Create all services

defaults/main.yml

@@ -27,3 +27,7 @@ vuls_arch: amd64
 
 vuls_dbpath: "/var/lib/vuls/cve.sqlite3"
 vuls_dbtype: "sqlite3"
+
+
+vuls_slack_enable: False
+vuls_email_enable: False

tasks/go-cti.yml

@@ -56,3 +56,19 @@
   loop:
     - /tmp/go-cti
     - "/tmp/go-cti-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-go-cti.service.j2
+    dest: /etc/systemd/system/vuls-go-cti.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-go-cti.timer.j2
+    dest: /etc/systemd/system/vuls-go-cti.timer
+
+- name: Start go-cti service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-go-cti

tasks/go-cve-dictionary.yml

@@ -59,16 +59,16 @@
 
 - name: Add systemd service 
   ansible.builtin.template:
-    src: vuls_go-cve-dictionary.service.j2
-    dest: /etc/systemd/system/vuls_go-cve-dictionary.service
+    src: vuls-go-cve-dictionary.service.j2
+    dest: /etc/systemd/system/vuls-go-cve-dictionary.service
 
 - name: Add systemd timer service 
   ansible.builtin.template:
-    src: vuls_go-cve-dictionary.timer.j2
-    dest: /etc/systemd/system/vuls_go-cve-dictionary.timer
+    src: vuls-go-cve-dictionary.timer.j2
+    dest: /etc/systemd/system/vuls-go-cve-dictionary.timer
 
 - name: Start go-cve-dictionary service
   ansible.builtin.systemd:
     state: restarted
     daemon_reload: true
-    name: vuls_go-cve-dictionary
+    name: vuls-go-cve-dictionary

tasks/go-exploitdb.yml

@@ -56,3 +56,40 @@
   loop:
     - /tmp/go-exploitdb
     - "/tmp/go-exploitdb-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-go-exploitdb.service.j2
+    dest: "/etc/systemd/system/vuls-go-exploitdb-{{ item }}.service"
+  loop:
+    - "awesomepoc"
+    - "exploitdb"
+    - "githubrepos"
+    - "inthewild"
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-go-exploitdb.timer.j2
+    dest: "/etc/systemd/system/vuls-go-exploitdb-{{ item }}.timer"
+  loop:
+    - "awesomepoc"
+    - "exploitdb"
+    - "githubrepos"
+    - "inthewild"
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-go-exploitdb.timer.j2
+    dest: /etc/systemd/system/vuls-go-exploitdb.timer
+
+- name: Start go-exploitdb service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-go-exploitdb
+
+- name: Start go-exploitdb service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-go-exploitdb

tasks/go-kev.yml

@@ -56,3 +56,19 @@
   loop:
     - /tmp/go-kev
     - "/tmp/go-kev-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-go-kev.service.j2
+    dest: /etc/systemd/system/vuls-go-kev.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-go-kev.timer.j2
+    dest: /etc/systemd/system/vuls-go-kev.timer
+
+- name: Start go-kev service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-go-kev

tasks/go-msfdb.yml

@@ -56,3 +56,19 @@
   loop:
     - /tmp/go-msfdb
     - "/tmp/go-msfdb-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-go-msfdb.service.j2
+    dest: /etc/systemd/system/vuls-go-msfdb.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-go-msfdb.timer.j2
+    dest: /etc/systemd/system/vuls-go-msfdb.timer
+
+- name: Start go-msfdb service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-go-msfdb

tasks/gost.yml

@@ -56,3 +56,19 @@
   loop:
     - /tmp/gost
     - "/tmp/gost-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-gost.service.j2
+    dest: /etc/systemd/system/vuls-gost.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-gost.timer.j2
+    dest: /etc/systemd/system/vuls-gost.timer
+
+- name: Start gost service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-gost

tasks/goval-dictionary.yml

@@ -56,3 +56,19 @@
   loop:
     - /tmp/goval-dictionary
     - "/tmp/goval-dictionary-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls-goval-dictionary.service.j2
+    dest: /etc/systemd/system/vuls-goval-dictionary.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls-goval-dictionary.timer.j2
+    dest: /etc/systemd/system/vuls-goval-dictionary.timer
+
+- name: Start goval-dictionary service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls-goval-dictionary

tasks/vuls.yml

@@ -1,58 +1,74 @@
-- name: "Get vuls github's release json"
-  uri:
-    url: https://api.github.com/repos/future-architect/vuls/releases/latest
-    method: GET
-    return_content: yes
-    status_code: 200
-    body_format: json
-  register: vuls_github_repo
+#- name: "Get vuls github's release json"
+#  uri:
+#    url: https://api.github.com/repos/future-architect/vuls/releases/latest
+#    method: GET
+#    return_content: yes
+#    status_code: 200
+#    body_format: json
+#  register: vuls_github_repo
 
-- name: "Remove v on release name"
-  shell: "echo {{ vuls_github_repo.json.tag_name }} | sed 's/v//g'"
-  register: vuls_version_without_v
+#- name: "Remove v on release name"
+#  shell: "echo {{ vuls_github_repo.json.tag_name }} | sed 's/v//g'"
+#  register: vuls_version_without_v
 
-- name: "Get vuls version"
-  set_fact: vuls_version={{ vuls_version_without_v.stdout }}
+#- name: "Get vuls version"
+#  set_fact: vuls_version={{ vuls_version_without_v.stdout }}
 
-- name: testing
-  debug: 
-    msg: "Using version {{ vuls_version }}"
+#- name: testing
+#  debug: 
+#    msg: "Using version {{ vuls_version }}"
 
-- name: Download vuls archive
-  get_url:
-    url: "{{ vuls_dl_url }}"
-    dest: "/tmp/vuls-{{ vuls_version }}.tar.gz"
-    checksum: "sha256:{{ vuls_checksum_dl_url }}"
-  register: _download_archive
-  until: _download_archive is succeeded
-  retries: 5
-  delay: 2
+#- name: Download vuls archive
+#  get_url:
+#    url: "{{ vuls_dl_url }}"
+#    dest: "/tmp/vuls-{{ vuls_version }}.tar.gz"
+#    checksum: "sha256:{{ vuls_checksum_dl_url }}"
+#  register: _download_archive
+#  until: _download_archive is succeeded
+#  retries: 5
+#  delay: 2
 
-- name: Create tmp directory if it does not exist
-  ansible.builtin.file:
-    path: "/tmp/vuls"
-    state: directory
-    mode: '0750'
-    owner: "root"
-    group: "root"
+#- name: Create tmp directory if it does not exist
+#  ansible.builtin.file:
+#    path: "/tmp/vuls"
+#    state: directory
+#    mode: '0750'
+#    owner: "root"
+#    group: "root"
 
-- name: Unarchive vuls 
-  ansible.builtin.unarchive:
-    src: /tmp/vuls-{{ vuls_version }}.tar.gz
-    dest: /tmp/vuls
-    remote_src: yes
+#- name: Unarchive vuls 
+#  ansible.builtin.unarchive:
+#    src: /tmp/vuls-{{ vuls_version }}.tar.gz
+#    dest: /tmp/vuls
+#    remote_src: yes
 
-- name: Copy files from foo to bar
-  ansible.builtin.copy: 
-    remote_src: True 
-    src: /tmp/vuls/vuls 
-    dest: /usr/local/bin/vuls/vuls
-    mode: '0755'
+#- name: Copy files from foo to bar
+#  ansible.builtin.copy: 
+#    remote_src: True 
+#    src: /tmp/vuls/vuls 
+#    dest: /usr/local/bin/vuls/vuls
+#    mode: '0755'
 
-- name: Clean temporary folders
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - /tmp/vuls
-    - "/tmp/vuls-{{ vuls_version }}.tar.gz"
+#- name: Clean temporary folders
+#  ansible.builtin.file:
+#    path: "{{ item }}"
+#    state: absent
+#  loop:
+#    - /tmp/vuls
+#    - "/tmp/vuls-{{ vuls_version }}.tar.gz"
+
+- name: Add systemd service 
+  ansible.builtin.template:
+    src: vuls.service.j2
+    dest: /etc/systemd/system/vuls.service
+
+- name: Add systemd timer service 
+  ansible.builtin.template:
+    src: vuls.timer.j2
+    dest: /etc/systemd/system/vuls.timer
+
+- name: Start vuls service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    name: vuls

templates/config.toml.j2

@@ -0,0 +1,162 @@
+[cveDict]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[ovalDict]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[gost]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[exploit]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[metasploit]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[kevuln]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+[cti]
+type = {{ vuls_dbtype }}
+sqlite3Path = "{{ vuls_dbpath }}"
+
+
+# https://vuls.io/docs/en/config.toml.html#slack-section
+#[slack]
+#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+##legacyToken = "xoxp-11111111111-222222222222-3333333333"
+#channel      = "#channel-name"
+##channel     = "${servername}"
+#iconEmoji    = ":ghost:"
+#authUser     = "username"
+#notifyUsers  = ["@username"]
+
+# https://vuls.io/docs/en/config.toml.html#email-section
+{% if vuls_email_enable == True %}
+[email]
+smtpAddr      = "{{ vuls_email_host }}"
+smtpPort      = "{{ vuls_email_port }}"
+user          = "{{ vuls_email_user }}"
+password      = "{{ vuls_email_port}}"
+from          = "{{ vuls_email_from }}"
+to            = ["{{ vuls_email_to }}"]
+subjectPrefix = "[vuls]"
+{% endif %}
+
+# https://vuls.io/docs/en/config.toml.html#http-section
+#[http]
+#url = "http://localhost:11234"
+
+# https://vuls.io/docs/en/config.toml.html#syslog-section
+#[syslog]
+#protocol    = "tcp"
+#host        = "localhost"
+#port        = "514"
+#tag         = "vuls"
+#facility    = "local0"
+#severity    = "alert"
+#verbose     = false
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
+#[aws]
+#profile                = "default"
+#region                 = "ap-northeast-1"
+#s3Bucket               = "vuls"
+#s3ResultsDir           = "/path/to/result"
+#s3ServerSideEncryption = "AES256"
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
+#[azure]
+#accountName   = "default"
+#accountKey    = "xxxxxxxxxxxxxx"
+#containerName = "vuls"
+
+# https://vuls.io/docs/en/config.toml.html#chatwork-section
+#[chatwork]
+#room     = "xxxxxxxxxxx"
+#apiToken = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/config.toml.html#telegram-section
+#[telegram]
+#chatID     = "xxxxxxxxxxx"
+#token = "xxxxxxxxxxxxxxxxxx"
+
+#[wpscan]
+#token = "xxxxxxxxxxx"
+#detectInactive = false
+
+# https://vuls.io/docs/en/config.toml.html#default-section
+[default]
+#port               = "22"
+#user               = "username"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
+#lockfiles = ["/path/to/package-lock.json"]
+#cpeNames = [
+#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+#]
+#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-6271"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+#containersOnly     = false
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+# https://vuls.io/docs/en/config.toml.html#servers-section
+[servers]
+
+[servers.127-0-0-1]
+host                = "127.0.0.1"
+#port               = "22"
+#user               = "root"
+#sshConfigPath      = "/home/username/.ssh/config"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#scanModules        = ["ospkg", "wordpress", "lockfile", "port"]
+#type               = "pseudo"
+#memo               = "DB Server"
+#findLock           = true
+#findLockDirs       = ["/path/to/dir"]
+#lockfiles          = ["/path/to/package-lock.json"]
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+#containersOnly     = false
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+#[servers.127-0-0-1.containers.container_name_a]
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#ignorePkgsRegexp   = ["^kernel", "^python"]
+
+#[servers.127-0-0-1.githubs."owner/repo"]
+#token   = "yourToken"
+#IgnoreGithubDismissed = true
+
+
+#[servers.127-0-0-1.wordpress]
+#cmdPath = "/usr/local/bin/wp"
+#osUser = "wordpress"
+#docRoot = "/path/to/DocumentRoot/"
+
+#[servers.192-168-11-6.portscan]
+#scannerBinPath = "/usr/bin/nmap"
+#hasPrivileged = true
+#scanTechniques = ["sS"]
+#sourcePort = "65535"
+
+#[servers.127-0-0-1.optional]
+#key = "value1"
+

templates/vuls-go-cti.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/go-cti
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/go-cti --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-cti-log" --log-to-file fetch threat
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-go-cve-dictionary.service.j2

@@ -1,14 +1,12 @@
 [Unit]
 Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
-After=network-online.target nss-lookup.target
-Wants=network-online.target nss-lookup.target
 Documentation=https://github.com/vulsio/go-cve-dictionary
 
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 User={{ vuls_user }}
-ExecStart=/usr/local/bin/vuls/go-cve-dictionary --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-cve-dictionary-log" fetch nvd
+ExecStart=/usr/local/bin/vuls/go-cve-dictionary --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-cve-dictionary-log" --log-to-file fetch nvd
 
 [Install]
 WantedBy=multi-user.target

templates/vuls-go-exploitdb.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/go-exploitdb
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/go-exploitdb --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-exploitdb-log" --log-to-file fetch {{ item }}
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-go-exploitdb.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run nvd update each 3h and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=3h
+
+[Install]
+WantedBy=timers.target

templates/vuls-go-kev.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/go-kev
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/go-kev --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-kev" --log-to-file fetch kevuln
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-go-kev.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run nvd update each 3h and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=3h
+
+[Install]
+WantedBy=timers.target

templates/vuls-go-mfsdb.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/go-mfsdb
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/go-mfsdb --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/go-mfsdb-log" --log-to-file fetch msfdb
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-go-msfdb.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run nvd update each 3h and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=3h
+
+[Install]
+WantedBy=timers.target

templates/vuls-gost.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/gost
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/gost --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/gost-log" --log-to-file fetch debian
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-gost.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run nvd update each 3h and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=3h
+
+[Install]
+WantedBy=timers.target

templates/vuls-goval-dictionary.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=This is tool to build a local copy of the NVD (National Vulnerabilities Database)
+Documentation=https://github.com/vulsio/goval-dictionary
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+User={{ vuls_user }}
+ExecStart=/usr/local/bin/vuls/goval-dictionary --dbtype="{{ vuls_dbtype }}" --dbpath="{{ vuls_dbpath }}" --log-dir="/var/log/vuls/goval-dictionary-log" --log-to-file fetch debian 10 11
+
+[Install]
+WantedBy=multi-user.target
+

templates/vuls-goval-dictionary.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run nvd update each 3h and on boot
+
+[Timer]
+OnBootSec=15min
+OnUnitActiveSec=3h
+
+[Install]
+WantedBy=timers.target