Table of contents Introduction Summary Considerations Dependencies docker links prereqs vuls Configuration local remote Scan Reports tui vulsrepo Afterword Intro No matter what server OS you run, it can be hard to keep up with what versions of packages you run as well as their vulnerabilities and the mitigations needed to stay secure.
This is where Vuls comes in.
Vuls is an open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc.
Cool blogs. Thanks for the write ups, especially on your self host setup. I still only understand half of the tools and packages but a solid book mark source none the less.
Out of curiosity, why the open source focus but still the preference for Docker over podman? I’m not criticising actively/passively. I’m curious when I see the mix of tools and priorities, then some anomaly like this. To me it means you are coming from a different angle and background than myself. Your use of tools I don’t fully grasp makes that angle a curiosity.
Why hasn’t the open source community fully conquered the self hosting chain to issue certificates and our own domains on some obscure branch or legal loophole that prevents someone else from interfering? Surely there is some obscure place that one could setup a chain of trust to issue all the needed credentials and DNS. Who cares if the commercial world plays along, just ship the certificate authority with all open source distros and let everyone else figure it out or not. I really don’t care if the Windows/Apple/Google world can find or interact with me. I might even spin that as a feature. We should have federated DNS and Certificate authorities right? What about something like crypto where these fundamental aspects of domain hosting are a distributed part of hosting and participating in the scheme. That’s been on my mind for awhile, but your blog post surfaced the idea here… sry
No offense taken we all have different knowledge and background. I have a general understanding of podman, but now I’m going to go play with it a bit at some point and get more familiar with it.
Docker is Apache 2.0 licensed. It is open source. Or at least all of the important parts. I’m not sure about docker desktop. It’s partly that I just have a lot of experience with docker, and partly just that it’s what is supported in most projects’ documentation. The fact that a lot of the Linux foundation training uses docker is another reason I’ve got more experience with it.
As far as what you are talking about people have been trying for years. The Pirate Bay wanted to develop a new method of being entirely decentralized. Odysee is working on something like blockchain/torrents combined that is very interesting. We have I2P and TOR which have some of the features you mention. I’d love to see it happen where the big companies didn’t control things.
There is progress though. https://letsencrypt.org/ is non-profit, and there are a variety of open source projects using this to automate TLS certificate signing.
Check out https://www.sigstore.dev/how-it-works and pay special attention to Fulcio and Rekor. It’s not for web certs, but it’s still a very interesting take on a certificate authority.
There’s no technical reason what you are saying couldn’t work. It just comes down to how do you trust it, and if you can’t at all, it doesn’t do much good anyway. That’s the problem to be solved. You could compromise somewhere in the middle but then you have to work out what is acceptable. I suppose the level of trust could be configurable, with different nodes earning a different level of trust, and you could configure your accepted levels for DNS or CA. It’s an interesting idea.
Stop trying to inject blockchains into everything, fuck.
I couldn’t care less about block chain, and this post had nothing to do with block chain. The reference is intended to mean like a signed chain of distributed keys or a distributed database. If you want an address, you also host a signed and locked down portion of the infrastructure. Like your node communicates with a wide area to keep your local IP up to date against your domain, where you then receive a signed portion of the database from someone like a distro package manager. Anyone can host their own domain in the system while the only cost is hosting a portion of the database and distributed DNS. It is not some money scheme. I’m saying the distributed chain of trust technology is present where it might be possible to create hosting “transactions” in such away that I can be issued a key while being a part of the key authority in a system that does not require a centralized authority or hosting.
I’m super naive about all the systems in place with web hosting and keys/certificates, but central authorities are a growing problem and such hacker based solutions would benefit everyone. I should be able to connect a Raspberry π, or better yet a RK3588 SBC, and one click install a basic secure web blog, or fediverse service from a menu of such services. The only cost should be my local basic ISP connection and a small portion of traffic in my neighborhood to give directions or check to make sure my neighbors are doing well. Any half intelligent kid should be able to do this.
I think it was meant crypyo as in cryptography Git uses it for signing (GPG), for example
Lol way to get triggered by a single word in a well written, comprehensive response and have a tantrum.