import time
import subprocess
import smtplib
from email.mime.text import MIMEText

HOST = 'smtp.qq.com'
PORT = 587
SENDER = '@qq.com'
RECEIVER = ''
PWD = ''

def mail_send(subject, mail_body):
    try:
        msg = MIMEText(mail_body, 'plain', 'utf-8')
        msg['Subject'] = subject
        msg['From'] = SENDER
        msg['To'] = RECEIVER
        s = smtplib.SMTP(HOST, PORT)
        s.debuglevel = 0
        s.login(SENDER, PWD)
        s.sendmail(SENDER, RECEIVER, msg.as_string())
        s.quit()
    except smtplib.SMTPException as e:
        print(str(e))

def main():
    curr_date = time.strftime('%Y-%m-%d',time.localtime(time.time()))
    subject = curr_date + " 每周漏洞扫描"
    cmd = "/root/trivy/trivy fs --scanners vuln -s HIGH --skip-dirs /root/src/ --skip-dirs /var/lib/jenkins   --skip-dirs /var/cache/jenkins --skip-dirs /usr/local/go/ --format json -q /"

    results=subprocess.check_output(cmd, shell=True)
    results_to_dict = json.loads(results)
    
    cve_results = results_to_dict['Results']
    cve_total_list =[]
    for cve_list in cve_results:
        if 'Vulnerabilities' in cve_list:
            cve_entity = cve_list['Vulnerabilities']    
            for vuls in cve_entity:
                pkg_name = vuls['PkgName']
                cve_id = vuls['VulnerabilityID']
                installed_version = vuls['InstalledVersion']
                if 'FixedVersion' in vuls:
                    fixed_version = vuls['FixedVersion']
                else:
                    fixed_version = ""
                if 'Title' in vuls:
                    title = vuls['Title']
                else:
                    title = ""
                desc = vuls['Description']
                cve_total_list.append('\n'.join(['pkg_name: \n'+pkg_name,'cve_id: \n'+ cve_id, 
                    'installed_version: \n' + installed_version,'fixed_version: \n'+ fixed_version, 
                    'title: \n'+ title, 'desc: \n'+desc]))
    # 如果cve_total_list为空的话，说明本周无漏洞
    if not cve_total_list:
        mail_send(subject, "本周暂无漏洞~")
    else:
        mail_body = '\n***********************************************\n'.join(cve_total_list)
        mail_send(subject,mail_body)
    print("成功发送了一封邮件！")

if __name__ == '__main__':
    main()

import json

import time

import subprocess

import smtplib

from email.mime.text import MIMEText

HOST = 'smtp.qq.com'

PORT = 587

SENDER = '@qq.com'

RECEIVER = ''

PWD = ''

def mail_send(subject, mail_body):

try:

msg = MIMEText(mail_body, 'plain', 'utf-8')

msg['Subject'] = subject

msg['From'] = SENDER

msg['To'] = RECEIVER

s = smtplib.SMTP(HOST, PORT)

s.debuglevel = 0

s.login(SENDER, PWD)

s.sendmail(SENDER, RECEIVER, msg.as_string())

s.quit()

except smtplib.SMTPException as e:

print(str(e))

def main():

curr_date = time.strftime('%Y-%m-%d',time.localtime(time.time()))

subject = curr_date + " 每周漏洞扫描"

cmd = "/root/trivy/trivy fs --scanners vuln -s HIGH --skip-dirs /root/src/ --skip-dirs /var/lib/jenkins --skip-dirs /var/cache/jenkins --skip-dirs /usr/local/go/ --format json -q /"

results=subprocess.check_output(cmd, shell=True)

results_to_dict = json.loads(results)

cve_results = results_to_dict['Results']

cve_total_list =[]

for cve_list in cve_results:

if 'Vulnerabilities' in cve_list:

cve_entity = cve_list['Vulnerabilities']

for vuls in cve_entity:

pkg_name = vuls['PkgName']

cve_id = vuls['VulnerabilityID']

installed_version = vuls['InstalledVersion']

if 'FixedVersion' in vuls:

fixed_version = vuls['FixedVersion']

else:

fixed_version = ""

if 'Title' in vuls:

title = vuls['Title']

else:

title = ""

desc = vuls['Description']

cve_total_list.append('\n'.join(['pkg_name: \n'+pkg_name,'cve_id: \n'+ cve_id,

'installed_version: \n' + installed_version,'fixed_version: \n'+ fixed_version,

'title: \n'+ title, 'desc: \n'+desc]))

# 如果cve_total_list为空的话，说明本周无漏洞

if not cve_total_list:

mail_send(subject, "本周暂无漏洞~")

else:

mail_body = '\n***********************************************\n'.join(cve_total_list)

mail_send(subject,mail_body)

print("成功发送了一封邮件！")

if __name__ == '__main__':

main()

大家只需要补充一下上述脚本开头的邮箱账号密码就可以使用了。

本作品采用知识共享署名 4.0 国际许可协议进行许可