Upgrade to Pro — share decks privately, control downloads, hide ads and more …

devio2022-sharr

 devio2022-sharr

F9129f6a209e609e3e269a8580b086f6?s=128

Sugikane Shin

July 27, 2022
Tweet

Other Decks in Technology

Transcript

  1. "84ࣄۀຊ෦ίϯαϧςΟϯά෦ɹਿۚɹ৾ ηΩϡϦςΟӡ༻ͷࣗಈԽʹʂ "844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯ

  2. ໨࣍   "844FDVSJUZ)VCͱ͸  "844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͷ঺հ  ྑ͍ͱ͜Ζ  ಋೖํ๏

     म෮ΞΫγϣϯͷ࣮ߦ  τϥϒϧγϡʔςΟϯά  ΧελϚΠζํ๏
  3. ஫ҙࣄ߲  ࠓճઆ໌͢Δ಺༰͸ "844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͷ όʔδϣϯΛର৅

  4. "844FDVSJUZ)VCͱ͸  ηΩϡϦςΟͷϕετϓϥΫςΟεͷνΣοΫΛߦ͍ɺ 
 ΞϥʔτΛू໿͠ɺࣗಈम෮ΛՄೳʹ͢Δ 
 Ϋϥ΢υηΩϡϦςΟମ੍؅ཧαʔϏε Ҿ༻ɿIUUQTBXTBNB[PODPNKQTFDVSJUZIVC

  5. "844FDVSJUZ)VCͷը໘ 

  6. "844FDVSJUZ)VCͷը໘ 

  7. ར༻ՄೳͳηΩϡϦςΟج४  ɾ"84جૅηΩϡϦςΟͷϕετϓϥΫςΟεW ɾ$*4"84'PVOEBUJPOT#FODINBSLW ɾ1$*%44W

  8. ίϯτϩʔϧͱ͸  ಛఆͷϦιʔεʹର͢ΔηΩϡϦςΟνΣοΫ߲໨ ͨͱ͑͹ʜ ɾ<&$>͢΂ͯͷ71$Ͱ71$ϑϩʔϩάه࿥Λ ༗ޮʹ͢Δඞཁ͕͋Γ·͢ ɾ<*".>ະ࢖༻ͷ*".Ϣʔβʔೝূ৘ใ͸ ࡟আ͢Δඞཁ͕͋Γ·͢ ɾ<3%4>3%4εφοϓγϣοτ͸ ϓϥΠϕʔτͰ͋Δඞཁ͕͋Γ·͢

  9. ίϯτϩʔϧͷ਺  ηΩϡϦςΟج४͝ͱʹෳ਺ͷίϯτϩʔϧ͕ଘࡏ͢Δ

  10. ࣗಈम෮Λ࣮૷͢Δʹ͸  "NB[PO&WFOU#SJEHFͱ૊Έ߹ΘͤΔ

  11. ࣗಈम෮Λ࣮૷͢Δʹ͸  "NB[PO&WFOU#SJEHFͱ૊Έ߹ΘͤΔ ઃܭͲ͏͠Α͏ ؆୯ʹ࣮૷͍ͨ͠

  12.  "844FDVSJUZ)VC ࣗಈम෮ιϦϡʔγϣϯͷ঺հ

  13. "844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯͱ͸  ͋Β͔͡Ίఆٛ͞Εͨ ରԠɾम෮ΞΫγϣϯΛ࣮ߦ͢ΔΞυΦϯ ˞ຊηογϣϯͰ͸WΛϕʔεʹઆ໌

  14. ͲͷΑ͏ͳϦιʔε͕࡞ΒΕΔ͔  ෳ਺ͷ"84αʔϏεͱ૊Έ߹Θͤ Ҿ༻ɿIUUQTBXTBNB[PODPNTPMVUJPOTJNQMFNFOUBUJPOTBXTTFDVSJUZIVCBVUPNBUFESFTQPOTFBOESFNFEJBUJPO

  15. ࣗಈम෮ιϦϡʔγϣϯͷྑ͍ͱ͜Ζ  ɾ"844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ ɾϫϯΫϦοΫͰΫϩεΞΧ΢ϯτͷम෮͕Ͱ͖Δ ɾम෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ ɾࣗಈम෮͕Ͱ͖Δ

  16. "844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ  ࣗಈम෮ιϦϡʔγϣϯΛಋೖ͍ͯ͠ͳ͍ঢ়ଶ

  17. "844FDVSJUZ)VCͱ౷߹͍ͯ͠Δ  ࣗಈम෮ιϦϡʔγϣϯಋೖޙ

  18. ϫϯΫϦοΫͰΫϩεΞΧ΢ϯτͷम෮͕Ͱ͖Δ  ؅ཧΞΧ΢ϯτ͔ΒϝϯόʔΞΧ΢ϯτʹम෮ࢦྩ

  19. म෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ  "844ZTUFNT.BOBHFSͷυΩϡϝϯτ͔Β֬ೝՄೳ

  20. म෮ͷϓϨΠϒοΫ͕͋Β͔͡Ί༻ҙ͞Ε͍ͯΔ  υΩϡϝϯτͷίϯςϯπʹॲཧ಺༰͕هࡌ

  21. ࣗಈम෮͕Ͱ͖Δ  &WFOU#SJEHFϧʔϧ༗ޮԽͰࣗಈम෮0O

  22.  "844FDVSJUZ)VC ࣗಈम෮ιϦϡʔγϣϯͷಋೖํ๏

  23. ࣗಈम෮ιϦϡʔγϣϯͷಋೖํ๏  ͭͷ$MPVE'PSNBUJPOελοΫΛ࡞੒͢Δ͚ͩ ࢀߟϦϯΫʢγϯάϧΞΧ΢ϯτ༻खॱʣɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/deployment.html ɹɹɹɹɹʢϚϧνΞΧ΢ϯτ༻खॱʣɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/deployment-stackset.html

  24. ࣗಈम෮ιϦϡʔγϣϯͷϚϧνΞΧ΢ϯτಋೖ  $MPVE'PSNBUJPO4UBDL4FUTΛར༻͢Δ Ҿ༻ɿIUUQTEPDTBXTBNB[PODPNFO@VTTPMVUJPOTMBUFTUBVUPNBUFETFDVSJUZSFTQPOTFPOBXTEFQMPZNFOUTUBDLTFUIUNMTUFQTUBDLTFU

  25. ࣗಈम෮ιϦϡʔγϣϯͷϚϧνϦʔδϣϯల։  $MPVE'PSNBUJPO4UBDL4FUTͷΦϓγϣϯͰઃఆ

  26. աڈόʔδϣϯ͔ΒͷΞοϓάϨʔυํ๏  όʔδϣϯʹΑͬͯҟͳΔ ɾόʔδϣϯະຬͷ৔߹ ɹιϦϡʔγϣϯͷΞϯΠϯετʔϧ ɹιϦϡʔγϣϯͷΠϯετʔϧ 
 ɹɹ˞όʔδϣϯҎ߱ͷ৔߹͸Πϯετʔϧ࣌ͷύϥϝʔλʔ ɹɹɹ6TFFYJTUJOH0SDIFTUSBUPS-PH(SPVQΛ:FTʹ͢Δ ࢀߟϦϯΫɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/update-the-solution.html

    ɹɹɹɹɹɹhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/uninstall-the-solution.html
  27. աڈόʔδϣϯ͔ΒͷΞοϓάϨʔυํ๏  ɾόʔδϣϯҎ߱ͷ৔߹ ɹˠಋೖ͍ͯ͠Δ$MPVE'PSNBUJPOελοΫΛߋ৽ ɹ؅ཧΞΧ΢ϯτ༻$MPVE'PSNBUJPOελοΫΛߋ৽ ɹϝϯόʔΞΧ΢ϯτ্ͷύʔϛογϣϯߋ৽ ɹϝϯόʔΞΧ΢ϯτ༻$MPVE'PSNBUJPOελοΫΛߋ৽ ࢀߟϦϯΫɿhttps://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on-aws/update-the-solution.html

  28.  म෮ΞΫγϣϯͷ࣮ߦ

  29. छྨͷम෮ΞΫγϣϯ  खಈम෮ PS ࣗಈम෮

  30. खಈम෮  म෮ର৅ΛબͼʮΞΫγϣϯʯˠʮ3FNFEJBUFXJUI4)"33ʯ

  31. ࣗಈम෮  &WFOU#SJEHFϧʔϧ༗ޮԽͰࣗಈम෮0O

  32. म෮ޙͷ4FDVSJUZ)VC΁ͷ݁Ռ൓ө  ϫʔΫϑϩʔɿ3&40-7&%ʹมߋ͞ΕΔ ίϯϓϥΠΞϯεͷεςʔλεɿ͠͹Βͯ͘͠൓ө͞ΕΔ

  33. म෮಺༰Λ஌Γ͍ͨ  ɾϓϨΠϒοΫҰཡ https://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on- aws/playbooks-1.html ɾ44.υΩϡϝϯτ͔Βम෮಺༰Λ֬ೝͰ͖Δ

  34. म෮಺༰Λ஌Γ͍ͨʢݕࡧྫʣ  4)"33&OBCMF"VUP4DBMJOH(SPVQ&-#)FBMUI$IFDLͷྫ Ҿ༻ɿIUUQTEPDTBXTBNB[PODPNFO@VTTPMVUJPOTMBUFTUBVUPNBUFETFDVSJUZSFTQPOTFPOBXTQMBZCPPLTIUNM

  35. म෮಺༰Λ஌Γ͍ͨʢݕࡧྫʣ  ʮ"VUP4DBMJOHʯͰݕࡧͯ͠ΈΔ

  36. म෮಺༰Λ஌Γ͍ͨʢݕࡧྫʣ  υΩϡϝϯτͷઆ໌λϒ͔Βॲཧ֓ཁΛ֬ೝ

  37.  τϥϒϧγϡʔςΟϯά

  38. ओͳϩά  $MPVE8BUDIϩάάϧʔϓ͔Β֬ೝ ɹɾ404)"33 ɹɹˠ"844ZTUFNT.BOBHFSʹΑΔम෮݁Ռ 
 ɹɾ404)"330SDIFTUSBUPS ɹɹˠ"844UFQ'VODUJPOTͷ࣮ߦ݁Ռ

  39. ଞʹ΋֬ೝͨ͠ํ͕ྑ͍ͱ͜Ζ  ɾ4ZTUFNT.BOBHFS"VUPNBUJPOίϯιʔϧ ɾ4UFQ'VODUJPOTίϯιʔϧ ɾ-BNCEBͷίϯιʔϧ

  40. τϥϒϧͱରॲྫ  <τϥϒϧ> ࣗಈम෮ιϦϡʔγϣϯͷ$MPVE'PSNBUJPOελοΫ ࡞੒Ͱɺ$MPVE8BUDIϩάάϧʔϓ͕طʹଘࡏ͍ͯ͠Δ Τϥʔ <ରॲํ๏> $MPVE'PSNBUJPOελοΫ࡞੒࣌ͷύϥϝʔλͰ ϩάάϧʔϓͷ࠶ར༻ΛZFTʹ͢Δ

  41. τϥϒϧͱରॲྫ  <τϥϒϧ> म෮ΞΫγϣϯΛ࣮ߦ͕ͨ͠Կ΋ઃఆมߋ͞Εͳ͍ɻ <ରॲํ๏> ର৅ͷίϯτϩʔϧ͕म෮ର৅͔Λ֬ೝ͢Δɻम෮ର৅ ͷ৔߹͸ϩά΍ίϯιʔϧͰঢ়گΛ֬ೝ͢Δɻ 
 म෮ϓϨΠϒοΫҰཡ 


    https://docs.aws.amazon.com/en_us/solutions/latest/automated-security-response-on- aws/playbooks-1.html
  42. ௨஌ઃఆ "NB[PO4/4ʣ  4/4τϐοΫ໊ɿ404)"33@5PQJD ௨஌ϝοηʔδྫ ɹɾ3FNFEJBUJPO queued for <standard> control

    <control_ID> 
 in account <account_ID> ɹɾ3FNFEJBUJPO failed for <standard> control <control_ID> 
 in account <account_ID> ɹɾ<control_ID> remediation was successfully invoke via AWS Systems Manager 
 in account <account_ID>
  43. ௨஌಺༰ͷྫʢϝʔϧʣ  { "severity": "INFO", "message": "22ca9bc8-0000-4c3e-8bf9-e6dba09a95ec: Remediation succeeded for

    AFSBP control EC2.2 in account 123456789012: See Automation Execution output for details (AwsEc2SecurityGroup sg-xxxxxxxx)”, " fi nding": { " fi nding_id": "19f9612c-0000-49ed-ab63-254e35a4b1aa", " fi nding_description": "This AWS control checks that the default security group of a VPC does not allow inbound or outbound traf fi c.", "standard_name": "aws-foundational-security-best-practices", "standard_version": "1.0.0", "standard_control": "EC2.2", "title": "EC2.2 The VPC default security group should not allow inbound and outbound traf fi c", "region": "ap-northeast-1", "account": “123456789012", " fi nding_arn": “arn:aws:securityhub:ap-northeast-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/ EC2.2/ fi nding/19f9612c-0000-49ed-ab63-254e35a4b1aa" } }
  44.  ΧελϚΠζํ๏

  45. ΧελϚΠζɿ৽͍͠म෮ͷ௥Ճ  म෮ 3VOCPPL ௥Ճͷ࢖͍Ͳ͜Ζ ɾ৽͘͠௥Ճ͞Εͨίϯτϩʔϧ༻ ɾιϦϡʔγϣϯͰम෮ॲཧ͕ఏڙ͞Ε͍ͯͳ͍ ɹίϯτϩʔϧ༻

  46. 3VOCPPL௥Ճखॱ   "844ZTUFNT.BOBHFS"VUPNBUJPO༻ͷ 
 3VOCPPLʢ%PDVNFOUʣ࡞੒ *".ϩʔϧͷ࡞੒

  47. 3VOCPPL࡞੒ํ๏ʢҰൠతͳํ๏ʣ  "844ZTUFNT.BOBHFSͷυΩϡϝϯτ͔Β "VUPNBUJPO༻ͷυΩϡϝϯτΛ௥Ճ

  48. 3VOCPPL࡞੒ํ๏ʢΑΓָͳํ๏ʣ  ͔Β࡞ΔΑΓυΩϡϝϯτͷΫϩʔϯ࡞੒ͷํ͕͓खܰ

  49. 3VOCPPL࡞੒ɿ໊લΛ͚ͭΔ  υΩϡϝϯτ໊ͷ໋໊نଇ͋Γ 4)"33ηΩϡϦςΟج४@ηΩϡϦςΟج४ͷόʔδϣϯ@ίϯτϩʔϧ

  50. 3VOCPPL࡞੒ɿೖྗύϥϝʔλઃఆ  ೖྗύϥϝʔλʹ'JOEJOHͱ"VUPNBUJPO"TTVNF3PMF ͕ඞཁ

  51. 3VOCPPL࡞੒ɿॲཧεςοϓهड़  εςοϓ໊ɿʻ೚ҙͷ໊લʼ ΞΫγϣϯλΠϓɿʻ೚ҙͷૢ࡞ʼ ɹˠࠓճ͸ྫͱͯ͠ ɹɹεςοϓ໊ɿ4FOE4/4 ɹɹΞΫγϣϯλΠϓɿ"84"1*ΞΫγϣϯΛݺͼग़࣮ͯ͠ߦ ࢀߟϦϯΫʢΞΫγϣϯλΠϓҰཡʣɿhttps://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/automation-actions.html

  52. 3VOCPPL࡞੒ɿݺͼग़͢"84"1*ͷઃఆ  ࣮ߦ͍ͨ͠ॲཧΛهड़͢Δ ࢀߟϦϯΫʢ໊લۭؒͷҰཡʣɿhttps://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/index.html

  53. *".ϩʔϧ࡞੒ɿ*".ϩʔϧͷ࡞੒  طଘͷ*".ϩʔϧ 40Ͱ࢝·Δ΋ͷ Λࢀߟʹ࡞੒ *".ϩʔϧ໊ʹ໋໊نଇ͋Γ 403FNFEJBUFηΩϡϦςΟج४ηΩϡϦςΟج४ͷόʔδϣϯίϯτϩʔϧ ɹˠྫɿ403FNFEJBUF"'4#1&$

  54. *".ϩʔϧ࡞੒ɿ*".ϩʔϧͷઃఆ  <ࢀߟ>৴པϙϦγʔͷ"TTVNF3PMFͷڐՄʹ 
 ɹɹɹҎԼͷϩʔϧηογϣϯϓϦϯγύϧΛ௥Ճ BSOBXTTUT"DDPVOU*%BTTVNFESPMF404)"330SDIFTUSBUPS "ENJO404)"33FYFD"VUPNBUJPO { "Effect": "Allow",

    "Principal": { "AWS": [ "arn:aws:iam::<AccountID>:role/SO0111-SHARR-Orchestrator-Member", "arn:aws:sts::<AccountID>:assumed-role/SO0111-SHARR-Orchestrator-Admin/SO0111-SHARR-execAutomation" ] }, "Action": "sts:AssumeRole" }
  55. ࡞੒׬ྃɺࢼ͠ʹ࣮ߦ  खಈम෮Λ࣮ߦ

  56. Ͳ͜Ͱࣦഊͨ͠ͷ͔௥੻ɿ4UFQ'VODUJPOT  4UFQ'VODUJPOTͷεςʔτϚγϯ ʮ404)"330SDIFTUSBUPSʯΛ֬ೝ

  57. Ͳ͜Ͱࣦഊͨ͠ͷ͔௥੻ɿ4ZTUFNT.BOBHFS  4ZTUFNT.BOBHFSͷࣗಈԽʢΦʔτϝʔγϣϯʣͷ ࣮ߦϩάΛ֬ೝ

  58. ͲͷεςοϓͰࣦഊ͔ͨ͠  εςʔλε͕ࣦഊͱͳ͍ͬͯΔεςοϓ*%Λબ୒͢Δ

  59. ର৅εςοϓͷΤϥʔ಺༰Λ֬ೝ  ࣦഊͷৄࡉ͔ΒɺݪҼΛ֬ೝ͢Δ

  60. ·ͱΊ  ɾ"844FDVSJUZ)VCࣗಈम෮ιϦϡʔγϣϯ ɹɹྑ͍ͱ͜Ζɿͭͷྑ͍ͱ͜Ζ ɹɹಋೖํ๏ɿछྨͷ$MPVE'PSNBUJPOελοΫ࡞੒ ɹɹ࢖͍ํɿखಈम෮ͱࣗಈम෮ɺम෮಺༰ͷ֬ೝํ๏ ɹɹτϥϒϧγϡʔςΟϯάɿϩάͱίϯιʔϧͷ֬ೝ ɹɹΧελϚΠζɿ৽͍͠म෮ͷ௥Ճ ɹ

  61. None