Upgrade to Pro — share decks privately, control downloads, hide ads and more …

3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)

adachin0817
August 27, 2018

3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)

adachin0817

August 27, 2018
Tweet

More Decks by adachin0817

Other Decks in Technology

Transcript

  1. 2018/8/27 VulsࡇΓ #4
    ϥϯαʔζגࣜձࣾ
    43&ʗ҆ୡྋ ͋ͩͪ
    Μ

    3෼ؒͰ
    vuls scanͱreportͰ͖Δͷ͔
    νϟϨϯδ!!!

    View Slide

  2. 2018/8/27 VulsࡇΓ #4
    ࣗݾ঺հ

    View Slide

  3. 2018/8/27 VulsࡇΓ #4
    ࣗݾ঺հ
    ɾ҆ୡ ྋ(͋ͩͪΜ) 29sai
    ɾϥϯαʔζ/SREνʔϜ
    Πϯϑϥ(AWS)/෼ੳج൫/PHPόʔδϣϯΞοϓ
    ɾBlog:https://blog.adachin.me
    ɾTwitterɿ@adachin0817
    ɾϥδΦ:https://soundcloud.com/ryo-adachi-3
    ɾࣗশΤόϯδΣϦετ/޿ใ/ίϯτϦϏϡʔλʔ
    ɾVuls৽ػೳ/όάͳͲͷBlog up(20هࣄ)!!
    ɾVulsRepo initϑΝΠϧରԠ(2017/10)
    ɾVuls ChatWork௨஌ରԠ(2018/4)

    View Slide

  4. 2018/8/27 VulsࡇΓ #4
    ݱࡏVulsؔ࿈Ͱௐ͍ࠪͯ͠Δ͜ͱ

    View Slide

  5. 7VMTࡇΓ
    Install with Ansible(security-automation-with-ansible-2)
    https://github.com/RVIRUS0817/ansible_vuls
    security-automation-with-ansible-2
    ߏங͸Ͱ͖͕ͨɺvuls scan͕Ͱ͖ͳ͍ͬ

    View Slide

  6. 2018/8/27 VulsࡇΓ #4
    ϥϯαʔζͰͷVulsӡ༻

    View Slide

  7. 7VMTࡇΓ
    ϥϯαʔζͰ੬ऑੑεΩϟφVulsΛಋೖ͠·ͨ͠!!!!
    https://engineer.blog.lancers.jp/2018/06/lancers-vuls/
    ϥϯαʔζͰͷVulsӡ༻ʹ͍ͭͯ͸ಡΜͰ͍ͩ͘͞ʂʂ

    View Slide

  8. 2018/8/27 VulsࡇΓ #4
    ͱ͍͏Θ͚Ͱ

    View Slide

  9. 2018/8/27 VulsࡇΓ #4
    ࠓճ͸ॳ৺ऀ޲͚
    VulsϋϯζΦϯΛ΍Γ·͢

    View Slide

  10. 2018/8/27 VulsࡇΓ #4
    ͔͠΋3෼Ͱʂʂʂʂ
    (खಈͰίϐϖ˕/γΣϧ൓ଇ☓)

    View Slide

  11. 2018/8/27 VulsࡇΓ #4
    ͜Ε͸·͞ʹʂʂʂʂ

    View Slide

  12. 2018/8/27 VulsࡇΓ #4
    ʮ3෼ؒ଴ͬͯ΍Δʯ

    View Slide

  13. 2018/8/27 VulsࡇΓ #4
    ■ࠓճ΍Δ͜ͱ
    1.Vuls docker run(ىಈ)
    2.ϩʔΧϧϗετΛεΩϟϯ
    (vuls scan)
    3.Slack/ChatWorkʹϨϙʔτ
    (vuls report)
    ׻੠!!

    View Slide

  14. 2018/8/27 VulsࡇΓ #4
    ͷલʹʂʂʂ

    View Slide

  15. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷ
    આ໌ͤͯ͞ʂʂ

    View Slide

  16. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌
    https://blog.adachin.me/archives/8042
    ʮ[docker][dev]Vulsͷ։ൃ؀ڥ࡞Γ·͍͍͍͍͍͍ͨͥ͌͠!!ʯ

    View Slide

  17. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(؀ڥͱdocker run)
    https://hub.docker.com/r/tvirus17/vuls_centos7/
    ■Environment
    ɾCentOS7
    ɾgo version go1.10.1 linux/amd64
    ɾvuls v0.4.2 d785fc2
    ɾgo-cve-dictionary v0.1.1 c2bcc41
    ⇛ ੬ऑੑ৘ใͷσʔλΛDBʹऔΓࠐΈ؅ཧ͢ΔͨΊͷπʔϧ
    ɾgoval-dictionary 0b28496 (Alpine,redhat/centos,ubuntu)
    ⇛ OVAL(Open Vulnerability and Assessment Language)XMLͰͰ͖ͯΔ
    ϩʔΧϧʹίϐʔͯ͠Ϗϧυ͢Δπʔϧ

    View Slide

  18. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(docker run)
    ■docker pull/docker run
    $ docker pull tvirus17/vuls_centos7
    $ docker run -h "vuls_centos7" -e TZ=Asia/
    Tokyo --privileged -d --name vuls_centos7
    tvirus17/vuls_centos7 /sbin/init

    View Slide

  19. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(ઃఆϑΝΠϧ)
    ■Vuls files
    $ docker exec -it vuls_centos7 bash
    [[email protected]_centos7 /]# sudo su vuls
    [[email protected]_centos7]# cd
    [[email protected] vuls]$ ll vuls
    total 990580
    -rw-rw-r-- 1 vuls vuls 148 Apr 2 19:42 config.toml
    -rw-r--r-- 1 vuls vuls 918818816 Apr 2 17:57 cve.sqlite3
    -rw-r--r-- 1 vuls vuls 32768 Apr 2 19:42 cve.sqlite3-shm
    -rw-r--r-- 1 vuls vuls 0 Apr 2 18:21 cve.sqlite3-wal
    -rw-r--r-- 1 vuls vuls 95490048 Apr 2 19:41 oval.sqlite3
    drwx------ 1 vuls vuls 4096 Apr 2 19:42 results

    View Slide

  20. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(config.tomlʹ͍ͭͯ)
    ■config.toml
    [slack]
    legacyToken = " "#slack api
    channel = " "#slackͷνϟϯωϧΛࢦఆ
    iconEmoji = " "#ֆจࣈ(ͳΜͰ΋)
    authUser = " "#vuls-user(ͳΜͰ΋)
    [chatwork]
    room = " " #URL൪߸
    apiToken = " " #Apiࢦఆ
    [servers]
    #ࠓճ͸ϩʔΧϧϗετΛࢦఆ
    [servers.localhost]
    host = "localhost"
    port = "local"

    View Slide

  21. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(ࣗಈόʔδϣϯΞοϓ)
    ■Vuls Update
    https://blog.adachin.me/archives/8861

    View Slide

  22. 2018/8/27 VulsࡇΓ #4
    Vuls։ൃ؀ڥ(Docker)ͷઆ໌(vuls scan,report)
    ■update goval-dictionary
    $ goval-dictionary fetch-redhat 5 6 7
    ■vuls scan,vuls report
    $ vuls scan
    $ vuls report -format-short-text -format-json -to-slack -to-
    chatwork -lang=ja -ignore-unfixed -cvss-over=7
    Ҏ্!!!!!!

    View Slide

  23. 2018/8/27 VulsࡇΓ #4
    ΍Γ·ͬͤ!!!!!!!
    ४උ͠·͢(ͪΐΜ·͛͞ΜλΠϜਤͬͯ)

    View Slide

  24. 2018/8/27 VulsࡇΓ #4

    View Slide

  25. 2018/8/27 VulsࡇΓ #4
    ·ͱΊ
    ɾҙ֎ͱͰ͖ͨ
    ɾॳ৺ऀ͞Μʹ΋Πϝʔδ͕༙͍ͨ͸ͣ
    ɾखಈͰscanͱreportΛ͍͕ͯͨ͠γΣϧܳʹ͢Δͷ͕⭕
    https://github.com/RVIRUS0817/shellscripts/blob/master/vuls_script/vuls_autoscan.sh
    ɾ·ͩ·ͩ։ൃ͠ʹ͍͘ίϯςφ(Ϛ΢ϯτͰ͖ͳ͍)
    ɾdocker-composeͰߏங͢Δʂ
    ɾΈͳ͞Μ΋OSS׆ಈ͠Α͏ʂ
    ɾVulsίϯτϦϏϡʔλʔʹͳΖ͏!!!

    View Slide

  26. 2018/8/27 VulsࡇΓ #4
    ΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!!!!!!
    ɾΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!!
    https://www.wantedly.com/companies/lancers/projects

    View Slide

  27. 2018/8/27 VulsࡇΓ #4
    ͝ਗ਼ௌ
    ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂʂ

    View Slide