libffi-dev \
make \
libssl-dev \
+ wget \
golint \
sqlite3 \
debian-goodies \
build-essential \
+ pkg-config \
autoconf automake autotools-dev m4 \
linux-headers-generic \
libaio-dev libattr1-dev libcap-dev
WORKDIR /root/src
RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
-# Copy binaries into the final container and install robot framework
-FROM ubuntu:18.04
-COPY --from=build /wheels /wheels
-COPY --from=build /opt/akraino/validation /opt/akraino/validation
-COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
-COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
-
-
-RUN apt-get update && apt-get -y upgrade && apt-get -y install \
- python3-pip python3.6 \
- sqlite \
- debian-goodies \
- wget \
- curl apt-transport-https ca-certificates software-properties-common && \
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
- add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
- apt-get update && \
- apt-get install -y docker-ce && \
- cd /usr/bin && ln -s python3 python && \
- pip3 install -r /wheels/requirements/pip-requirements.txt \
- -f /wheels && \
- rm -rf /wheels && \
- rm -rf /root/.cache/pip/* && \
- rm -rf /var/cache/apt/* && \
- rm -rf /var/lib/apt/lists/*
-
-# Fetches vuls databases
+#Fetches vuls databases
SHELL ["/bin/bash", "-c"]
-RUN wget https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz -P /root/ && \
+RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
+ wget https://dl.google.com/go/go1.12.6.linux-$HOST_ARCH.tar.gz -P /root/ && \
cd /root/ && \
- tar -xzf go1.12.6.linux-amd64.tar.gz -C /root/ && \
+ tar -xzf go1.12.6.linux-$HOST_ARCH.tar.gz -C /root/ && \
+ rm go1.12.6.linux-$HOST_ARCH.tar.gz && \
export GOROOT=/root/go && \
export GOPATH=/root/go/src && \
export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
make install && \
- mkdir /opt/akraino/validation/tests/os/vuls/ && \
for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
make install && \
- goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval.sqlite3 16 && \
+ goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
+ goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
+ goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos.sqlite3 7 && \
+ mkdir -p /root/go/src/github.com/knqyf263 && \
+ git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git && \
+ cd /root/go/src/github.com/knqyf263/gost && \
+ make install && \
+ gost fetch redhat --http-proxy=${HTTP_PROXY} --dbpath=/opt/akraino/validation/tests/os/vuls/gost_centos.sqlite3 && \
cd /opt/akraino/validation/tests/os/vuls && \
tar cvzf db.tar.gz *.sqlite3 && \
rm *.sqlite3
+# Copy binaries into the final container and install robot framework
+FROM ubuntu:18.04
+COPY --from=build /wheels /wheels
+COPY --from=build /opt/akraino/validation /opt/akraino/validation
+COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
+COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
+COPY --from=build /root/go/bin /root/go/bin
+COPY --from=build /root/go/src/bin /root/go/src/bin
+
+RUN apt-get update && apt-get -y install \
+ python3-pip python3.6 && \
+ cd /usr/bin && ln -s python3 python && \
+ pip3 install -r /wheels/requirements/pip-requirements.txt \
+ -f /wheels && \
+ rm -rf /wheels && \
+ rm -rf /root/.cache/pip/* && \
+ rm -rf /var/cache/apt/* && \
+ rm -rf /var/lib/apt/lists/*
+
# Install bluval dependencies
RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt
ENV LC_ALL=C.UTF-8
Library SSHLibrary
Library OperatingSystem
Library BuiltIn
-Library Process
+Suite Setup Open Connection And Log In
+Suite Teardown Close All Connections
*** Variables ***
${LOG_PATH} /opt/akraino/validation/tests/os/vuls
${rc} = Run And Return Rc tar xvzf db.tar.gz -C /opt/akraino/validation/tests/os/vuls/
Should Be Equal As Integers ${rc} 0
-
+
+ ${os} = SSHLibrary.Execute Command source /etc/os-release && echo $ID
+
${rc} = Run And Return Rc vuls scan -config config.toml -ssh-config
Should Be Equal As Integers ${rc} 0
- ${rc} ${output} = Run And Return Rc And Output vuls report
+ Run Keyword IF '${os}' == 'ubuntu' Run vuls for ubuntu ELSE IF '${os}' == 'centos' Run vuls for centos ELSE FAIL Distro '${os}' not supported
+
+*** Keywords ***
+Run vuls for ubuntu
+ ${os_version} = SSHLibrary.Execute Command source /etc/os-release && echo $VERSION_ID | cut -d '.' -f1
+
+ ${rc} ${output} = Run And Return Rc And Output vuls report -cvedb-sqlite3-path=${LOG_PATH}/cve.sqlite3 -ovaldb-sqlite3-path=${LOG_PATH}/oval_ubuntu_${os_version}.sqlite3
+ Should Be Equal As Integers ${rc} 0
+ Append To File ${LOG_PATH}/vuls.log ${output}${\n}
+
+Run vuls for centos
+ ${rc} ${output} = Run And Return Rc And Output vuls report -cvedb-sqlite3-path=${LOG_PATH}/cve.sqlite3 -ovaldb-sqlite3-path=${LOG_PATH}/oval_centos.sqlite3 -gostdb-sqlite3-path=${LOG_PATH}/gost_centos.sqlite3
Should Be Equal As Integers ${rc} 0
Append To File ${LOG_PATH}/vuls.log ${output}${\n}
+
+Open Connection And Log In
+ Open Connection ${HOST}
+ Login With Public Key ${USERNAME} ${SSH_KEYFILE}
Code Review / validation.git / commitdiff