Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)
rvirus0817
August 27, 2018
Technology
1
2.3k
3分間でvuls scanとreportできるのかチャレンジ!(200秒チャレンジ)
https://vuls-jp.connpass.com/event/94790/
Vuls祭り #4
rvirus0817
August 27, 2018
Tweet
Share
More Decks by rvirus0817
See All by rvirus0817
rvirus0817
1
1.9k
rvirus0817
2
1.1k
rvirus0817
1
1.1k
rvirus0817
1
1k
rvirus0817
2
2k
rvirus0817
0
570
rvirus0817
2
2.1k
rvirus0817
0
330
rvirus0817
1
3.1k
Other Decks in Technology
See All in Technology
syoshie
0
430
conciergeu
0
150
willnet
12
4.1k
udzura
2
250
iwashi
1
160
harshbothra
0
120
imdigitallab
0
140
nkjzm
0
570
whitefox_73
0
190
grapecity_dev
0
130
sadayoshitada0919
0
280
viva_tweet_x
3
2.7k
Featured
See All Featured
philnash
9
580
rocio
155
11k
iamctodd
19
2k
lara
172
9.6k
shlominoach
176
7.5k
productmarketing
5
720
holman
448
130k
colly
188
14k
philhawksworth
192
8.8k
vanstee
117
4.9k
jonyablonski
19
1.2k
cassininazir
347
20k
Transcript
2018/8/27 VulsࡇΓ #4 ϥϯαʔζגࣜձࣾ 43&ʗ҆ୡྋ ͋ͩͪ Μ 3ؒͰ vuls scanͱreportͰ͖Δͷ͔
νϟϨϯδ!!!
2018/8/27 VulsࡇΓ #4 ࣗݾհ
2018/8/27 VulsࡇΓ #4 ࣗݾհ ɾ҆ୡ ྋ(͋ͩͪΜ) 29sai ɾϥϯαʔζ/SREνʔϜ Πϯϑϥ(AWS)/ੳج൫/PHPόʔδϣϯΞοϓ
ɾBlog:https://blog.adachin.me ɾTwitterɿ@adachin0817 ɾϥδΦ:https://soundcloud.com/ryo-adachi-3 ɾࣗশΤόϯδΣϦετ/ใ/ίϯτϦϏϡʔλʔ ɾVuls৽ػೳ/όάͳͲͷBlog up(20هࣄ)!! ɾVulsRepo initϑΝΠϧରԠ(2017/10) ɾVuls ChatWork௨ରԠ(2018/4)
2018/8/27 VulsࡇΓ #4 ݱࡏVulsؔ࿈Ͱௐ͍ࠪͯ͠Δ͜ͱ
7VMTࡇΓ Install with Ansible(security-automation-with-ansible-2) https://github.com/RVIRUS0817/ansible_vuls security-automation-with-ansible-2 ߏஙͰ͖͕ͨɺvuls scan͕Ͱ͖ͳ͍ͬ
2018/8/27 VulsࡇΓ #4 ϥϯαʔζͰͷVulsӡ༻
7VMTࡇΓ ϥϯαʔζͰ੬ऑੑεΩϟφVulsΛಋೖ͠·ͨ͠!!!! https://engineer.blog.lancers.jp/2018/06/lancers-vuls/ ϥϯαʔζͰͷVulsӡ༻ʹ͍ͭͯಡΜͰ͍ͩ͘͞ʂʂ
2018/8/27 VulsࡇΓ #4 ͱ͍͏Θ͚Ͱ
2018/8/27 VulsࡇΓ #4 ࠓճॳ৺ऀ͚ VulsϋϯζΦϯΛΓ·͢
2018/8/27 VulsࡇΓ #4 ͔͠3Ͱʂʂʂʂ (खಈͰίϐϖ˕/γΣϧଇ☓)
2018/8/27 VulsࡇΓ #4 ͜Ε·͞ʹʂʂʂʂ
2018/8/27 VulsࡇΓ #4 ʮ3ؒͬͯΔʯ
2018/8/27 VulsࡇΓ #4 ▪ࠓճΔ͜ͱ 1.Vuls docker run(ىಈ) 2.ϩʔΧϧϗετΛεΩϟϯ (vuls scan)
3.Slack/ChatWorkʹϨϙʔτ (vuls report) !!
2018/8/27 VulsࡇΓ #4 ͷલʹʂʂʂ
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷ આ໌ͤͯ͞ʂʂ
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌ https://blog.adachin.me/archives/8042 ʮ[docker][dev]Vulsͷ։ൃڥ࡞Γ·͍͍͍͍͍͍ͨͥ͌͠!!ʯ
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(ڥͱdocker run) https://hub.docker.com/r/tvirus17/vuls_centos7/ ▪Environment ɾCentOS7 ɾgo
version go1.10.1 linux/amd64 ɾvuls v0.4.2 d785fc2 ɾgo-cve-dictionary v0.1.1 c2bcc41 ⇛ ੬ऑੑใͷσʔλΛDBʹऔΓࠐΈཧ͢ΔͨΊͷπʔϧ ɾgoval-dictionary 0b28496 (Alpine,redhat/centos,ubuntu) ⇛ OVAL(Open Vulnerability and Assessment Language)XMLͰͰ͖ͯΔ ϩʔΧϧʹίϐʔͯ͠Ϗϧυ͢Δπʔϧ
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(docker run) ▪docker pull/docker run $
docker pull tvirus17/vuls_centos7 $ docker run -h "vuls_centos7" -e TZ=Asia/ Tokyo --privileged -d --name vuls_centos7 tvirus17/vuls_centos7 /sbin/init
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(ઃఆϑΝΠϧ) ▪Vuls files $ docker exec
-it vuls_centos7 bash [root@vuls_centos7 /]# sudo su vuls [vuls@vuls_centos7]# cd [vuls@fc4413dce445 vuls]$ ll vuls total 990580 -rw-rw-r-- 1 vuls vuls 148 Apr 2 19:42 config.toml -rw-r--r-- 1 vuls vuls 918818816 Apr 2 17:57 cve.sqlite3 -rw-r--r-- 1 vuls vuls 32768 Apr 2 19:42 cve.sqlite3-shm -rw-r--r-- 1 vuls vuls 0 Apr 2 18:21 cve.sqlite3-wal -rw-r--r-- 1 vuls vuls 95490048 Apr 2 19:41 oval.sqlite3 drwx------ 1 vuls vuls 4096 Apr 2 19:42 results
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(config.tomlʹ͍ͭͯ) ▪config.toml [slack] legacyToken = "
"#slack api channel = " "#slackͷνϟϯωϧΛࢦఆ iconEmoji = " "#ֆจࣈ(ͳΜͰ) authUser = " "#vuls-user(ͳΜͰ) [chatwork] room = " " #URL൪߸ apiToken = " " #Apiࢦఆ [servers] #ࠓճϩʔΧϧϗετΛࢦఆ [servers.localhost] host = "localhost" port = "local"
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(ࣗಈόʔδϣϯΞοϓ) ▪Vuls Update https://blog.adachin.me/archives/8861
2018/8/27 VulsࡇΓ #4 Vuls։ൃڥ(Docker)ͷઆ໌(vuls scan,report) ▪update goval-dictionary $ goval-dictionary
fetch-redhat 5 6 7 ▪vuls scan,vuls report $ vuls scan $ vuls report -format-short-text -format-json -to-slack -to- chatwork -lang=ja -ignore-unfixed -cvss-over=7 Ҏ্!!!!!!
2018/8/27 VulsࡇΓ #4 Γ·ͬͤ!!!!!!! ४උ͠·͢(ͪΐΜ·͛͞ΜλΠϜਤͬͯ)
2018/8/27 VulsࡇΓ #4
2018/8/27 VulsࡇΓ #4 ·ͱΊ ɾҙ֎ͱͰ͖ͨ ɾॳ৺ऀ͞ΜʹΠϝʔδ͕༙͍ͨͣ ɾखಈͰscanͱreportΛ͍͕ͯͨ͠γΣϧܳʹ͢Δͷ͕⭕ https://github.com/RVIRUS0817/shellscripts/blob/master/vuls_script/vuls_autoscan.sh ɾ·ͩ·ͩ։ൃ͠ʹ͍͘ίϯςφ(ϚϯτͰ͖ͳ͍)
ɾdocker-composeͰߏங͢Δʂ ɾΈͳ͞ΜOSS׆ಈ͠Α͏ʂ ɾVulsίϯτϦϏϡʔλʔʹͳΖ͏!!!
2018/8/27 VulsࡇΓ #4 ΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!!!!!! ɾΤϯδχΞٻΉ!!!!!!!!!!!!!!!!!!! https://www.wantedly.com/companies/lancers/projects
2018/8/27 VulsࡇΓ #4 ͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂʂ