Tabela de Conteúdos

7.3.1 Debsecan

O debsecan efectua uma avaliação de segurança ao sistema e relata vulnerabilidades conhecidas associadas aos pacotes instalado no sistema, notificando o administrador (root) dos resultados.

Instalação

root@server:~# apt install debsecan

Configuração

Para relatórios mais rigorosos, deverá ser indicada a versão Debian do nosso sistema no ficheiro /etc/default/debsecan:

#[...]

# For better reporting, specify the correct suite here, using the code
# name (that is, "sid" instead of "unstable").
#SUITE=GENERIC
SUITE=stretch

#[...]

O debsecan pode ser configurado para ser executado diariamente através de uma tarefa agendada (cron), sendo os resultados enviados por email ao administrador do sistema (root):

root@server:~# debsecan-create-cron

Utilização

A tarefa agendada durante a configuração irá enviar uma email ao administrador com o resultado da análise de segurança:

Subject: Debian security status of server
To: root@home.lan
Date: Sun,  9 Jul 2017 02:34:04 +0100 (WEST)

Security report based on general data

If you specify a proper suite, this report will include information
regarding available security updates and obsolete packages.  To set
the correct suite, run "dpkg-reconfigure debsecan" as root.

*** Fixed vulnerabilities

CVE-2017-9499
  <https://security-tracker.debian.org/tracker/CVE-2017-9499>
  - imagemagick-6-common
  - libmagickcore-6.q16-3
  - libmagickwand-6.q16-3

*** New vulnerabilities

CVE-2017-11109 Vim 8.0 allows attackers to cause a denial of...
  <https://security-tracker.debian.org/tracker/CVE-2017-11109>
  - vim-tiny, xxd, vim-common (low urgency)

CVE-2017-11112 In ncurses 6.0, there is an attempted...
  <https://security-tracker.debian.org/tracker/CVE-2017-11112>
  - libncurses5, ncurses-term, libtinfo5, libncursesw5, ncurses-base,
    ncurses-bin

CVE-2017-11113 In ncurses 6.0, there is a NULL Pointer Dereference...
  <https://security-tracker.debian.org/tracker/CVE-2017-11113>
  - libncurses5, ncurses-term, libtinfo5, libncursesw5, ncurses-base,
    ncurses-bin

*** Vulnerabilities

CVE-2011-5325 Directory traversal via crafted tar file which...
  <https://security-tracker.debian.org/tracker/CVE-2011-5325>
  - busybox

CVE-2012-6706 A VMSF_DELTA memory corruption was discovered in...
  <https://security-tracker.debian.org/tracker/CVE-2012-6706>
  - unrar (remotely exploitable, high urgency)

# [...]

Opcionalmente, o debsecan também pode ser executado a partir da linha de comandos:

root@server:~# debsecan
CVE-2016-10317 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-11143 php7.0-mysql
CVE-2017-11144 php7.0-mysql
CVE-2017-8923 php7.0-mysql (remotely exploitable, high urgency)
TEMP-0000000-18C9FC php7.0-mysql
CVE-2016-6170 bind9utils (remotely exploitable, medium urgency)
CVE-2016-6170 bind9-host (remotely exploitable, medium urgency)
CVE-2017-11109 vim-tiny (low urgency)
CVE-2017-10684 libncurses5 (remotely exploitable, high urgency)
CVE-2017-10685 libncurses5 (remotely exploitable, high urgency)
CVE-2017-11112 libncurses5
CVE-2017-11113 libncurses5
CVE-2017-10928 imagemagick-6-common
CVE-2017-10995 imagemagick-6-common
CVE-2017-11141 imagemagick-6-common (low urgency)
# [...]

Referências