Upgrade to Pro — share decks privately, control downloads, hide ads and more …

3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)

adachin0817
August 27, 2018

3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)

adachin0817

August 27, 2018
Tweet

More Decks by adachin0817

Other Decks in Technology

Transcript

  1. 2018/8/27 VulsࡇΓ #4 ࣗݾ঺հ  ɾ҆ୡ ྋ(͋ͩͪΜ) 29sai ɾϥϯαʔζ/SREνʔϜ Πϯϑϥ(AWS)/෼ੳج൫/PHPόʔδϣϯΞοϓ

    ɾBlog:https://blog.adachin.me ɾTwitterɿ@adachin0817 ɾϥδΦ:https://soundcloud.com/ryo-adachi-3 ɾࣗশΤόϯδΣϦετ/޿ใ/ίϯτϦϏϡʔλʔ ɾVuls৽ػೳ/όάͳͲͷBlog up(20هࣄ)!! ɾVulsRepo initϑΝΠϧରԠ(2017/10) ɾVuls ChatWork௨஌ରԠ(2018/4)
  2. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(؀ڥͱdocker run)  https://hub.docker.com/r/tvirus17/vuls_centos7/ ▪Environment ɾCentOS7 ɾgo

    version go1.10.1 linux/amd64 ɾvuls v0.4.2 d785fc2 ɾgo-cve-dictionary v0.1.1 c2bcc41 ⇛ ੬ऑੑ৘ใͷσʔλΛDBʹऔΓࠐΈ؅ཧ͢ΔͨΊͷπʔϧ ɾgoval-dictionary 0b28496 (Alpine,redhat/centos,ubuntu) ⇛ OVAL(Open Vulnerability and Assessment Language)XMLͰͰ͖ͯΔ ϩʔΧϧʹίϐʔͯ͠Ϗϧυ͢Δπʔϧ
  3. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(docker run)  ▪docker pull/docker run $

    docker pull tvirus17/vuls_centos7 $ docker run -h "vuls_centos7" -e TZ=Asia/ Tokyo --privileged -d --name vuls_centos7 tvirus17/vuls_centos7 /sbin/init
  4. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(ઃఆϑΝΠϧ)  ▪Vuls files $ docker exec

    -it vuls_centos7 bash [root@vuls_centos7 /]# sudo su vuls [vuls@vuls_centos7]# cd [vuls@fc4413dce445 vuls]$ ll vuls total 990580 -rw-rw-r-- 1 vuls vuls 148 Apr 2 19:42 config.toml -rw-r--r-- 1 vuls vuls 918818816 Apr 2 17:57 cve.sqlite3 -rw-r--r-- 1 vuls vuls 32768 Apr 2 19:42 cve.sqlite3-shm -rw-r--r-- 1 vuls vuls 0 Apr 2 18:21 cve.sqlite3-wal -rw-r--r-- 1 vuls vuls 95490048 Apr 2 19:41 oval.sqlite3 drwx------ 1 vuls vuls 4096 Apr 2 19:42 results
  5. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(config.tomlʹ͍ͭͯ)  ▪config.toml [slack] legacyToken = "

    "#slack api channel = " "#slackͷνϟϯωϧΛࢦఆ iconEmoji = " "#ֆจࣈ(ͳΜͰ΋) authUser = " "#vuls-user(ͳΜͰ΋) [chatwork] room = " " #URL൪߸ apiToken = " " #Apiࢦఆ [servers] #ࠓճ͸ϩʔΧϧϗετΛࢦఆ [servers.localhost] host = "localhost" port = "local"
  6. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(vuls scan,report)  ▪update goval-dictionary $ goval-dictionary

    fetch-redhat 5 6 7 ▪vuls scan,vuls report $ vuls scan $ vuls report -format-short-text -format-json -to-slack -to- chatwork -lang=ja -ignore-unfixed -cvss-over=7 Ҏ্!!!!!!