You will be using your virtual machine from last week and installing, configuring, and then running a vulnerability scanner to scan your virtual machine.
You will be using a free open-source scanner named Vuls. To help you get it installed and running, you can follow these instructions, which recommend that you use an account named “Sammy.” I did these instructions using my root account and ignored the Sammy parts. (Admittedly, this is poor practice, but for a virtual machine we are deleting at the end of the course, we can bend the rules of best practices a bit.) Follow steps 1 through 6.
How to Use Vuls as a Vulnerability Scanner on Ubuntu 18.04 (Links to an external site.)
In our instructions for the week, we need to edit a couple commands along the way. This is due to the author of the utilities changing the way that certain command arguments are processed. The functionality still works but the commands will differ. Please make sure you use these modifications in order to not have errors. Again, copy/paste will be the easiest way to capture the changes so you don’t miss a dash or space.
ORIGINAL: for i in `seq 2002 $(date +”%Y”)`; do sudo go-cve-dictionary fetchnvd -dbpath /usr/share/vuls-data/cve.sqlite3 -years $i; done
CHANGE: sudo go-cve-dictionary fetch nvd –dbpath /usr/share/vuls-data/cve.sqlite3
ORIGINAL: sudo goval-dictionary fetch-ubuntu -dbpath=/usr/share/vuls-data/oval.sqlite3 18
CHANGE: sudo goval-dictionary fetch ubuntu –dbpath=/usr/share/vuls-data/oval.sqlite3 18
At the conclusion of Step 6, you will have run the scanner against your virtual machine. There will be vulnerabilities, many of which will be unpatchable. Attach a screenshot to your submission of your results screen. Pick one of the vulnerabilities and answer the following questions:
What is the CVE number of your chosen vulnerability?
What year was this CVE discovered? (Hint: this is part of the CVE number!)
What software programs are affected?
In your own words, what is the summary of this vulnerability?
Perform an analysis of the likelihood of this vulnerability being exploited. In other words, would this program’s vulnerability be easily exposed to an attacker or would it require a complex scenario to make this exposed?
In your opinion, given the CVE criticality and the likelihood, do you feel comfortable with this vulnerable software on your system?
The assignment should be double-spaced, 12-point Times New Roman font, with one-inch margins
Use APA for citing references and quotations
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more