Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
脆弱性検知ツールVulsの導入をしてから半年経ってみて
rvirus0817
October 05, 2017
Technology
1
25k
脆弱性検知ツールVulsの導入をしてから半年経ってみて
rvirus0817
October 05, 2017
Tweet
Share
More Decks by rvirus0817
See All by rvirus0817
rvirus0817
1
1.9k
rvirus0817
2
1.1k
rvirus0817
1
1.1k
rvirus0817
1
1k
rvirus0817
2
2k
rvirus0817
0
570
rvirus0817
2
2.1k
rvirus0817
0
330
rvirus0817
1
3.1k
Other Decks in Technology
See All in Technology
go5paopao
4
440
eayedi
2
140
kanaugust
PRO
0
120
tosh2230
3
220
ihcomega56
1
510
hanacchi
0
150
benzookapi
1
360
khrd
1
450
torisoup
11
5.5k
thockin
3
900
picardparis
4
2.3k
masakazu
0
140
Featured
See All Featured
bermonpainter
342
26k
frogandcode
128
20k
vanstee
117
4.9k
jrom
116
7.2k
smashingmag
230
18k
addyosmani
494
110k
jonyablonski
19
1.2k
trishagee
24
2.5k
dougneiner
55
5.4k
searls
205
36k
paulrobertlloyd
71
3.6k
kneath
219
15k
Transcript
੬ऑੑݕπʔϧVULSͷಋೖΛ ͔ͯ͠ΒܦͬͯΈͯ RYO ADACHI (ADACHIN)
ɾ̏ɾ ΞδΣϯμ ▸ ࣗݾհɺࢲ͕ೖࣾ͢Δલ ▸ ΠϯϑϥSREνʔϜʹͳ͔ͬͯΒ ▸ ΠϯϑϥSREνʔϜͷओͳۀɺར༻͍ͯ͠Δٕज़ ▸ VulsͱɺͿͬͪΌ͚੬ऑੑରԠͬͯ…
▸ VulsߏਤɺΠϯετʔϧํ๏ ▸ config.tomlɺVulsίϚϯυ ▸ Vuls repo Vuls v0.4.0ɾɾɾɾɾɾ ▸ ·ͱΊ
ɾ̏ɾ ࣗݾհ ▸ @adachin0817 ▸ 2017/05~ ϝϯόʔͷλεΫཧɺίʔυϨϏϡʔɺ৽ٕज़ݕূɺ ٕज़վળ νʔϜϚωδϝϯτ
etc….. ▸ ܦݧ ࣾSE͔ΒϗεςΟϯάɺΞυςΫͳͲͳͲ ▸ झຯ HIPHOP ϏδωεϚϯϥοϓτʔφϝϯτͷ ΫϧʔͰϥδΦग़·ͨ͠ʂ https://note.mu/shiburadi/n/nb8bb15a2b7f1
ɾ̏ɾ ࢲ͕ೖࣾ͢Δલ ▸ ͦͦϦʔμʔ͕͍͠(৽ਓʹڭ͑ΔՋ͕ͳ͍) ▸ Πϯϑϥϝϯόʔ͕͍ΔͷʹνʔϜͱͯ͠׆ಈͯ͠ͳ͔ͬͨ ▸ ͲΜͳϛυϧΣΞͬͯΔͳͲϝϯόʔ͕Ѳ͍ͯ͠ͳ͍ ▸ ΠϯϑϥϦϙδτϦͳ͍
▸ infrastructure as codeͬͯͳ͍ ▸ खಈͰΠϯετʔϧ͔aws cliͰ͕ΜΔ ▸ Πϯϑϥwikiͳ͍ X
SREνʔϜ ͱ͠ ͯಈ͜͏ʂʂ
(28ষ) SREͷΛՃ͢Δํ๏: ৽ਓ͔ΒΦϯίʔϧ୲ɺ ͦͯͦ͠ͷઌ
ɾ̏ɾ SREͷఆٛ ▸ αΠτͷ৴པੑΛอূ͢Δ(αΠτ৴པੑΤϯδχΞ)μαΠ ▸ ӡ༻ۀͱαΠτͷ৴པੑ্ͷ2ͭͷׂΛ୲͏ ▸ ੵۃతʹίʔυΛهड़ ▸ ӡ༻ΛΫϥυࣗಈԽʹஔ͖͑Δ
ɾ̏ɾ ͦͦSREʹٻΊΒΕΔͷ ᶃ ▸ Πϯϑϥٕज़ TCP/IPɺHTTPͳͲͷωοτϫʔΫϓϩτίϧʹ͍ͭͯͷ ͔ࣝΒɺύϑΥʔϚϯεվળɺϛυϧΣΞͷػೳࣝ ▸ ΞϓϦέʔγϣϯٕज़ Կ͔͠Βͷϓϩάϥϛϯάݴޠࣝ
ʢJavaɺPHPɺPythonɺRubyͳͲʣ ͪΖΜΠϯϑϥϓϩϏδϣχϯά
ɾ̏ɾ ͦͦSREʹٻΊΒΕΔͷ ᶄ ▸ ηΩϡϦςΟࣝ ࠷ݶͷηΩϡϦςΟࣝඞਢ(iptablesͱ͔) ▸ ίϛϡχέʔγϣϯೳྗ ϝϯόʔ։ൃνʔϜͱͷڞ༗ ڠྗ͍͋͠ͳ͕Β։ൃΛߦ͏ͨΊ
(ϦʔμʔίϛϡͰ͢)
ɾ̏ɾ SREΤϯδχΞϦϯάʹՃ͑ͯಛΛൃش͢Δ ▸ ༏ΕͨϦόʔεΤϯδχΞϦϯάͷεΩϧΛ࣋ͭ ˠγεςϜͷಈ࡞Λཧղ͢Δ ▸ ౷ܭతʹߟ͑Δೳྗ͕ඞཁ ˠੳൺֱΛ͏·͘ߦ͑ΔΑ͏ʹ܇࿅͢Δ ▸ ྟػԠมʹߦಈ
ˠࠜຊతͳݪҼΛൃݟʂ
ɾ̏ɾ SREڭҭํ๏
ɾ̏ɾ ΠϯϑϥSREνʔϜʹͳ͔ͬͯΒ ▸ োରԠ৽ਓͨͪʹ(ײΛ࣋ͨͤΔ) ▸ infrastructure as codeͰ͖ͯͨΓલ ▸ wikiͷॻ͖ํͳͲڭ͑Δ
▸ ϓϧϦΫ͠·͘Γ ▸ ேձΛ࢝Ίͨ ɾࡢԿΛͬͨͷ͔ ɾࠓԿΛΔͷ͔ ɾԿʹͦΜͳʹϋϚ͍ͬͯΔͷ͔ ɾڞ༗ࣄ߲ ▸ શϓϩδΣΫτରԠͰ͖ΔΑ͏ʹ
ɾ̏ɾ ΠϯϑϥSREνʔϜͷओͳۀ ▸ αʔόɺϛυϧΣΞͷՄ༻ੑͷҡ࣋ɾ্ ▸ αʔόɺϛυϧΣΞͷύϑΥʔϚϯεͷ্ ▸ ϩάऩू/ՄࢹԽɺੳج൫ͷߏஙɺӡ༻(Quick Sight→Redash) ▸
αʔόϓϩϏδϣχϯά(Terraform,Ansible) ▸ ηΩϡϦςΟ/੬ऑੑͷ୲อ(Vuls) ▸ ։ൃڥͳͲͷϝϯς(Vagrant,docker) ▸ 24࣌ؒࢹରԠ(zabbix) ▸ DevOpsνʔϜͱͯ͠ۀվળˠbitbucketҠߦͳͲ
͋ͯ͞ʂ
VULSͬͯ·͔͢?
None
ҧ͍·͢
ͪͳΈʹ ݟͨํ
ɾ̏ɾ VULSͱ ▸ ʮVULnerability Scannerʯͷུ ▸ ϑϡʔνϟʔΞʔΩςΫτͷਆށࢯɺྛࢯʹΑΔ։ൃ ▸ Linuxαʔόʹଘࡏ͢Δ੬ऑੑΛεΩϟϯ ▸
OSύοέʔδཧର֎ͷϛυϧΣΞΛεΩϟϯ ▸ ΤʔδΣϯτϨεΞʔΩςΫνϟ(SSH) ▸ ઃఆϑΝΠϧͷςϯϓϨʔτࣗಈੜ ▸ EmailSlackͳͲ௨ՄೳʢຊޠͰͷϨϙʔτՄೳʣ
ɾ̏ɾ ͿͬͪΌ͚੬ऑੑରԠͬͯ… ▸ ωοτϝʔϧͰใΛಘΔ(ݟಀ͕ͪ͠ɺ͔Βͷ์ஔ) ▸ αʔό͕ϨΨγʔͳͷ͋ΓɺରԠ͠ͳ͍͍ͯ͘ͱ͔…(ఘΊ) ▸ ଞʹ੬ऑੑ͋ΔͷͰͱશαʔόௐࠪ͠ͳ͍ͱ͍͚ͳ͍(ࠓߋযΓ) ▸ ੬ऑੑ༰Λ֬ೝ͢Δ͚ͩͰ͘ͳΔ(ਭ)
▸ ຯͳ࡞ۀ….(ٽ͖ͦ͏) ▸ ΊΜͲ͍͘͞(ݱ࣮ಀආ)
ɾ̏ɾ JVN ੬ऑੑϨϙʔτ @JVNJP
ɾ̏ɾ ͪͳΈʹ ▸ ੬ऑੑରࡦใσʔλϕʔεJVN iPediaͷొঢ়گ [2017 ୈ2࢛ظʢ4݄ʙ6݄ʣ70,996݅!!!!!!!!!!!!!
͔ͩΒͦ͜ VULSඞཁͳͷͰ͢
ɾ̏ɾ ߏਤ ▸ 2017/05~ ▸ CentOS 6.9 ▸ Zabbix3.0.10 ▸
Vuls v0.3.0 ▸ Go v1.8.3
Πϯετʔϧ ํ๏ʂʁ
ɾ̏ɾ Πϯετʔϧํ๏ ▸ ؆୯ͳͷͰׂѪ͍͖ͤͯͨͩ͞·͆͢ ▸ ࢀߟࢲͷϒϩάͰ(pvՔ͗) https://blog.adachin.me/wordpress/archives/5540 ▸ εΩϟϯ͍ͨ͠αʔόͰࣄલʹઃఆ͓ͯ͘͜͠ͱ ɾvulsϢʔβ(
ͳΜͰ)NOPASSʹsudoersݖݶΛ͚ͭΔ ɾyum-plugin-changelog͕ೖ͍ͬͯΔ͜ͱ ▸ ↑͜͜ΒΜAnsibleԽ͓͖ͯ͘͠
ɾ̏ɾ CONFIG.TOML
ɾ̏ɾ VULSίϚϯυ ▸ vulsσΟΫγϣφϦ(࠷৽੬ऑੑใߋ৽) $ go-cve-dictionary fetchnvd -last2y $ go-cve-dictionary
fetchjvn -latest ▸ vuls dryrun $ vuls configtest ▸ vuls εΩϟϯ $ vuls scan ▸ ݁ՌΛαʔόͰ֬ೝ $ vuls tui ▸ ݁ՌΛslackʹ௨ $ vuls report -format-short-text -format-json -cvedb-path=$PWD/cve.sqlite3 -ovaldb- path=$PWD/oval.sqlite3 --lang=ja -to-slack -cvss-over=7
ɾ̏ɾ ఆظతʹ࣮ߦ͍ͨ͠߹ ▸ cronʹࠐΊOK ▸ scan࣌ʹϩά͕resultsԼʹཷ·ΔͷͰআ(5ੈ)
ͦͯ͠ʂ
ɾ̏ɾ VULS REPO ▸ Web UI ͜Ε͕Ͱ͖ͳ͍
VULS ΧελϚʔ αϙʔτʹฉ͍ͯΈͨ (2िؒϋϚͬͨͨΊ)
ɾ̏ɾ VULS SLACK ▸ ͳʹΒେܕόʔδϣϯ ग़Δ͔Β Ξοϓͯ͠ࢼͯ͘͠Εͱʂ ▸ όϧεʂʂw
2017/08/25 V0.4.0 RELEASE!
ɾ̏ɾ VULS UPDATE TO 0.4.0 ▸ 2017/8/28 ▸ $ vuls
-v vuls v0.4.0 0ba490c ▸ $ go version go version go1.9 linux/amd64 ▸ Ξοϓσʔτ͠·ͨ͠ʂ
ɾ̏ɾ VULS V0.4.0 ▸ εΩϟϯਫ਼େ෯্ ▸ ϨϙʔτͷใྔΞοϓ(?͕ݮΔ) ▸ fast(sudoͳ͠ɺ αʔόෛՙͷεΩϟϯϞʔυ)
σϑΥϧτ
ɾ̏ɾ VULS REPO V0.4.0 ▸ 0.4.0͔Βweb αʔόΛ࣋ͨͳͯ͘ OKʹʂ ▸ goͷhttpύοέʔδͰ
ಈ͘(μΠδΣετೝূ) ▸ Port 5111
ɾ̏ɾ VULS REPO ▸ ՄࢹԽ͢Δ͜ͱͰ੬ऑੑ͕Ͳͷ͘Β͍͋Δͷ͔அͰ͖Δ
ɾ̏ɾ VULS ੬ऑੑΞοϓσʔτϑϩʔਤ
ɾ̏ɾ VULS/ZABBIX SERVER 1ϲ݄ͷύϑΥʔϚϯε
ɾ̏ɾ Ͳ͜·Ͱ੬ऑੑରԠ͢Δͷ͔ ▸ ਖ਼ͯ͢Ξοϓσʔτ͢Δͷՙ͕ॏ͍… (Kernel࠶ىಈͱ͔)→ଟ͍ ▸ ୈࡾऀ͕߈ܸͦ͢͠͏ͳαʔό (LBͿΒԼ͕ͬͯΔͷϚετ) ▸ AWSجຊηΩϡΞ
▸ ੬ऑੑ0ͱ͍ͬͯະͷͷ͋Δ….(Θ͔ΒΜ) ▸ Ͱ੬ऑੑͪΌΜͱΞοϓσʔτ͢Δํ͕҆৺
ɾ̏ɾ ·ͱΊ ▸ Vulsͷಋೖ؆୯ͰӡӦָͪΜʂ ▸ Vulsͷ͓͔͛Ͱ੬ऑੑରԠΛΕͳ͍ʂ ▸ vuls scan࣌ʹෛՙͳ͍ʂVulsઐ༻αʔό͍Βͳ͍! ▸
͜Ε͔ΒVulsඞਢʂ ▸ όϧεόϧεεόϧʂ
ɾ̏ɾ VULSͷͪΐΜ·͛(ਆށ͞Μ) ▸ ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ
ߦ͖·͠ΐ͏ʂʂʂ
͝ਗ਼ௌ ͋Γ͕ͱ͏ ͍͟͝·ͨ͠! ը૾ఏڙ ఱۭͷϥϐϡλ ਕἝ