wget \
golint \
sqlite3 \
+ openssh-client \
+ sshpass \
debian-goodies \
build-essential \
pkg-config \
# Fetches vuls databases (invalidate cache using unique timestamp)
SHELL ["/bin/bash", "-c"]
RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
- wget https://dl.google.com/go/go1.12.6.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
+ wget https://dl.google.com/go/go1.14.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
cd /root/ && \
- tar -xzf go1.12.6.linux-$HOST_ARCH.tar.gz -C /root/ && \
- rm go1.12.6.linux-$HOST_ARCH.tar.gz && \
+ tar -xzf go1.14.linux-$HOST_ARCH.tar.gz -C /root/ && \
+ rm go1.14.linux-$HOST_ARCH.tar.gz && \
export GOROOT=/root/go && \
- export GOPATH=/root/go/src && \
- export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
+ export GOPATH=/root/go/src/github.com && \
+ export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
mkdir -p /root/go/src/github.com/future-architect && \
cd /root/go/src/github.com/future-architect && \
git clone https://github.com/future-architect/vuls && \
ADD db.tar.gz.timestamp /root/
RUN \
export GOROOT=/root/go && \
- export GOPATH=/root/go/src && \
- export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
+ export GOPATH=/root/go/src/github.com && \
+ export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
COPY --from=build /root/go/bin /root/go/bin
-COPY --from=build /root/go/src/bin /root/go/src/bin
+COPY --from=build /root/go/src/github.com/bin /root/go/src/github.com/bin
RUN apt-get update && apt-get -y install \
python3-pip python3.6 && \
*** Keywords ***
Open Connection And Log In
Open Connection ${HOST}
- Login With Public Key ${USERNAME} ${SSH_KEYFILE}
+ Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL
Get Cluster Address
${result}= Run Process kubectl config view --minify
*** Keywords ***
Open Connection And Log In
Open Connection ${HOST}
- Login With Public Key ${USERNAME} ${SSH_KEYFILE}
+ Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL
Install Lynis
[Documentation] Install Lynis
Library OperatingSystem
Library BuiltIn
Suite Setup Open Connection And Log In
-Suite Teardown Close All Connections
+Suite Teardown Run Keywords
+... Cleanup ssh
+... Close All Connections
*** Test Cases ***
Run Vuls test
Set Environment Variable GOROOT /root/go
- Set Environment Variable GOPATH /root/go/src
- Set Environment Variable PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin:/root/go/src/bin
+ Set Environment Variable GOPATH /root/go/src/github.com
+ Set Environment Variable PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin:/root/go/src/github.com/bin
Set Environment Variable LC_ALL en_US.UTF-8
Set Environment Variable LANG en_US.UTF-8
${os} = SSHLibrary.Execute Command source /etc/os-release && echo $ID
+ Run Keyword IF '${SSH_KEYFILE}' == 'None' Create ssh_keyfile
+
${rc} = Run And Return Rc vuls scan -config ${CURDIR}/config.toml -ssh-config
Should Be Equal As Integers ${rc} 0
Append To File ${LOG_PATH}/vuls.log ${output}${\n}
Set Global Variable ${LOG} ${output}
+Create ssh_keyfile
+ ${rc} = Run And Return Rc ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
+ Should Be Equal As Integers ${rc} 0
+
+ ${rc} = Run and Return Rc sshpass -p '${PASSWORD}' ssh-copy-id -i /root/.ssh/id_rsa.pub '${USERNAME}'@'${HOST}'
+ Should Be Equal As Integers ${rc} 0
+
+Cleanup ssh
+ ${rc} ${idssh} = Run And Return Rc And Output cat /root/.ssh/id_rsa.pub
+ Should Be Equal As Integers ${rc} 0
+ ${rc} = Run And Return Rc ssh '${USERNAME}'@'${HOST}' "sed -i 's#${idssh}##' ~/.ssh/authorized_keys"
+ Should Be Equal As Integers ${rc} 0
+
Open Connection And Log In
Open Connection ${HOST}
- Login With Public Key ${USERNAME} ${SSH_KEYFILE}
+ Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL
### Input variables cluster's master host
host: 172.28.17.206 # cluster's master host address
username: cloudadmin # login name to connect to cluster
-ssh_keyfile: /root/.ssh/id_rsa # Identity file for authentication
+password: cloudpassword # login password to connect to cluster
+ssh_keyfile: ssh_keyfile # Identity file for authentication
### bluval.py adds/modifies following, before passing to robot.
### while debugging from CLI user has to modify these