Upgrade to Pro — share decks privately, control downloads, hide ads and more …

vuls-jp_ec2-vuls-config_en

 vuls-jp_ec2-vuls-config_en

E8ac626646da35420ffba5da02f4787d?s=128

Shuichi Ohsawa

September 26, 2016
Tweet

Transcript

  1. Tools for useful Vuls scan for EC2 ʮec2-vuls-configʯ Vuls-jp #1

    @ohsawa0515
  2. Shuichi Ohsawa (@ohsawa0515) GitHub: https://github.com/ohsawa0515 Blog: http://blog.jicoman.info/

  3. ec2-vuls-config • https://github.com/ohsawa0515/ec2-vuls- config • Written by golang • Rewrites

    the configuration file (config.toml) by describing Amazon EC2 instance tags
  4. Why necessary? • Instance is constantly changing by AutoScaling, Adding

    or deleting instances. It is hard to update the scan target (update the configuration file). • You do not need to scan all servers. • If we have servers of the same configuration (e.g. Web server) that use server configuration tools (chef, ansible etc), may be scanned only one of them. • I would like to find automatically the scan target by describing tags like Amazon Inspector.
  5. Installation & Settings • $ go get -u github.com/ohsawa0515/ec2-vuls-config •

    $ export AWS_ACCESS_KEY_ID=ACCESS_KEY_ID • $ export AWS_SECRET_ACCESS_KEY=ECRET_ACCESS_KEY • $ export AWS_REGION=us-east-1 • Set the tag to EC2 instance that you want to scan
 ɾ Name: Name of server. e.g. web-server-1
 ɾ Vuls-Scan (Default): Scan target. e.g. Vuls-Scan:True
  6. Execution • Prepare config.toml for Vuls scan • Run ec2-vuls-config

    • $ ec2-vuls-config —config path/to/config.toml
  7. Execution result (for example) • Rewrite the configuration file which

    the matched ec2 instance by filtering. • By default, filtering works that status is running, platform is linux
  8. Conclusion • ec2-vuls-config is useful cli to create config file

    for Vuls in Amazon EC2. • It is convenient to scan target by setting EC2 tag. I have been using frequently :-). • Please give me the star of GitHub if you think good.