-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for OSX using command line tools and curl #1373
Comments
Update: https://vuls.io/docs/en/usage-server.html
|
Hi, @ams2121 BTW, is there a vulnerability database for Mac OSX? Or, if we can use OSX commands to get the CVE-ID included in the unpatched part, we can do it. |
Greetings Kotakanbe, > is there a vulnerability database for Mac OSX?
I'm going to try and address each of these in their own comment |
The Apple OS: The NVD CPE dictionary (JSON & XML) does appear to call these out. I will need to look into what conversion Vuls does to OS + Version into CPE. I will try first to generate this CPE as much as possible. https://nvd.nist.gov/products/cpe example:
Example NVD entry for an Apple OS CVE - https://nvd.nist.gov/vuln/detail/CVE-2021-1813
Below is someone who has done a good amount of work figuring out apple build numbers |
@ams2121 did you get any further? Really interested by the topic and think of porting your "path" in Windows at the end. |
I haven't had the free time to look at this for a while. With the limited time I've had to look at it, I really have not been able to a handle on the osx CPE model, which appears much more dynamic (and confusing) than that used for linux. If I find some time, I'm tempted to pivot to windows as well, given there are so many more windows systems. As notes for future me, when I get the time, I'll probably use either OSQuery or WMIC on windows to generate a software inventory list. wmic or powershell - https://www.maketecheasier.com/get-installed-software-list-windows/ OSQUERY - Maybe this could be used as a preprocessor |
I've been looking through vuls to determine the effort to support OSX support and Windows. (For windows, I expect someone who knows powershell and wmi/wmic can probably put this together.) My goal is to talk to the server within the existing scope of the processing model, so that there is not additional development / O&M work required.
Below I've captured some of the command lines and example output I would use to generate this. I wanted to open this ticket / reach out before going too far down the path.
Using the Ubuntu server mode command line as an example (at bottom with link), curl appears to send the following...
It would appear OSX can gather similar data using the system profiling tool
os_family = system_profiler -json SPSoftwareDataType | grep "os_version" | cut -d \" -f4 | cut -d " " -f1
Outputs ["macOS"]
os_release = system_profiler -json SPSoftwareDataType | grep "os_version" | cut -d \" -f4 | cut -d " " -f2
Outputs ["11.6.2"]
The above is sub parsing this string which has an additional os version string.
os_version = system_profiler -json SPSoftwareDataType | grep "os_version" | cut -d \" -f4
Outputs ["macOS 11.6.2 (20G314)"]
kernel_version = "system_profiler -json SPSoftwareDataType | grep "kernel_version" | cut -d \" -f4"
Outputs ["Darwin 20.6.0"]
The individual software packages can be captured from the command
system_profiler SPApplicationsDataType SPSoftwareDataType SPDisabledSoftwareDataType SPExtensionsDataType SPLegacySoftwareDataType SPPrintersSoftwareDataType
which can also be output in JSON or XML
If this is data that the database has, and or can fuzzy match, I expect the below type data can be massaged into the above format too meet the desired data input. ie, I'm not sure what goes in the key "db:Status-Abbrev" or the difference between "Version" and "source:Version".
Example output of the above for Firefox
Plain text:
JSON:
XML:
Feature request is based on the ubuntu curl post to server from:
https://vuls.io/docs/en/usage-server.html
The text was updated successfully, but these errors were encountered: