vuls
vuls copied to clipboard
future-architect
Fast scan always failed on RedHat8
What did you do? (required. The issue will be closed when not provided.)
vuls scan redhat8
What did you expect to happen?
Fast(non-root) scan wish work on RedHat8
RedHat8 could work above command with sudo(root privilege). CentOS8 stream could work above with non-root.
What happened instead?
- Current Output
[Jul 26 14:16:01] ERROR [localhost] Error on redhat8, err: [Failed to detect installed dnf modules:
github.com/future-architect/vuls/scanner.(*redhatBase).scanPackages
/home/vuls/go/src/github.com/future-architect/vuls/scanner/redhatbase.go:390
- Failed to dnf module list: execResult: servername: redhat8
cmd: /bin/ssh -tt -F /home/vuls/.ssh/config -l vuls -p 22 -i /home/vuls/.ssh/id_rsa -o PasswordAuthentication=no redhat8 stty cols 1000; dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled
exitstatus: 1
stdout: 一時ファイルを作成できません: /var/cache/dnf/epel.solv.vdsykE
stderr:
err: %!s(<nil>):
github.com/future-architect/vuls/scanner.(*redhatBase).detectEnabledDnfModules
/home/vuls/go/src/github.com/future-architect/vuls/scanner/redhatbase.go:850]
Please re-run the command using -debug and provide the output below.
Steps to reproduce the behaviour
Configuration (MUST fill this out):
- Go version (
go version):
go version go1.18.3 linux/amd64
-
Go environment (
go env): -
Vuls environment:
vuls-v0.19.8-build-20220724_083144_d1a617c
-
config.toml:
-
command:
[vuls@redhat8 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
[vuls@redhat8 ~]$ dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled
一時ファイルを作成できません: /var/cache/dnf/epel.solv.tmdX79
[vuls@redhat8 ~]$ LANG=C dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled
cannot create temporary file: /var/cache/dnf/epel.solv.YcIXEt
I ran the command as a non-root user on RHEL 8.2, and it succeeded.
[non-root@rhel8 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
[non-root@rhel8 ~]$ dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled
2022-07-26 18:25:27,158 [ERROR] dnf:16425:MainThread @logutil.py:194 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Name Stream Profiles Summary
satellite-5-client 1.0 [d][e] common [d], gui Red Hat Satellite 5 client packages
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
[non-root@rhel8 ~]$ echo $?
0
If running dnf --nogpgcheck --cacheonly --color=never --quiet module list --enabled on your server's console doesn't work, I don't think it's a vuls problem (because vuls assumes that the command works).
Why don't you review the dnf cache? (From the error message, EPEL Repository looks suspicious)
I guess that creating a temporary file in spite of --cacheonly means that the cache of the epel repository is not available(e.g. the cache file does not exist, the cache is too old), so fetch the file from there......
Therefore, with root privileges, the temporary file can be written and the command will be executed successfully. If not, the temporary file cannot be written and the command execution fails, as in this case.
If this is the case, then if the cache is prepared in advance and the command succeeds as the non-root user, then the vuls execution will also succeed.
I didn't know why that some redhat drop /var/cache/dnf/*.solv permission.