Upgrade to Pro — share decks privately, control downloads, hide ads and more …

新機能 "Vuls Server" / Vuls Server

Teppei Fukuda
August 27, 2018
6.7k

新機能 "Vuls Server" / Vuls Server

ワンライナーで始めるパッチマネジメント

Teppei Fukuda

August 27, 2018
Tweet

Transcript

  1. ैདྷͷVuls Vuls Scan Server Target Server Vuls Scan Server =

    Target Server ssh ϦϞʔτεΩϟϯ
 (Agent-less) ϩʔΧϧεΩϟϯ
 (Agent) Target Server ssh Scan Vuls Scan Server = Target Server Scan
  2. ؀ڥ͕ҟͳΔͨΊෳ਺VulsΛΠϯετʔϧ Vuls Scan Server Target Server ssh αʔϏε A Target

    Server ssh Vuls Scan Server Target Server ssh Target Server ssh αʔϏε B ωοτϫʔΫతʹૄ௨ੑ͕ͳ͔ͬͨΓ ݁ՌΛͲ͏ू໿ ͨ͠Βྑ͍ͷʁ
  3. ࢖͍ํ $ vuls server -listen 0.0.0.0:5515 ... [Aug 25 20:17:45]

    INFO [localhost] Listening on 0.0.0.0:5515 ؆୯
  4. ίϚϯυྫ $ curl -X POST --data-binary "`rpm -qa --queryformat "%{NAME}

    %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH} \n"`" http://192.168.33.1:5515/vuls ʢ্ͷྫͰ͸ϔομΛলུ͍ͯ͠ΔͷͰಈ͔ͳ͍ʣ SQNίϚϯυͷ݁ՌΛ1045͍ͯ͠Δ ຊ࣭తʹ͸͜Ε͚ͩ
  5. αϯϓϧσʔλ POST /vuls HTTP/1.1 User-Agent: XXX Host: 192.168.33.1:5515 Content-Type: text/plain

    X-Vuls-Server-Name: centos6.localdomain X-Vuls-OS-Family: centos X-Vuls-OS-Release: 6.9 X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64 Content-Length: 13802 cryptsetup-luks-libs 0 1.2.0 11.el6 x86_64 filesystem 0 2.4.30 3.el6 x86_64 hal 0 0.5.14 14.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 ... SQNίϚϯυͷ ݁Ռͦͷ·· +40/ͰૹΔ͜ͱ΋Մೳ
  6. rpmίϚϯυ $ rpm -qa --queryformat "%{NAME} %{EPOCHNUM} %{VERSION} %{RELEASE} %{ARCH}\n"

    ... bash 0 4.1.2 48.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 abrt-tui 0 2.0.8 43.el6.centos x86_64 nss-softokn-freebl 0 3.14.3 23.3.el6_8 x86_64 rsyslog 0 5.8.10 10.el6_6 x86_64 libattr 0 2.4.44 7.el6 x86_64 hypervfcopyd 0 0 0.17.20150108git.el6 x86_64 dbus-libs 1 1.2.24 8.el6_6 x86_64 cronie-anacron 0 1.4.4 16.el6_8.2 x86_64 zip 0 3.0 1.el6_7.1 x86_64 ... ߦύοέʔδ
  7. X-Vuls-Server-Nameϔομ POST /vuls HTTP/1.1 User-Agent: XXX Host: 192.168.33.1:5515 Content-Type: text/plain

    X-Vuls-Server-Name: centos6.localdomain X-Vuls-OS-Family: centos X-Vuls-OS-Release: 6.9 X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64 Content-Length: 13802 cryptsetup-luks-libs 0 1.2.0 11.el6 x86_64 filesystem 0 2.4.30 3.el6 x86_64 hal 0 0.5.14 14.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 ... αʔό໊ʢద౰ʹܾΊͯྑ͍ʣ
  8. X-Vuls-OS-Familyϔομ POST /vuls HTTP/1.1 User-Agent: XXX Host: 192.168.33.1:5515 Content-Type: text/plain

    X-Vuls-Server-Name: centos6.localdomain X-Vuls-OS-Family: centos X-Vuls-OS-Release: 6.9 X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64 Content-Length: 13802 cryptsetup-luks-libs 0 1.2.0 11.el6 x86_64 filesystem 0 2.4.30 3.el6 x86_64 hal 0 0.5.14 14.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 ... ॏཁ SFEIBUDFOUPTEFCJBOVCVOUVͳͲͷܾΊΒΕͨจࣈྻ
  9. X-Vuls-OS-Releaseϔομ POST /vuls HTTP/1.1 User-Agent: XXX Host: 192.168.33.1:5515 Content-Type: text/plain

    X-Vuls-Server-Name: centos6.localdomain X-Vuls-OS-Family: centos X-Vuls-OS-Release: 6.9 X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64 Content-Length: 13802 cryptsetup-luks-libs 0 1.2.0 11.el6 x86_64 filesystem 0 2.4.30 3.el6 x86_64 hal 0 0.5.14 14.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 ... ॏཁ ͱ͔ͳͲͷจࣈྻ
  10. X-Vuls-Kernel-Releaseϔομ POST /vuls HTTP/1.1 User-Agent: XXX Host: 192.168.33.1:5515 Content-Type: text/plain

    X-Vuls-Server-Name: centos6.localdomain X-Vuls-OS-Family: centos X-Vuls-OS-Release: 6.9 X-Vuls-Kernel-Release: 2.6.32-696.30.1.el6.x86_64 Content-Length: 13802 cryptsetup-luks-libs 0 1.2.0 11.el6 x86_64 filesystem 0 2.4.30 3.el6 x86_64 hal 0 0.5.14 14.el6 x86_64 ncurses-base 0 5.7 4.20090207.el6 x86_64 ... ݕ஌ਫ਼౓ʹӨڹ VOBNFSͰಘΒΕΔݱࡏͷΧʔωϧϦϦʔε
  11. HTTPϔομ • X-Vuls-Server-Nameʢoptionalʣ • ͜ͷ஋ͰαʔόΛࣝผ͍ͯ͠ΔͨΊɺಉ໊͡લΛ͚ͭΔͱอଘ࣌ʹ্ॻ͖͞ΕΔ • X-Vuls-OS-Familyʢrequiredʣ • redhat/centos/ubuntu/debianͳͲ •

    X-Vuls-OS-Releaseʢrequiredʣ • 6.9΍16.04ͳͲͷϦϦʔε൪߸ • X-Vuls-Kernel-Releaseϔομʢrequiredʣ • 2.6.32-696.30.1.el6.x86_64ͳͲͷuname -rͰಘΒΕΔ஋ • X-Vuls-Kernel-Releaseϔομʢoptionalʣ • DebianͷΈඞਢʢuname -aͰಘΒΕΔࠨ͔Β7൪໨͙Β͍ͷ஋ʣ
  12. AWS Systems Manager ΠϯϕϯτϦϚωʔδϟʔ • AWS Systems Manager ΠϯϕϯτϦΛ࢖༻ͯ͠ɺAmazon EC2

    Πϯελϯε͓ΑͼΦϯϓϨϛεαʔόʔɺ·ͨ͸ϋ ΠϒϦου؀ڥͷԾ૝Ϛγϯ (VM) ͔ΒɺΦϖϨʔςΟϯά γεςϜ (OS)ɺΞϓϦέʔγϣϯɺΠϯελϯεͷϝλ σʔλΛऩूͰ͖·͢ɻϝλσʔλΛরձ͢Δͱɺιϑτ΢Σ ΞϙϦγʔʹैͬͯιϑτ΢ΣΞͱઃఆΛ࣮ߦ͍ͯ͠ΔΠϯ ελϯεͱɺߋ৽͕ඞཁͳΠϯελϯεΛ͢͹΍͘೺ѲͰ͖ ·͢ɻ IUUQTEPDTBXTBNB[PODPNKB@KQTZTUFNTNBOBHFSMBUFTUVTFSHVJEFTZTUFNTNBOBHFSJOWFOUPSZIUNM
  13. SSMΤʔδΣϯτͷΠϯετʔϧ • SSM ΤʔδΣϯτ ͸ɺσϑΥϧτͰ͸ɺ࣍ͷ Amazon EC2 Amazon Machine Image

    (AMI) ʹΠϯετʔϧ͞Ε·͢ɻ • Windows Server (͢΂ͯͷ SKU) • Amazon Linux • Amazon Linux 2 • Ubuntu Server 16.04 • Ubuntu Server 18.04 IUUQTEPDTBXTBNB[PODPNKB@KQTZTUFNTNBOBHFSMBUFTUVTFSHVJEFTTNBHFOUIUNM
  14. Proof Of Concept • αϯϓϧίʔυΛ࡞Γ·ͨ͠
 https://github.com/knqyf263/ssm-to-vuls • EC2ΠϯελϯεIDͱVuls ServerͷΞυϨεΛࢦఆ͢Δ ͱΠϯϕϯτϦΛऔಘͯ͠JSONʹ੔ܗͯ͠Vuls

    Server ʹPOST͠·͢ • ࣮ূίʔυͰ͋Γ࣮༻ʹ଱͑͏Δ΋ͷͰ͸ͳ͍ͨΊɺ օ͞Μ͕࠷ߴͷπʔϧΛ࡞ͬͯ͘ΕΔ͜ͱΛظ଴͠·͢
  15. Vuls Serverͷ੍໿ • ରԠOS • RHEL/CentOS/Ubuntu/Debian • Amazon Linux΍FreeBSD͸ະରԠ •

    ݕ஌ਫ਼౓ • ΤʔδΣϯτʹൺ΂͔ͯᷮʹྼΔ৔߹͕͋Δʢكʣ • ෇Ճ৘ใ • ΤʔδΣϯτͰ͸ϓϩηε৘ใ΍ߋ৽ޙͷύοέʔδόʔ δϣϯͳͲ΋औಘ