$30 off During Our Annual Pro Sale. View Details »

Vuls × STNSで始める 脆弱性検知の自動化

Vuls × STNSで始める 脆弱性検知の自動化

第3回九州インフラ交流勉強会(KIXS)にてVulsをSTNSと組み合わせて利用すると超絶便利という話をしました。

Kazuhiko Yamashita

December 05, 2016
Tweet

More Decks by Kazuhiko Yamashita

Other Decks in Technology

Transcript

  1. dΦϨ͸΋͏$7&৘ใൃ৴͞ΕΔ౓ʹർฐ͢Δͷ͸΍ΊͨΜͩd
    !QZBNB(.01FQBCP *OD
    ۝भΠϯϑϥަྲྀษڧձ ,JYT
    7PM
    7VMTº45/4Ͱ࢝ΊΔ
    ੬ऑੑݕ஌ͷࣗಈԽ

    View Slide

  2. IUUQTUFOTOBQPODPN
    νʔϑςΫχΧϧϦʔυ
    ࢁԼ࿨඙!QZBNB
    ϗεςΟϯάࣄۀ෦

    View Slide

  3. ϗεςΟϯάࣄۀ෦
    શ෦Λ͍͍ײ͡ʹόʔϯͱ

    View Slide

  4. ੬ऑੑ

    View Slide

  5. αʔόӡ༻ͷ੬ऑੑରԠͷ՝୊
    wαʔό୆਺͕ଟ͍৔߹ɺௐࠪ͢Βେม
    wṖͷ๏ଇʹΑΓ୹ظؒʹଟ͘ͷ੬ऑੑ͕ݕ஌͞ΕΔͨΊɺ౓ॏͳΔௐࠪͰ؅ཧ
    ऀ͕ർฐ͢Δ

    View Slide

  6. TTIUFYBNQMKQSQNRBcHSFQPQFOTTM

    View Slide

  7. BOTJCMFGFYNQMFa<a>
    aFYBNQMFKQTBlSQNRBcHSFQ
    PQFOTTMlUMPHTPQFOTT@AEBUF
    :NEA

    View Slide

  8. 7VMT

    View Slide

  9. $7&৘ใͱඃݧαʔόΛಥ߹͠ɺ
    ੬ऑੑͷ༗ແΛࣗಈ൑ఆͯ͘͠ΕΔ
    (PMBOH੡ͷ044

    View Slide

  10. 7VMT
    HPDWFEJDUJPOBSZ
    WVMT
    TFSWFS
    5IF*OUFSOFU
    $7&৘ใͷμ΢ϯϩʔυ
    $7&৘ใࢀর
    $7&৘ใͱͷಥ߹

    View Slide

  11. $7& $PNNPO7VMOFSBCJMJUJFTBOE&YQPTVSFT

    wڞ௨੬ऑੑࣝผࢠ
    w$7&::::4&2ͷΑ͏ʹ࠾൪

    View Slide

  12. $744 $PNNPO7VMOFSBCJMJUZ4DPSJOH4ZTUFN

    w جຊධՁج४ ݱঢ়ධՁج४ ؀ڥධՁج४͝ͱʹɺηΩϡϦςΟͷେཁ݅ʹର͢Δ

    ӨڹΛ਺஋Խͨ͠΋ͷ
    w ػີੑ
    w ৘ใࢿ࢈Λਖ਼౰ͳݖརΛ࣋ͬͨਓ͚͕ͩ࢖༻Ͱ͖Δঢ়ଶʹ͓ͯ͘͜͠ͱ
    w ׬શੑ
    w ৘ใࢿ࢈͕ਖ਼౰ͳݖརΛ࣋ͨͳ͍ਓʹΑΓมߋ͞Ε͍ͯͳ͍͜ͱΛ࣮֬ʹ͓ͯ͠
    ͘͜ͱ
    w Մ༻ੑ
    w ৘ใࢿ࢈Λඞཁͳͱ͖ʹ࢖༻Ͱ͖Δ͜ͱ

    View Slide

  13. $744஋͕Λ௒͑ͯ͘ΔͱӨڹ΋େ͖͍͔ͭɺ߈ܸ
    ͕༰қͰ͋ΔՄೳੑ͕ߴ͍ɻ·ͨݱঢ়ධՁج४ ߈
    ܸίʔυͷग़ݱ༗ແ΍ରࡦ৘ใ͕ར༻ՄೳՄ൱
    ΋߹
    Θͤͯ֬ೝ͠·͠ΐ͏
    $744 $PNNPO7VMOFSBCJMJUZ4DPSJOH4ZTUFN

    View Slide

  14. 7VMTͷ࣮ߦ
    # CVE৘ใͷ࠷৽Խ
    $ go-cve-dictionary fetchnvd -last2y
    # ઃఆϑΝΠϧͷࣗಈੜ੒
    $ vuls discover 172.31.4.0/24
    # ੬ऑੑͷεΩϟϯ
    $ vuls scan --cve-dictionary-dbpath /home/vuls/cve.sqlite3 -
    report-slack -cvss-over=7

    View Slide

  15. 7VMTલఏ৚݅
    w$FOU04ͷ৔߹͸ZVNQMVHJODIBOHFMPH͕ඞཁ
    wWVMTಈ࡞αʔό͔Βඃݧαʔόʹରͯ͠ɺ44)ϩάΠϯग़དྷΔඞཁ͕͋Γɺߋ
    ʹ4VEPग़དྷΔඞཁ͕͋Δ
    w4MBDL௨஌͸͍·͍ͪݟͮΒ͍

    View Slide

  16. View Slide

  17. 45/4ͱ͸
    QPSU
    JODMVEFFUDTUOTDPOGE
    TBMU@FOBCMFUSVF
    TUSFUDIJOH@OVNCFS
    VTFSlCBTJD@VTFS
    QBTTXPSECBTJD@QBTTXPSE

    JE
    HSPVQ@JE
    LFZT<TTISTB99999ʜ>

    JE
    VTFST<FYBNQMF>

    QBTTXPSEMLGKEMLKGBMEKGBYYEGBEGBEB
    VJE HSPVQ
    % ls -ltr
    -rw-r--r-- 1 example wheel 0 May 8 00:09 kixs_in_pepabo.txt
    50.-ܗࣜͷઃఆϑΝΠϧͰɺ-JOVYͷϢʔβʔ؅ཧΛߦ͑Δ044
    MJCOTTTUOT

    View Slide

  18. UFOBOU"
    UFOBOU#
    7VMTº45/4

    JE
    HSPVQ@JE
    LFZT<TTISTB99999ʜ>
    OFUXPSLUFOBOU"
    OFUXPSLUFOBOU#
    $IFDL
    "VUIFOUJDBUJPO
    /FUXPSLͷఆٛΛ௥Ճ͢Δ͚ͩͰ
    ࣗಈ੬ऑੑ؅ཧ͕࢝ΊΒΕΔ

    View Slide

  19. 7VMTº45/4
    #!/bin/bash
    cd /home/vuls
    # CVE৘ใͷ࠷৽Խ
    /opt/go/bin/go-cve-dictionary fetchnvd -last2y
    echo -n > net_config.toml
    array=(“192.168.xxx.xxx/24”)
    for i in "${array[@]}"
    do
    /opt/go/bin/vuls discover $i | sed -n '/\[servers\./,$p' >> net_config.toml
    done
    cat config_base.toml net_config.toml > config.toml
    /opt/go/bin/vuls scan --cve-dictionary-dbpath /home/vuls/cve.sqlite3 -report-slack -cvss-over=7

    View Slide

  20. ੬ऑੑΛݕ஌ͨ͠Β

    View Slide

  21. ZVNZVQEBUF

    View Slide

  22. Կ΋ى͖ͳ͍Ͱ͘ΕʂཔΉ

    View Slide

  23. ·ͱΊ
    w(PMBOH੡ͳͷͰ؀ڥΛબ͹ͣಋೖՄೳ
    w44)ϩάΠϯϕʔεͰಈ࡞͢ΔͷͰɺ45/4ͱ૊Έ߹ΘͤΔͱΑΓศར
    wಋೖύοέʔδΛ೺Ѳ͢ΔΑΓ΋ɺ໰୊͕͋ΔύοέʔδΛݕ஌͢Δӡ༻΁
    w΋͏͙͢೥ͩ͠ɺιʔεΠϯετʔϧ͸΍Ίͯ%PDLFSͰCVJME͠Α͏

    View Slide

  24. ࢀߟจݙ
    w ڞ௨੬ऑੑࣝผࢠ$7&֓આ IUUQTXXXJQBHPKQTFDVSJUZWVMO$7&IUNM

    w ڞ௨੬ऑੑධՁγεςϜ$744֓આ IUUQXXXJQBHPKQTFDVSJUZWVMO
    $744IUNM

    View Slide

  25. ܅΋ϖύϘͰಇ͔ͳ͍͔ʁ
    ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

    View Slide

  26. 5IBOLZPV

    View Slide