vuls

Transcript

1. ຊ൪αʔόͷ࣮ӡ༻
   PO
   ($1 RPMҎ֎΋औΓࠐΉ࣮ӡ༻Ͱͷ޻෉ʹ͍ͭͯ

2. ϚογϡΞοϓͰ͢ʂ
   ؾָʹฉ͍ͯԼ͍͞ʂ

3. ࣗݾ঺հ facebook: yusuke.exzm ࢯ໊ ௕୩઒ ༞հ ܦྺ GMO, Yahoo Japan,

   Squere Enix etc…
 2010೥ʹgms(gloopsͷલ਎)΁ೖࣾ גࣜձࣾgrasysͷ୅දΛ΍Γͳ͕ΒΤϯδχΞ΍ͬͯ·͢ɻ ৬छ ΠϯϑϥΤϯδχΞ Google Developer Expert, GCPUG Admin publish Fusion-IOΛ2011೥ʹຊ൪ಋೖ͠Fusion-IOࣾʹऔΓ্͛ΒΕΔ SoftwareDesign2012.03هࣄ 2012೥DellͷCMग़ԋʢςϨϏ౦ژ ϫʔϧυϏδωεαςϥΠτʣ IcingaʢnagiosͷforkʣͷϢʔβʔίϛϡχςΟʹܝࡌ ຊ΋ॻ͖࢝Ί·ͨ͠

4. ձࣾ঺հ ໊ࣾ גࣜձࣾgrasys ઃཱ 2014೥11݄13೔ ୅ද ௕୩઒༞հ ࣄۀ಺༰ Cloud Facilitator

   ςΫχΧϧ/ϦηϦϯάύʔτφʔ ਓ਺ 8໊

5. γεςϜߏ੒ʢͬ͘͟Γʣ ࠓ೔ͷओ୊͸vulsͳͷͰ ΄Μͱʹͬ͘͟Γ

6. جຊతͳߏ੒ ops product servers monitor Google Cloud Platform Compute Engine

   Firewall QPSU
    ssh opsͱ͍͏Πϯελϯε͕த৺ SSH౿Έ୆ ΦʔέετϨʔγϣϯ vulsͷ࣮ߦ΋͜͜Ͱ

7. ؂ࢹ ΦʔέετϨʔγϣϯ ίʔσΟωʔλʔ ݴޠ XXenv ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϛυϧ΢ΣΞ ιʔε͔ΒίϯύΠϧٴͼBinary൛Λར༻ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ ϥΠϒϥϦ

   ඞཁ͋Ε͹ιʔε͔ΒίϯύΠϧ ཁ݅ͰVersionࢦఆͳͲʹରԠ͢ΔͨΊ Πϯελϯε಺෦ consul࢖ͬͯΔΑʂίϯύΠϧ΋͚ͬ͜͏ͯ͠ΔΑʂ

8. twemproxy supervisord vuls ͍Ζ͍Ζͳݴޠ ͍Ζ͍Ζͳϛυϧ΢ΣΞ ͍Ζ͍Ζͳ໨తͷγεςϜ

9. γεςϜʹ͸͍Ζ͍Ζ͋Δɾɾɾ
   ɾzݹ͍΋ͷz΍Βɾɾɾ
   ɾzྺ࢙z΍Βɾɾɾ
   ɾzഎܠz΍Βɾɾɾ
   ɾzࣄ৘z΍Βɾɾɾ
   31.͚ͩͰߏ੒͢Δ͜ͱ͸΄΅ͳ͍ɾɾɾ ৽نͷઃܭɾߏங͸ग़དྷΔݶΓ࠷৽൛Ͱ

10. લஔ͖͸͜͜·Ͱʂ

11. ຊ୊ 31.ʹؔ܎ͳ͍΋ͷ
    Ͳ͏΍ͬͯTDBOͨ͠Β͍͍͔ɾɾɾ

12. WVMT
    DPOpHUPNM [servers.HOSTNAME] host = "HOSTNAME" cpeNames = [ "cpe:/a:djangoproject:django:1.6", ]

    ↑ ඥ෇͚ͳ͍ͱ͍͚ͳ͍ ͋͞Ͳ͏΍ͬͯ͜ͷ৘ใΛɾɾɾ cpeNamesͰ ֦ுͰ͖Δ͕ɾɾɾ ↓

13. DWFTRMJUF
    DQFT
    UBCMF CREATE TABLE "cpes" ( "id" integer primary key autoincrement,

    "created_at" datetime, "updated_at" datetime, "deleted_at" datetime, "jvn_id" integer, "nvd_id" integer, "cpe_name" varchar(255), "part" varchar(255), "vendor" varchar(255), "product" varchar(255), "version" varchar(255), "update" varchar(255), "edition" varchar(255), "language" varchar(255) ); ←͜ΕͰselect͢Ε͹ʂ

14. 31.Ҏ֎ͷऩू kv vuls/[hostname] /usr/local, /opt഑Լͷঢ়ଶΛऩू cronͰconsulͷkey value storeʹJSONͷܗͰอଘ

15. KTPO
    GPSNBU { "middleware": [ { "name":"[middleware name]", "version":"[version]", "update":"[patch version]"

    } ], "update_time": "YYYY-MM-DD HH:MM:MM", "host": { "Πϯελϯε৘ใ͍Ζ͍Ζ", "node_name": "yusuke" } } ඞཁͳ৘ใΛϦετͰ

16. 8FC
    "QQMJDBUJPO
    'SBNFXPSLͱ͔ʁ middleware: - name: [product name] version: [version num] update:

    [patch version] ↑ औಘͰ͖ͳ͍΋ͷʹ͍ͭͯ͸YAMLͰ೚ҙʹ֦ு ͱ͍ͬͯ΋ϑϨʔϜϫʔΫ͕ΆΜΆΜมΘΔ͜ͱ͸ͳ͍ͷͰɾɾɾ ͕͢͞ʹ͍Ζ͍Ζ͋ͬͯࣗಈऩू͸ϜϦͩͬͨ͆

17. ࣮ࡍͷσʔλ͸͜Μͳײ͡ /opt/envutils/utils.pl middleware

18. WVMTͷUPNMੜ੒ 1. consul HTTP API /v1/catalog/nodes 2. consul KV vuls/[hostname]

    JSONऔಘ 3. Host৘ใͷTagΛར༻֦ͯ͠ுͷYAMLऔಘ 4. cve sqliteʹJSONͷproduct, version, updateͰselect 5. Template EngineͰvulsͷtomlΛग़ྗ consul kv vuls/[instance name] cve.sqlite3 script vuls config.toml extend YAML Instance Tagʹඥͮ͘:".- 100୆͘Β͍Ͱ΋ 10਺ඵͰ׬ྃʂ

19. ͋ͱ͸TDBOΛճ͚ͩ͢ʂ ࣮ࡍ͸cronͰճͯͨ͠Γ͢Δʂ

20. ΊͰͨ͠ΊͰͨ͠

21. QIQ΍ΒɺOHJOY΍ΒɺSFEJT΍Β
    ख์͠Ͱ͍Ζ͍Ζ੬ऑੑ৘ใΛݕ஌͠
    ରࡦ͢Δ͜ͱ͕Մೳʹʂ
    ͋Δݹ͍γεςϜΛTDBOͨ͠Β
    ͻͱͭͷαʔόͰ݅Ҏ্ͰͯϏϏͬͨʂ

22. *OJU4DSJQUʹΑΔӡ༻ͷ؆қԽ /etc/init.d/vuls /etc/init.d/vuls: vuls init script help: example: /etc/init.d/vuls [sub

    command] sub command: start: start server stop: stop server restart restart server status server status 1st_setup setup, update_week, reconfig, prepare, start full_setup setup, update_full, reconfig, prepare, start reconfig: make config setup: setup cve/nve database prepare: prepare instance scan: scan history: scan history report: for consul service report tui: Terminal User Interface update cve database update_entire: dictionary entire update update_month: dictionary month update update_week: dictionary week update update_full: dictionary full update go-cve-dictionaly/vulsͷ ىಈͱαϙʔτεΫϦϓτͱͯ͠ configੜ੒ͳͲͷϥούʔͱ͔ σΟϨΫτϦπϦʔͷੜ੒ͱ͔ ΋Ζ΋Ζɾɾɾ ·Δͬͱ΍ͬͯΔͷͰ ࣾ಺ͷΤϯδχΞʹ΋આ໌ཁΒͣ

23. ൃද͸Ҏ্ʂ

24. ΑΖ͓͘͠ئ͍͠·͢ʂ

25. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ ࣭͝໰͋Γ·ͨ͠Β͓ؾܰʹʂ ௕୩઒ ༞հ facebook: yusuke.exzm