Vuls × STNSで始める 脆弱性検知の自動化

Transcript

1. dΦϨ͸΋͏$7&৘ใൃ৴͞ΕΔ౓ʹർฐ͢Δͷ͸΍ΊͨΜͩd !QZBNB
   
   (.0
   1FQBCP
   *OD
   
   ۝भΠϯϑϥަྲྀษڧձ ,JYT
   7PM 7VMT
   º
   45/4Ͱ࢝ΊΔ
   ੬ऑੑݕ஌ͷࣗಈԽ

2. IUUQTUFOTOBQPODPN νʔϑςΫχΧϧϦʔυ ࢁԼ
   ࿨඙!QZBNB ϗεςΟϯάࣄۀ෦

3. ϗεςΟϯάࣄۀ෦ શ෦Λ͍͍ײ͡ʹόʔϯͱ

4. ੬ऑੑ

5. αʔόӡ༻ͷ੬ऑੑରԠͷ՝୊ wαʔό୆਺͕ଟ͍৔߹ɺௐࠪ͢Βେม
   wṖͷ๏ଇʹΑΓ୹ظؒʹଟ͘ͷ੬ऑੑ͕ݕ஌͞ΕΔͨΊɺ౓ॏͳΔௐࠪͰ؅ཧ ऀ͕ർฐ͢Δ

6. TTI
   U
   FYBNQMKQ
   
   SQN
   RB
   c
   HSFQ
   PQFOTTM

7. BOTJCMF
   G
   
   FYNQMFa<a> a FYBNQMFKQ
   T
   B
   lSQN
   RB
   c
   HSFQ
   PQFOTTMl
   U
   MPHTPQFOTT@AEBUF
   :NEA
   

8. 7VMT

9. $7&৘ใͱඃݧαʔόΛಥ߹͠ɺ
   ੬ऑੑͷ༗ແΛࣗಈ൑ఆͯ͘͠ΕΔ
   (PMBOH੡ͷ044

10. 7VMT HPDWFEJDUJPOBSZ WVMT TFSWFS 5IF
    *OUFSOFU $7&৘ใͷμ΢ϯϩʔυ $7&৘ใࢀর $7&৘ใͱͷಥ߹

11. $7& $PNNPO
    7VMOFSBCJMJUJFT
    BOE
    &YQPTVSFT wڞ௨੬ऑੑࣝผࢠ
    w$7&::::4&2ͷΑ͏ʹ࠾൪

12. $744 $PNNPO
    7VMOFSBCJMJUZ
    4DPSJOH
    4ZTUFN w جຊධՁج४ ݱঢ়ධՁج४ ؀ڥධՁج४͝ͱʹɺηΩϡϦςΟͷେཁ݅ʹର͢Δ
 ӨڹΛ਺஋Խͨ͠΋ͷ
    w ػີੑ
    w

    ৘ใࢿ࢈Λਖ਼౰ͳݖརΛ࣋ͬͨਓ͚͕ͩ࢖༻Ͱ͖Δঢ়ଶʹ͓ͯ͘͜͠ͱ
    w ׬શੑ
    w ৘ใࢿ࢈͕ਖ਼౰ͳݖརΛ࣋ͨͳ͍ਓʹΑΓมߋ͞Ε͍ͯͳ͍͜ͱΛ࣮֬ʹ͓ͯ͠ ͘͜ͱ
    w Մ༻ੑ
    w ৘ใࢿ࢈Λඞཁͳͱ͖ʹ࢖༻Ͱ͖Δ͜ͱ

13. $744஋͕Λ௒͑ͯ͘ΔͱӨڹ΋େ͖͍͔ͭɺ߈ܸ ͕༰қͰ͋ΔՄೳੑ͕ߴ͍ɻ·ͨݱঢ়ධՁج४
    ߈ ܸίʔυͷग़ݱ༗ແ΍ରࡦ৘ใ͕ར༻ՄೳՄ൱ ΋߹ Θͤͯ֬ೝ͠·͠ΐ͏ $744 $PNNPO
    7VMOFSBCJMJUZ
    4DPSJOH
    4ZTUFN

14. 7VMTͷ࣮ߦ # CVE৘ใͷ࠷৽Խ $ go-cve-dictionary fetchnvd -last2y # ઃఆϑΝΠϧͷࣗಈੜ੒ $

    vuls discover 172.31.4.0/24 # ੬ऑੑͷεΩϟϯ $ vuls scan --cve-dictionary-dbpath /home/vuls/cve.sqlite3 - report-slack -cvss-over=7

15. 7VMTલఏ৚݅ w$FOU04ͷ৔߹͸ZVNQMVHJODIBOHFMPH͕ඞཁ
    wWVMTಈ࡞αʔό͔Βඃݧαʔόʹରͯ͠ɺ44)ϩάΠϯग़དྷΔඞཁ͕͋Γɺߋ ʹ4VEPग़དྷΔඞཁ͕͋Δ
    w4MBDL௨஌͸͍·͍ͪݟͮΒ͍

16. None

17. 45/4ͱ͸ QPSU
    
    
    JODMVEF
    
    FUDTUOTDPOGE 
    TBMU@FOBCMF
    
    USVF
    TUSFUDIJOH@OVNCFS
    
    
    VTFS
    
    lCBTJD@VTFS
    QBTTXPSE
    
    CBTJD@QBTTXPSE
    <VTFSTFYBNQMF>
    JE
    
    
    

    HSPVQ@JE
    
    
    LFZT
    
    <TTISTB
    99999ʜ>
    <HSPVQTFYBNQMF>
    JE
    
    
    VTFST
    
    <FYBNQMF>
    <TVEPFSTFYBNQMF>
    QBTTXPSE
    
    MLGKEMLKGBMEKGBYYEGBEGBEB
    VJE HSPVQ % ls -ltr -rw-r--r-- 1 example wheel 0 May 8 00:09 kixs_in_pepabo.txt 50.-ܗࣜͷઃఆϑΝΠϧͰɺ-JOVYͷϢʔβʔ؅ཧΛߦ͑Δ044 MJCOTTTUOT

18. UFOBOU" UFOBOU# 7VMT
    º
    45/4 <VTFSTWVMT>
    JE
    
    
    HSPVQ@JE
    
    
    LFZT
    
    <TTISTB
    99999ʜ>
    OFUXPSL
    UFOBOU"
    OFUXPSL
    UFOBOU# $IFDL

    "VUIFOUJDBUJPO /FUXPSLͷఆٛΛ௥Ճ͢Δ͚ͩͰ ࣗಈ੬ऑੑ؅ཧ͕࢝ΊΒΕΔ

19. 7VMT
    º
    45/4 #!/bin/bash cd /home/vuls # CVE৘ใͷ࠷৽Խ /opt/go/bin/go-cve-dictionary fetchnvd -last2y echo

    -n > net_config.toml array=(“192.168.xxx.xxx/24”) for i in "${array[@]}" do /opt/go/bin/vuls discover $i | sed -n '/\[servers\./,$p' >> net_config.toml done cat config_base.toml net_config.toml > config.toml /opt/go/bin/vuls scan --cve-dictionary-dbpath /home/vuls/cve.sqlite3 -report-slack -cvss-over=7

20. ੬ऑੑΛݕ஌ͨ͠Β

21. 
    ZVN
    Z
    VQEBUF

22. Կ΋ى͖ͳ͍Ͱ͘ΕʂཔΉ

23. ·ͱΊ w(PMBOH੡ͳͷͰ؀ڥΛબ͹ͣಋೖՄೳ
    w44)ϩάΠϯϕʔεͰಈ࡞͢ΔͷͰɺ45/4ͱ૊Έ߹ΘͤΔͱΑΓศར
    wಋೖύοέʔδΛ೺Ѳ͢ΔΑΓ΋ɺ໰୊͕͋ΔύοέʔδΛݕ஌͢Δӡ༻΁
    w΋͏͙͢೥ͩ͠ɺιʔεΠϯετʔϧ͸΍Ίͯ%PDLFSͰCVJME͠Α͏

24. ࢀߟจݙ w ڞ௨੬ऑੑࣝผࢠ$7&֓આ IUUQTXXXJQBHPKQTFDVSJUZWVMO$7&IUNM
    w ڞ௨੬ऑੑධՁγεςϜ$744֓આ IUUQXXXJQBHPKQTFDVSJUZWVMO $744IUNM
    

25. ܅΋ϖύϘͰಇ͔ͳ͍͔ʁ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

26. 5IBOL
    ZPV