vuls v0.해보겠습니다 5.0!!(시각 형상 편으로 스캔)
9518 단어 vuls
개막사
[지난번]vulsv0.5.0을 사용해 봤습니다!!(환경 구축 편)에서 계속합니다.
따라서 vuls가 실행할 수 있는 환경의 전제가 있다.
참고 자료
Software Design 2017년 10월호에 소개된 내용을 골라보세요!
프로비저닝
스캔
[원격 검색 설정]
1. vuls 서버에 키 만들기
[vuls サーバにて]
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/centos/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/centos/.ssh/id_rsa.
Your public key has been saved in /home/centos/.ssh/id_rsa.pub.
2. scan target 서버에 키 설정
방금 만든 키의 내용을 보충합니다.[scan target サーバにて]
$ vi ~/.ssh/authorized_keys
3. ssh를 통해 vuls 서버에서scan target 서버에 로그인
[vuls サーバにて]
$ ssh -l [ユーザ名] -i /home/centos/.ssh/id_rsa [scan target サーバ IPアドレス]
4. 구성 파일 수정
[vuls サーバにて]
$ vi config.toml
[servers]
[servers.scan-target]
host = "scan target IPアドレス"
port = "22"
user = "ユーザ名"
keyPath = "/home/centos/.ssh/id_rsa"
scanMode = ["fast"]
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:25:38] INFO [localhost] Validating config...
[Aug 29 15:25:38] INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:25:38] INFO [localhost] Detecting OS of servers...
[Aug 29 15:25:39] INFO [localhost] (1/1) Detected: remote: centos 6.5
[Aug 29 15:25:39] INFO [localhost] Detecting OS of containers...
[Aug 29 15:25:39] INFO [localhost] Checking Scan Modes...
[Aug 29 15:25:39] INFO [localhost] Checking dependencies...
[Aug 29 15:25:39] ERROR [scan-target] yum-utils is not installed
[Aug 29 15:25:39] ERROR [localhost] Error: remote, err: [yum-utils is not installed]
[Aug 29 15:25:39] INFO [localhost] Checking sudo settings...
[Aug 29 15:25:39] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[scat target サーバにて]
$ sudo yum install yum-utils
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:54:19] INFO [localhost] Validating config...
[Aug 29 15:54:19] INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:54:19] INFO [localhost] Detecting OS of servers...
[Aug 29 15:54:19] INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 15:54:19] INFO [localhost] Detecting OS of containers...
[Aug 29 15:54:19] INFO [localhost] Checking Scan Modes...
[Aug 29 15:54:19] INFO [localhost] Checking dependencies...
[Aug 29 15:54:19] INFO [scan-target] Dependencies ... Pass
[Aug 29 15:54:19] INFO [localhost] Checking sudo settings...
[Aug 29 15:54:19] INFO [scan-target] Sudo... Pass
[Aug 29 15:54:19] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Aug 29 15:54:19] INFO [localhost] Scannable servers are below...
scan-target
5. 스캔 실행
[vuls サーバにて]
$ vuls scan scan-target
[Aug 29 16:02:00] INFO [localhost] Start scanning
[Aug 29 16:02:00] INFO [localhost] config: /home/centos/config.toml
[Aug 29 16:02:00] INFO [localhost] Validating config...
[Aug 29 16:02:00] INFO [localhost] Detecting Server/Container OS...
[Aug 29 16:02:00] INFO [localhost] Detecting OS of servers...
[Aug 29 16:02:00] INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 16:02:00] INFO [localhost] Detecting OS of containers...
[Aug 29 16:02:00] INFO [localhost] Checking Scan Modes...
[Aug 29 16:02:00] INFO [localhost] Detecting Platforms...
[Aug 29 16:02:00] INFO [localhost] (1/1) scan-target is running on aws
[Aug 29 16:02:00] INFO [localhost] Scanning vulnerabilities...
[Aug 29 16:02:00] INFO [localhost] Scanning vulnerable OS packages...
[Aug 29 16:02:00] INFO [scan-target] Scanning in fast mode
One Line Summary
================
scan-target centos6.5 198 installed, 139 updatable
To view the detail, vuls tui is useful.
To send a report, run vuls report -h.
스캔 모드
스캔 모드 정보
v0.5.0~3가지가 있습니다.
https://vuls.io/docs/en/architecture-fast-deep.html
[원격 검색 설정]
1. vuls 서버에 키 만들기
[vuls サーバにて]
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/centos/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/centos/.ssh/id_rsa.
Your public key has been saved in /home/centos/.ssh/id_rsa.pub.
2. scan target 서버에 키 설정
방금 만든 키의 내용을 보충합니다.
[scan target サーバにて]
$ vi ~/.ssh/authorized_keys
3. ssh를 통해 vuls 서버에서scan target 서버에 로그인
[vuls サーバにて]
$ ssh -l [ユーザ名] -i /home/centos/.ssh/id_rsa [scan target サーバ IPアドレス]
4. 구성 파일 수정
[vuls サーバにて]
$ vi config.toml
[servers]
[servers.scan-target]
host = "scan target IPアドレス"
port = "22"
user = "ユーザ名"
keyPath = "/home/centos/.ssh/id_rsa"
scanMode = ["fast"]
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:25:38] INFO [localhost] Validating config...
[Aug 29 15:25:38] INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:25:38] INFO [localhost] Detecting OS of servers...
[Aug 29 15:25:39] INFO [localhost] (1/1) Detected: remote: centos 6.5
[Aug 29 15:25:39] INFO [localhost] Detecting OS of containers...
[Aug 29 15:25:39] INFO [localhost] Checking Scan Modes...
[Aug 29 15:25:39] INFO [localhost] Checking dependencies...
[Aug 29 15:25:39] ERROR [scan-target] yum-utils is not installed
[Aug 29 15:25:39] ERROR [localhost] Error: remote, err: [yum-utils is not installed]
[Aug 29 15:25:39] INFO [localhost] Checking sudo settings...
[Aug 29 15:25:39] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[scat target サーバにて]
$ sudo yum install yum-utils
[vuls サーバにて]
$ vuls configtest
[Aug 29 15:54:19] INFO [localhost] Validating config...
[Aug 29 15:54:19] INFO [localhost] Detecting Server/Container OS...
[Aug 29 15:54:19] INFO [localhost] Detecting OS of servers...
[Aug 29 15:54:19] INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 15:54:19] INFO [localhost] Detecting OS of containers...
[Aug 29 15:54:19] INFO [localhost] Checking Scan Modes...
[Aug 29 15:54:19] INFO [localhost] Checking dependencies...
[Aug 29 15:54:19] INFO [scan-target] Dependencies ... Pass
[Aug 29 15:54:19] INFO [localhost] Checking sudo settings...
[Aug 29 15:54:19] INFO [scan-target] Sudo... Pass
[Aug 29 15:54:19] INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Aug 29 15:54:19] INFO [localhost] Scannable servers are below...
scan-target
5. 스캔 실행
[vuls サーバにて]
$ vuls scan scan-target
[Aug 29 16:02:00] INFO [localhost] Start scanning
[Aug 29 16:02:00] INFO [localhost] config: /home/centos/config.toml
[Aug 29 16:02:00] INFO [localhost] Validating config...
[Aug 29 16:02:00] INFO [localhost] Detecting Server/Container OS...
[Aug 29 16:02:00] INFO [localhost] Detecting OS of servers...
[Aug 29 16:02:00] INFO [localhost] (1/1) Detected: scan-target: centos 6.5
[Aug 29 16:02:00] INFO [localhost] Detecting OS of containers...
[Aug 29 16:02:00] INFO [localhost] Checking Scan Modes...
[Aug 29 16:02:00] INFO [localhost] Detecting Platforms...
[Aug 29 16:02:00] INFO [localhost] (1/1) scan-target is running on aws
[Aug 29 16:02:00] INFO [localhost] Scanning vulnerabilities...
[Aug 29 16:02:00] INFO [localhost] Scanning vulnerable OS packages...
[Aug 29 16:02:00] INFO [scan-target] Scanning in fast mode
One Line Summary
================
scan-target centos6.5 198 installed, 139 updatable
To view the detail, vuls tui is useful.
To send a report, run vuls report -h.
스캔 모드
스캔 모드 정보
v0.5.0~3가지가 있습니다.
https://vuls.io/docs/en/architecture-fast-deep.html
지정 방법
[vuls サーバにて]
$ vi config.toml
[servers]
[servers.scan-target]
host = "scan target IPアドレス"
port = "22"
user = "ユーザ名"
keyPath = "/home/centos/.ssh/id_rsa"
scanMode = ["fast" | "fast-root" | "deep"]
결과 확인
TUI(Terminal-Based User Interface)
기본 탑재 확인 방법이다.$ vuls tui
Ctrl + C で画面から抜けれます。
v0.5.0 내용이 변경된 것 같습니다.
$ vuls tui
Ctrl + C で画面から抜けれます。
시각화
VulsRepo
1. VulsRepo 설치
VulsRepo
[일본어 번역 문서] https://vuls.io/docs/ja/vulsrepo.html
2. 파일 지정
[centos@ip-192-168-0-68 ~]$ ls -l /home/centos/results/2018-08-29T16:02:00Z
合計 3336
-rw-------. 1 centos centos 3412750 8月 29 16:02 scan-target.json
[centos@ip-192-168-0-68 ~]$
※ 뭔가 이상한데...Elasticsearch+Kibana
1. vuls-log-converter 설치
$ sudo yum install epel-release
$ sudo yum install nodejs
$ sudo yum install -y npm --enablerepo=epel
$ sudo npm i -g vuls-log-converter
2. 파일 변환
[centos@ip-192-168-0-68 ~]$ vulslogconv -t csv -i /home/centos/results/current/ -o ./output.csv
[INFO] : Convert start.
TypeError: Cannot convert undefined or null to object
at getFlatObj (/usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:102:16)
at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:612:24
at Array.forEach (native)
at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:610:18
[centos@ip-192-168-0-68 ~]$
※ 뭔가 이상한데...3. ElasticSearch로 전달
[centos@ip-192-168-0-68 ~]$ vulslogconv -t els -i /home/centos/results/current/ -e https://search-vuls-es-vzksv25i3yzf6c5x6qevgzlx44.ap-northeast-1.es.amazonaws.com
[INFO] : Convert start.
TypeError: Cannot convert undefined or null to object
at getFlatObj (/usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:102:16)
at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:612:24
at Array.forEach (native)
at /usr/lib/node_modules/vuls-log-converter/bin/vuls-log-converter.js:610:18
[centos@ip-192-168-0-68 ~]$
※ 뭔가 이상한데...총결산
가시화된 부분이 묵사발이 되었다.
더 조사할 수밖에 없어!
Reference
이 문제에 관하여(vuls v0.해보겠습니다 5.0!!(시각 형상 편으로 스캔)), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/bee3/items/73b90c26970e423b34fa
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
Reference
이 문제에 관하여(vuls v0.해보겠습니다 5.0!!(시각 형상 편으로 스캔)), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/bee3/items/73b90c26970e423b34fa텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)