3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)

Transcript

1. 2018/8/27 VulsࡇΓ #4 ϥϯαʔζגࣜձࣾ
   43&ʗ҆ୡ
   ྋ ͋ͩͪ Μ 3෼ؒͰ vuls scanͱreportͰ͖Δͷ͔

   νϟϨϯδ!!!

2. 2018/8/27 VulsࡇΓ #4 ࣗݾ঺հ

3. 2018/8/27 VulsࡇΓ #4 ࣗݾ঺հ  ɾ҆ୡ ྋ(͋ͩͪΜ) 29sai ɾϥϯαʔζ/SREνʔϜ Πϯϑϥ(AWS)/෼ੳج൫/PHPόʔδϣϯΞοϓ

   ɾBlog:https://blog.adachin.me ɾTwitterɿ@adachin0817 ɾϥδΦ:https://soundcloud.com/ryo-adachi-3 ɾࣗশΤόϯδΣϦετ/޿ใ/ίϯτϦϏϡʔλʔ ɾVuls৽ػೳ/όάͳͲͷBlog up(20هࣄ)!! ɾVulsRepo initϑΝΠϧରԠ(2017/10) ɾVuls ChatWork௨஌ରԠ(2018/4)

4. 2018/8/27 VulsࡇΓ #4 ݱࡏVulsؔ࿈Ͱௐ͍ࠪͯ͠Δ͜ͱ

5. 
   7VMTࡇΓ
    Install with Ansible(security-automation-with-ansible-2)  https://github.com/RVIRUS0817/ansible_vuls security-automation-with-ansible-2 ߏங͸Ͱ͖͕ͨɺvuls scan͕Ͱ͖ͳ͍ͬ

6. 2018/8/27 VulsࡇΓ #4 ϥϯαʔζͰͷVulsӡ༻

7. 
   7VMTࡇΓ
    ϥϯαʔζͰ੬ऑੑεΩϟφVulsΛಋೖ͠·ͨ͠!!!!  https://engineer.blog.lancers.jp/2018/06/lancers-vuls/ ϥϯαʔζͰͷVulsӡ༻ʹ͍ͭͯ͸ಡΜͰ͍ͩ͘͞ʂʂ

8. 2018/8/27 VulsࡇΓ #4 ͱ͍͏Θ͚Ͱ

9. 2018/8/27 VulsࡇΓ #4 ࠓճ͸ॳ৺ऀ޲͚ VulsϋϯζΦϯΛ΍Γ·͢

10. 2018/8/27 VulsࡇΓ #4 ͔͠΋3෼Ͱʂʂʂʂ (खಈͰίϐϖ˕/γΣϧ൓ଇ☓)

11. 2018/8/27 VulsࡇΓ #4 ͜Ε͸·͞ʹʂʂʂʂ

12. 2018/8/27 VulsࡇΓ #4 ʮ3෼ؒ଴ͬͯ΍Δʯ

13. 2018/8/27 VulsࡇΓ #4 ▪ࠓճ΍Δ͜ͱ 1.Vuls docker run(ىಈ) 2.ϩʔΧϧϗετΛεΩϟϯ (vuls scan)

    3.Slack/ChatWorkʹϨϙʔτ (vuls report) ׻੠!!

14. 2018/8/27 VulsࡇΓ #4 ͷલʹʂʂʂ

15. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷ આ໌ͤͯ͞ʂʂ

16. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌  https://blog.adachin.me/archives/8042 ʮ[docker][dev]Vulsͷ։ൃ؀ڥ࡞Γ·͍͍͍͍͍͍ͨͥ͌͠!!ʯ

17. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(؀ڥͱdocker run)  https://hub.docker.com/r/tvirus17/vuls_centos7/ ▪Environment ɾCentOS7 ɾgo

    version go1.10.1 linux/amd64 ɾvuls v0.4.2 d785fc2 ɾgo-cve-dictionary v0.1.1 c2bcc41 ⇛ ੬ऑੑ৘ใͷσʔλΛDBʹऔΓࠐΈ؅ཧ͢ΔͨΊͷπʔϧ ɾgoval-dictionary 0b28496 (Alpine,redhat/centos,ubuntu) ⇛ OVAL(Open Vulnerability and Assessment Language)XMLͰͰ͖ͯΔ ϩʔΧϧʹίϐʔͯ͠Ϗϧυ͢Δπʔϧ

18. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(docker run)  ▪docker pull/docker run $

    docker pull tvirus17/vuls_centos7 $ docker run -h "vuls_centos7" -e TZ=Asia/ Tokyo --privileged -d --name vuls_centos7 tvirus17/vuls_centos7 /sbin/init

19. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(ઃఆϑΝΠϧ)  ▪Vuls files $ docker exec

    -it vuls_centos7 bash [root@vuls_centos7 /]# sudo su vuls [vuls@vuls_centos7]# cd [vuls@fc4413dce445 vuls]$ ll vuls total 990580 -rw-rw-r-- 1 vuls vuls 148 Apr 2 19:42 config.toml -rw-r--r-- 1 vuls vuls 918818816 Apr 2 17:57 cve.sqlite3 -rw-r--r-- 1 vuls vuls 32768 Apr 2 19:42 cve.sqlite3-shm -rw-r--r-- 1 vuls vuls 0 Apr 2 18:21 cve.sqlite3-wal -rw-r--r-- 1 vuls vuls 95490048 Apr 2 19:41 oval.sqlite3 drwx------ 1 vuls vuls 4096 Apr 2 19:42 results

20. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(config.tomlʹ͍ͭͯ)  ▪config.toml [slack] legacyToken = "

    "#slack api channel = " "#slackͷνϟϯωϧΛࢦఆ iconEmoji = " "#ֆจࣈ(ͳΜͰ΋) authUser = " "#vuls-user(ͳΜͰ΋) [chatwork] room = " " #URL൪߸ apiToken = " " #Apiࢦఆ [servers] #ࠓճ͸ϩʔΧϧϗετΛࢦఆ [servers.localhost] host = "localhost" port = "local"

21. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(ࣗಈόʔδϣϯΞοϓ)  ▪Vuls Update https://blog.adachin.me/archives/8861

22. 2018/8/27 VulsࡇΓ #4 Vuls։ൃ؀ڥ(Docker)ͷઆ໌(vuls scan,report)  ▪update goval-dictionary $ goval-dictionary

    fetch-redhat 5 6 7 ▪vuls scan,vuls report $ vuls scan $ vuls report -format-short-text -format-json -to-slack -to- chatwork -lang=ja -ignore-unfixed -cvss-over=7 Ҏ্!!!!!!

23. 2018/8/27 VulsࡇΓ #4 ΍Γ·ͬͤ!!!!!!! ४උ͠·͢(ͪΐΜ·͛͞ΜλΠϜਤͬͯ)

24. 2018/8/27 VulsࡇΓ #4

25. 2018/8/27 VulsࡇΓ #4 ·ͱΊ  ɾҙ֎ͱͰ͖ͨ ɾॳ৺ऀ͞Μʹ΋Πϝʔδ͕༙͍ͨ͸ͣ ɾखಈͰscanͱreportΛ͍͕ͯͨ͠γΣϧܳʹ͢Δͷ͕⭕ https://github.com/RVIRUS0817/shellscripts/blob/master/vuls_script/vuls_autoscan.sh ɾ·ͩ·ͩ։ൃ͠ʹ͍͘ίϯςφ(Ϛ΢ϯτͰ͖ͳ͍)

    ɾdocker-composeͰߏங͢Δʂ ɾΈͳ͞Μ΋OSS׆ಈ͠Α͏ʂ ɾVulsίϯτϦϏϡʔλʔʹͳΖ͏!!!

26. 2018/8/27 VulsࡇΓ #4 ΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!!!!!!  ɾΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!! https://www.wantedly.com/companies/lancers/projects

27. 2018/8/27 VulsࡇΓ #4 ͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂʂ