Unable to scan and get the report for Oracle Linux server

[skm248]

Installed and Configured Vuls tool using Local Scan Mode tutorial https://vuls.io/docs/en/tutorial-local-scan.html

Actual Result:- After the vuls scan, tool was not able to generate the report or show the result in tui mode. Instead of the proper results getting errors for the Oracle Linux Distro

Expected Result:- Expected a proper results with all the CVE's and etc.,

Current Output:- Please re-run the command using -debug and provide the output below.

[root@test bin]# vuls report -format-one-line-text --debug [Sep 25 15:13:37] INFO [localhost] vuls-v0.26.0-build-20240919_153546_e776be1 [Sep 25 15:13:37] INFO [localhost] Validating config... [Sep 25 15:13:37] INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/root/go/bin/cve.sqlite3 [Sep 25 15:13:37] WARN [localhost] cveDict.SQLite3Path=/root/go/bin/cve.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/root/go/bin/oval.sqlite3 [Sep 25 15:13:37] INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/root/go/bin/gost.sqlite3 [Sep 25 15:13:37] WARN [localhost] gost.SQLite3Path=/root/go/bin/gost.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/root/go/bin/go-exploitdb.sqlite3 [Sep 25 15:13:37] WARN [localhost] exploit.SQLite3Path=/root/go/bin/go-exploitdb.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/root/go/bin/go-msfdb.sqlite3 [Sep 25 15:13:37] WARN [localhost] metasploit.SQLite3Path=/root/go/bin/go-msfdb.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/root/go/bin/go-kev.sqlite3 [Sep 25 15:13:37] WARN [localhost] kevuln.SQLite3Path=/root/go/bin/go-kev.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/root/go/bin/go-cti.sqlite3 [Sep 25 15:13:37] WARN [localhost] cti.SQLite3Path=/root/go/bin/go-cti.sqlite3 file not found [Sep 25 15:13:37] INFO [localhost] Loaded: /root/go/bin/results/2024-09-25T15-12-05+0530 [Sep 25 15:13:37] DEBUG [localhost] localhost (oracle7.9): config.ServerInfo{ BaseName: "localhost", ServerName: "localhost", User: "", Host: "localhost", IgnoreIPAddresses: []string{}, JumpServer: []string{}, Port: "local", SSHConfigPath: "", KeyPath: "", CpeNames: []string{}, ScanMode: []string{}, ScanModules: []string{}, OwaspDCXMLPath: "", ContainersOnly: false, ContainersIncluded: []string{}, ContainersExcluded: []string{}, ContainerType: "", Containers: map[string]config.ContainerSetting{}, IgnoreCves: []string{}, IgnorePkgsRegexp: []string{}, GitHubRepos: map[string]config.GitHubConf{}, UUIDs: map[string]string{}, Memo: "", Enablerepo: []string{}, Optional: map[string]interface {}{}, Lockfiles: []string{}, FindLock: false, FindLockDirs: []string{}, Type: "", IgnoredJSONKeys: []string{}, WordPress: &config.WordPressConf{ OSUser: "", DocRoot: "", CmdPath: "", NoSudo: false, }, PortScan: &config.PortScanConf{ IsUseExternalScanner: false, ScannerBinPath: "", HasPrivileged: false, ScanTechniques: []string{}, SourcePort: "", }, Windows: &config.WindowsConf{ ServerSelection: 0, CabPath: "", }, IPv4Addrs: []string{}, IPv6Addrs: []string{}, IPSIdentifiers: map[string]string{}, LogMsgAnsiColor: "", Container: config.Container{ ContainerID: "", Name: "", Image: "", }, Distro: config.Distro{ Family: "", Release: "", }, Mode: config.ScanMode{ flag: 0x01, }, Module: config.ScanModule{ flag: 0x0f, }, } [Sep 25 15:13:37] DEBUG [localhost] Check if oval fetched: oracle 7.9 [Sep 25 15:13:37] INFO [localhost] OVAL oracle 7.9 found. defs: 0 [Sep 25 15:13:37] ERROR [localhost] Failed to detect Pkg CVE: github.com/future-architect/vuls/detector.Detect /root/go/src/github.com/future-architect/vuls/detector/detector.go:54

• Failed to detect CVE with OVAL: github.com/future-architect/vuls/detector.DetectPkgCves /root/go/src/github.com/future-architect/vuls/detector/detector.go:331
• OVAL entries of oracle 7.9 are not found. Fetch OVAL before reporting. For details, see https://github.com/vulsio/goval-dictionary#usage: github.com/future-architect/vuls/detector.detectPkgsCvesWithOval /root/go/src/github.com/future-architect/vuls/detector/detector.go:550

Steps to reproduce the behaviour

1. Install and Configure the Vuls in any Oracle Linux.
2. Configure the config.toml file by mentioning localhost and run the scan, generate the report.

Configuration (MUST fill this out):

Go version (go version): [root@test bin]# go version go version go1.23.1 linux/amd64

Go environment (go env): [root@test bin]# go env GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/root/.cache/go-build' GOENV='/root/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/root/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/root/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.23.1' GODEBUG='' GOTELEMETRY='local' GOTELEMETRYDIR='/root/.config/go/telemetry' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/dev/null' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3774444765=/tmp/go-build -gno-record-gcc-switches'

Vuls environment: [root@test bin]# vuls -v vuls-v0.26.0-build-20240919_153546_e776be1

$ cd $GOPATH/src/github.com/future-architect/vuls $ git rev-parse --short HEAD

config.toml: [servers]

[servers.localhost] host = "localhost" port = "local"

• command: vuls scan vuls report -format-one-line-text vuls tui

Please check the attached file for more information log-file.txt