vuls-jp_ec2-vuls-config_ja

Transcript

1. EC2ͷVulsεΩϟϯΛ΄Μͷগ͠ศར͢Δπʔϧ ʮec2-vuls-configʯ VulsࡇΓ #1 @ohsawa0515

2. ࣗݾ঺հ େᖒलҰ (@ohsawa0515) GitHub: https://github.com/ohsawa0515 Blog: http://blog.jicoman.info/

3. ͭ͘Γ·ͨ͠ • ec2-vuls-config • https://github.com/ohsawa0515/ec2-vuls- config • Amazon EC2ΠϯελϯεͷλάΛݟͯઃఆ ϑΝΠϧ(config.toml)Λॻ͖׵͑Δ

4. ͳͥͭͬͨ͘ͷ͔ • Πϯελϯε(αʔό)͕ৗʹมΘΓଓ͚͍ͯΔ؀ڥʹ͓͍ͯ
 εΩϟϯର৅΋ৗʹมΘΓଓ͚͍ͯΔ
 e.g. ΦʔτεέʔϦϯάɺ৽نαʔόߏஙɺ࡟আ etc • ৗʹεΩϟϯର৅Λߋ৽(ઃఆϑΝΠϧΛߋ৽)͢Δͷ͸େม •

   ͢΂ͯͷαʔόΛεΩϟϯ͢Δඞཁ͸ͳ͍ • ಉ͡ߏ੒ͷαʔό(e.g. Webαʔό)͕ෳ਺୆͋ΔͳΒͦͷ಺ͷ1୆͚ͩΛ
 εΩϟϯ͢Ε͹ྑ͍͸ͣ(ಛʹChef, Ansible౳Ͱߏ੒ͨ͠৔߹) • Amazon Inspector ͷΑ͏ʹλά͚ͩΛݟͯࣗಈతʹεΩϟϯର৅Λݟ͚ͭΔ
 ࢓૊Έ͕ཉ͔ͬͨ͠

5. Πϯετʔϧ&ઃఆ • $ go get -u github.com/ohsawa0515/ec2-vuls-config • $ export

   AWS_ACCESS_KEY_ID=ACCESS_KEY_ID • $ export AWS_SECRET_ACCESS_KEY=ECRET_ACCESS_KEY • $ export AWS_REGION=us-east-1 • EC2Πϯελϯεʹ࣍ͷλάΛઃఆ
 ɾ Nameλά: αʔό໊ e.g. web-server-1
 ɾ εΩϟϯλά: εΩϟϯର৅ʹࢦఆ͍ͨ͠λά e.g. Vuls-Scan:True

6. ࣮ߦ • ݩͱͳΔઃఆϑΝΠϧΛ༻ҙ͢Δ • ࣮ߦ • $ ec2-vuls-config —config path/to/config.toml

7. ࣮ߦ݁Ռ(ྫ) • ৚݅ʹ߹ͬͨEC2Πϯελϯε৘ใΛઃఆϑΝΠϧʹॻ͖׵͑ͯ͘ΕΔ • σϑΥϧτͰ͸ɺλάՃ͑ͯɺLinuxαʔό & ىಈத(εςʔλε=running)͕ର৅

8. ·ͱΊ • ec2-vuls-config ͱ͍͏ͪΐͬͱͨ͠πʔϧΛͭ͘Γ·ͨ͠ • EC2λάΛઃఆ͢Δ͚ͩͰεΩϟϯର৅ΛઃఆͰ͖ΔͷͰ (ࣗ෼͸)ॏๅ͍ͯ͠·͢ • ·ͩ·ͩػೳͱͯ͠͸෺଍Γͳ͍ͱࢥ͍·͕͢
 ʮྑ͍ͳʂʯͱࢥͬͨΒGitHubͷελʔΛ͓ئ͍͠·͢ʂ

   • https://github.com/ohsawa0515/ec2-vuls-config