vuls v0.해보겠습니다 5.0!!(시각 형상 편으로 스캔)

9518 단어 vuls

개막사


[지난번]vulsv0.5.0을 사용해 봤습니다!!(환경 구축 편)에서 계속합니다.
따라서 vuls가 실행할 수 있는 환경의 전제가 있다.

참고 자료


Software Design 2017년 10월호에 소개된 내용을 골라보세요!

프로비저닝



스캔


[원격 검색 설정]


1. vuls 서버에 키 만들기

[vuls サーバにて]
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/centos/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/centos/.ssh/id_rsa.
Your public key has been saved in /home/centos/.ssh/id_rsa.pub.

2. scan target 서버에 키 설정


방금 만든 키의 내용을 보충합니다.
[scan target サーバにて]
$ vi ~/.ssh/authorized_keys

3. ssh를 통해 vuls 서버에서scan target 서버에 로그인

[vuls サーバにて]
$ ssh -l [ユーザ名] -i /home/centos/.ssh/id_rsa [scan target サーバ IPアドレス]

4. 구성 파일 수정

[vuls サーバにて]
$ vi config.toml
[servers]
[servers.scan-target]
host    = "scan target IPアドレス"
port    = "22"
user    = "ユーザ名"
keyPath = "/home/centos/.ssh/id_rsa"
scanMode       = ["fast"]
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:25:38]  INFO [localhost] Validating config...
[Aug 29 15:25:38]  INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:25:38]  INFO [localhost] Detecting OS of servers...
[Aug 29 15:25:39]  INFO [localhost] (1/1) Detected: remote: centos 6.5
[Aug 29 15:25:39]  INFO [localhost] Detecting OS of containers...
[Aug 29 15:25:39]  INFO [localhost] Checking Scan Modes...
[Aug 29 15:25:39]  INFO [localhost] Checking dependencies...
[Aug 29 15:25:39] ERROR [scan-target] yum-utils is not installed
[Aug 29 15:25:39] ERROR [localhost] Error: remote, err: [yum-utils is not installed]
[Aug 29 15:25:39]  INFO [localhost] Checking sudo settings...
[Aug 29 15:25:39]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[scat target サーバにて]
$ sudo yum install yum-utils
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:54:19]  INFO [localhost] Validating config...
[Aug 29 15:54:19]  INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:54:19]  INFO [localhost] Detecting OS of servers...
[Aug 29 15:54:19]  INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 15:54:19]  INFO [localhost] Detecting OS of containers...
[Aug 29 15:54:19]  INFO [localhost] Checking Scan Modes...
[Aug 29 15:54:19]  INFO [localhost] Checking dependencies...
[Aug 29 15:54:19]  INFO [scan-target] Dependencies ... Pass
[Aug 29 15:54:19]  INFO [localhost] Checking sudo settings...
[Aug 29 15:54:19]  INFO [scan-target] Sudo... Pass
[Aug 29 15:54:19]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Aug 29 15:54:19]  INFO [localhost] Scannable servers are below...
scan-target

5. 스캔 실행

[vuls サーバにて]
$ vuls scan scan-target
[Aug 29 16:02:00]  INFO [localhost] Start scanning
[Aug 29 16:02:00]  INFO [localhost] config: /home/centos/config.toml
[Aug 29 16:02:00]  INFO [localhost] Validating config...
[Aug 29 16:02:00]  INFO [localhost] Detecting Server/Container OS...
[Aug 29 16:02:00]  INFO [localhost] Detecting OS of servers...
[Aug 29 16:02:00]  INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 16:02:00]  INFO [localhost] Detecting OS of containers...
[Aug 29 16:02:00]  INFO [localhost] Checking Scan Modes...
[Aug 29 16:02:00]  INFO [localhost] Detecting Platforms...
[Aug 29 16:02:00]  INFO [localhost] (1/1) scan-target is running on aws
[Aug 29 16:02:00]  INFO [localhost] Scanning vulnerabilities...
[Aug 29 16:02:00]  INFO [localhost] Scanning vulnerable OS packages...
[Aug 29 16:02:00]  INFO [scan-target] Scanning in fast mode


One Line Summary
================
scan-target centos6.5   198 installed, 139 updatable




To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

스캔 모드


스캔 모드 정보


v0.5.0~3가지가 있습니다.
https://vuls.io/docs/en/architecture-fast-deep.html
  • fast:Fast scan mode scans without root privilege, no dependencies, almost no load on the scan target server.
  • fast-root:Fast scan mode scans with root privilege, almost no load on the scan target server.
  • deep:Deep scan mode scans with root privilege. Certain commands can lead to high load such as fetch chagnelogs of many updatable packages.
  • 지정 방법

    [vuls サーバにて]
    $ vi config.toml
    [servers]
    [servers.scan-target]
    host    = "scan target IPアドレス"
    port    = "22"
    user    = "ユーザ名"
    keyPath = "/home/centos/.ssh/id_rsa"
    scanMode       = ["fast" | "fast-root" | "deep"]
    

    결과 확인


    TUI(Terminal-Based User Interface)


    기본 탑재 확인 방법이다.
    $ vuls tui
    
    Ctrl + C で画面から抜けれます。
    
    v0.5.0 내용이 변경된 것 같습니다.
  • 왼쪽 상단: 검색된 객체 이름(OS 버전)
  • 왼쪽 아래: 취약성에 대한 상세한 정보
  • CVE: 공동 취약성 식별자 CVE(Common Vulnerabilities and Exposures)의 취약성 ID
  • CVSS Scres: 공동 취약성 평가 시스템(Common Vulnerability Scoring System)의 심각도 0-10.0
  • Summary: 취약성 요약
  • Mitigation: 완화 정책
  • Links: 취약성 데이터베이스에 링크
  • CWE: 공통 취약성 유형(Common Weakness Enumeration)의 범주
  • Confidence: 감지된 방법
  • References: 취약성 정보의 링크
  • 오른쪽: 검출된 취약성 목록
  • 오른쪽 아래: 검출된 취약성에 영향을 주는 가방, 과정 -> 제거된 버전

  • 시각화


    VulsRepo


    1. VulsRepo 설치


    VulsRepo
    [일본어 번역 문서] https://vuls.io/docs/ja/vulsrepo.html

    2. 파일 지정


  • 오류 발생
  • 서류가 있는 것 같은데...
  • [centos@ip-192-168-0-68 ~]$ ls -l /home/centos/results/2018-08-29T16:02:00Z
    合計 3336
    -rw-------. 1 centos centos 3412750  8月 29 16:02 scan-target.json
    [centos@ip-192-168-0-68 ~]$
    
    ※ 뭔가 이상한데...

    Elasticsearch+Kibana


    1. vuls-log-converter 설치

    $ sudo yum install epel-release
    $ sudo yum install nodejs
    $ sudo yum install -y npm --enablerepo=epel
    $ sudo npm i -g vuls-log-converter
    

    2. 파일 변환

    [centos@ip-192-168-0-68 ~]$ vulslogconv -t csv -i /home/centos/results/current/ -o ./output.csv
    [INFO] : Convert start.
    TypeError: Cannot convert undefined or null to object
        at getFlatObj (/usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:102:16)
        at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:612:24
        at Array.forEach (native)
        at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:610:18
    [centos@ip-192-168-0-68 ~]$
    
    ※ 뭔가 이상한데...

    3. ElasticSearch로 전달

    [centos@ip-192-168-0-68 ~]$ vulslogconv -t els -i /home/centos/results/current/ -e https://search-vuls-es-vzksv25i3yzf6c5x6qevgzlx44.ap-northeast-1.es.amazonaws.com
    [INFO] : Convert start.
    TypeError: Cannot convert undefined or null to object
        at getFlatObj (/usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:102:16)
        at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:612:24
        at Array.forEach (native)
        at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:610:18
    [centos@ip-192-168-0-68 ~]$
    
    ※ 뭔가 이상한데...

    총결산


    가시화된 부분이 묵사발이 되었다.
    더 조사할 수밖에 없어!

    좋은 웹페이지 즐겨찾기