OS that can be scanned for vulnerabilities are here.
No communication from the FutureVuls service to the scanned environment will occur. Outgoing communication from the scan target environment to FutureVuls will occur during authentication and upload of scan results. If “outgoing communication” is restricted in the scanning target environment, please refer to the following document to allow outgoing communication to the corresponding FQDN.
The scanner installation installs binaries located in AWS S3: aws:s3:::installer.vuls.biz/*” release.
{
"Version": "2012-10-17",
"Id": "XXXXXXXXXXXXX",
"Statement": [
{
"Sid": "XXXXXXXXXXXXX",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::installer.vuls.biz/*"
}
]
}
Please allow the “s3:PutObject” action on the “arn:aws:s3:::vuls-results-tmp-prd/*” release in the policy for the appropriate endpoint.
{
"Version": "2012-10-17",
"Id": "XXXXXXXXXXXXX",
"Statement": [
{
"Sid": "XXXXXXXXXXXXX",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::vuls-results-tmp-prd/*"
}
]
}
Even if the scanner on the server is not working correctly due to periodical scan, it may be displayed as successful in Group settings > Scan history.
Usually, FutureVuls scanning process is roughly divided into the following 2 steps.
The scanner scan is started once a day, and the above steps 1 and 2 are executed. On the other hand, for periodic scans, only step 2 is executed several times a day. You can determine whether the scan history result is from a periodic scan by checking the value of the “Scanner name” column, which is “FutureVulsManual” or not.
During “installation” and “uploading scan results”, the server performing the scan will access the Internet.
When scanning servers in a proxy environment, please refer to the proxy settings page as well.
If you get the following error when scanning, remove HTTPS_PROXY from the environment variable and run again.
"Failed to report. err: Post https://auth.vuls.biz/one-time-auth: proxyconnect tcp: tls: first record does not look like a TLS handshake"
``Subject: [FutureVuls] [ScanAuth] Error authenticating scan.
To cancel or cancel your membership, please perform all the tasks on the following page.
If you continue to receive the above email after the trial period ends The scanner is still installed on some server and and it is still uploading data to FutureVuls.
Please execute the command command as a privileged user on the server to be scanned. Once the scanner has been removed, no more emails will be sent.
No. FutureVuls scanners perform scans at scheduled times. There is no resident process and scanner updates do not interfere with application communication.
FutureVuls uses UUID to uniquely identify the server. If you are in a scalable environment and have no problem combining vulnerability management on servers that are guaranteed to have the same configuration as one server on FutureVuls, please install the scanner on only one representative server or set the same UUID on all servers in your environment.
UUID configuration file
/opt/vuls-saas/config.toml (default: /opt/vuls-saas/config.toml)If you want to identify the server as a separate server in a scalable environment, run the install command on each server and assign a different UUID. (The UUID is automatically generated on the first scan after the scanner is installed.)
To scan a scalable environment using an AMI in an AWS environment, follow these steps: 1.