優技録 | public string[] 優技録 = { "Data Science", "Linux", "MS", "DB", "AWS", "Infrastructure", "C#", "PHP", "Python", "JavaScript"};

H2O WEBサーバ

投稿日: 2017年10月1日2017年10月1日投稿者: 優

H2OでWEBサーバカンファレンス用に用意しました。

今回カンファレンスのハッキング用のWEBサーバにH2Oを選定しました。選定理由は色々ですが、主に検証です。

HTTP/2で使うのが本懐のようですが、カンファレンス用のサーバはローカルなので。

H2Oってなにもの？

H2O – making the Web faster from Kazuho Oku

HTTP/2の課題と将来 from Kazuho Oku

インストール

必要なものをインストールします。

# yum groupinstall "Development Tools"

# yum install yum-utils

# yum install cmake libyaml-devel

# yum groupinstall "Development Tools"

# yum install yum-utils

# yum install cmake libyaml-devel

リスタートが必要なプロセスを表示

# needs-restarting -s

systemd-logind.service
atd.service
NetworkManager.service
postfix.service
dbus.service
getty@tty1.service
serial-getty@ttyS0.service
systemd-journald.service
libstoragemgmt.service

# needs-restarting -s

systemd-logind.service

atd.service

NetworkManager.service

postfix.service

dbus.service

getty@tty1.service

serial-getty@ttyS0.service

systemd-journald.service

libstoragemgmt.service

リブートが必要なサービスを確認

# needs-restarting -r

Core libraries or services have been updated:
  openssl-libs -> 1:1.0.2k-8.el7
  glibc -> 2.17-196.el7
  glibc -> 2.17-196.el7
  linux-firmware -> 20170606-56.gitc990aae.el7
  gnutls -> 3.3.26-9.el7
  kernel -> 3.10.0-693.2.2.el7
  systemd -> 219-42.el7_4.1

Reboot is required to ensure that your system benefits from these updates.

More information:
https://access.redhat.com/solutions/27943

# needs-restarting -r

Core libraries or services have been updated:

openssl-libs -> 1:1.0.2k-8.el7

glibc -> 2.17-196.el7

linux-firmware -> 20170606-56.gitc990aae.el7

gnutls -> 3.3.26-9.el7

kernel -> 3.10.0-693.2.2.el7

systemd -> 219-42.el7_4.1

Reboot is required to ensure that your system benefits from these updates.

More information:

https://access.redhat.com/solutions/27943

# reboot now

1	# reboot now

MariaDBのインストール

# yum install MariaDB-devel MariaDB-client MariaDB-server

1	# yum install MariaDB-devel MariaDB-client MariaDB-server

# systemctl enable mysql
# systemctl start mysql

1 2	# systemctl enable mysql # systemctl start mysql

WordPress用データベースの作成

# mysql -u root

MariaDB [(none)]> CREATE DATABASE wpdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wpdb.* TO "wpdbuser"@"localhost" IDENTIFIED BY 'wpdbpassword';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit
Bye

# mysql -u root

MariaDB [(none)]> CREATE DATABASE wpdb;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON wpdb.* TO "wpdbuser"@"localhost" IDENTIFIED BY 'wpdbpassword';

MariaDB [(none)]> FLUSH PRIVILEGES;

MariaDB [(none)]> exit

Bye

WordPressのダウンロード

# cd /var/www/html/

# wget https://ja.wordpress.org/wordpress-4.8.2-ja.zip

# unzip wordpress-4.8.2-ja.zip

# mv wordpress wp

# cp /var/www/html/wp/wp-config-sample.php /var/www/html/wp/wp-config.php

# cd /var/www/html/

# wget https://ja.wordpress.org/wordpress-4.8.2-ja.zip

# unzip wordpress-4.8.2-ja.zip

# mv wordpress wp

# cp /var/www/html/wp/wp-config-sample.php /var/www/html/wp/wp-config.php

コンフィグの設定

# vi /var/www/html/wp/wp-config.php

define('DB_NAME', 'wpdb');

/** MySQL データベースのユーザー名 */
define('DB_USER', 'wpdbuser');

/** MySQL データベースのパスワード */
define('DB_PASSWORD', 'wpdbpassword');

# vi /var/www/html/wp/wp-config.php

define('DB_NAME', 'wpdb');

/** MySQL データベースのユーザー名 */

define('DB_USER', 'wpdbuser');

/** MySQL データベースのパスワード */

define('DB_PASSWORD', 'wpdbpassword');

PHP7のインストール

# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

1	# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

# yum install --enablerepo=remi-php71 php php-mysql php-mbstring

1	# yum install --enablerepo=remi-php71 php php-mysql php-mbstring

# vi /etc/php.ini

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
date.timezone = "Asia/Tokyo"

# vi /etc/php.ini

[Date]

; Defines the default timezone used by the date functions

; http://php.net/date.timezone

;date.timezone =

date.timezone = "Asia/Tokyo"

H2Oのインストール

# vi /etc/yum.repos.d/h2o.repo


[bintray-tatsushid-h2o-rpm]
name=bintray-tatsushid-h2o-rpm
baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

# vi /etc/yum.repos.d/h2o.repo

[bintray-tatsushid-h2o-rpm]

name=bintray-tatsushid-h2o-rpm

baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/

gpgcheck=0

repo_gpgcheck=0

enabled=1

H2O設定

# cp /etc/h2o/h2o.conf /etc/h2o/h2o.conf.org

1	# cp /etc/h2o/h2o.conf /etc/h2o/h2o.conf.org

# vi /etc/h2o/h2o.conf

user: nobody
listen:
  port: 80
  host: 0.0.0.0

file.index: ['index.php', 'index.html']
file.send-gzip: ON
file.etag: OFF
expires: 1 day

hosts:
  "192.168.11.191":
    paths:
      /:
        file.dir: /var/www/html/wp/
        file.dirlisting: OFF

        # パーマリンク
        redirect:
          url: /index.php/
          internal: YES
          status: 307

        file.custom-handler:
         extension: .php
         fastcgi.connect:
          host: 127.0.0.1
          port: 9000
          type: tcp

access-log: /var/log/h2o/access.log
error-log: /var/log/h2o/error.log
pid-file: /var/run/h2o.pid

header.unset: "X-Powered-By"
header.set: "X-Content-Type-Options: nosniff"

# vi /etc/h2o/h2o.conf

user: nobody

listen:

port: 80

host: 0.0.0.0

file.index: ['index.php', 'index.html']

file.send-gzip: ON

file.etag: OFF

expires: 1 day

hosts:

"192.168.11.191":

paths:

file.dir: /var/www/html/wp/

file.dirlisting: OFF

# パーマリンク

redirect:

url: /index.php/

internal: YES

status: 307

file.custom-handler:

extension: .php

fastcgi.connect:

host: 127.0.0.1

port: 9000

type: tcp

access-log: /var/log/h2o/access.log

error-log: /var/log/h2o/error.log

pid-file: /var/run/h2o.pid

header.unset: "X-Powered-By"

header.set: "X-Content-Type-Options: nosniff"

とりあえず検証として動くように設定。

起動させます。

# systemctl enable h2o
# systemctl start h2o

1 2	# systemctl enable h2o # systemctl start h2o

# systemctl enable php-fpm
# systemctl start php-fpm

1 2	# systemctl enable php-fpm # systemctl start php-fpm

Firewalld設定

# systemctl enable firewalld
# systemctl start firewalld

# firewall-cmd --permanent --add-port=22/tcp --zone=public --permanent
# firewall-cmd --permanent --add-port=80/tcp --zone=public --permanent
# firewall-cmd --permanent --add-port=443/tcp --zone=public --permanent


# firewall-cmd --list-port --zone=public  --permanent
80/tcp 443/tcp 22/tcp


# firewall-cmd --reload
success

# systemctl enable firewalld

# systemctl start firewalld

# firewall-cmd --permanent --add-port=22/tcp --zone=public --permanent

# firewall-cmd --permanent --add-port=80/tcp --zone=public --permanent

# firewall-cmd --permanent --add-port=443/tcp --zone=public --permanent

# firewall-cmd --list-port --zone=public --permanent

80/tcp 443/tcp 22/tcp

# firewall-cmd --reload

success

最低限必要なポートを開けます。

アクセスしてみよう

Hello H2O!

表示が出来ましたね。ここから色々脆弱性を混入させていく作業になるのですが、それは割愛。

ベンチマーク ab

カンファレンス用PCサーバ　2CPU5GB

# ab -n 1000 -c 100 http://192.168.11.191/

This is ApacheBench, Version 2.4 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.11.191 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        h2o/2.2.2
Server Hostname:        192.168.11.191
Server Port:            80

Document Path:          /
Document Length:        12240 bytes

Concurrency Level:      100
Time taken for tests:   0.881 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      12496000 bytes
HTML transferred:       12240000 bytes
Requests per second:    1134.98 [#/sec] (mean)
Time per request:       88.107 [ms] (mean)
Time per request:       0.881 [ms] (mean, across all concurrent requests)
Transfer rate:          13850.32 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    2   8.4      0      39
Processing:    10   82  18.4     84     125
Waiting:        3   79  17.3     83     117
Total:         41   84  14.7     84     125

Percentage of the requests served within a certain time (ms)
  50%     84
  66%     85
  75%     87
  80%     95
  90%    103
  95%    106
  98%    110
  99%    112
 100%    125 (longest request)

# ab -n 1000 -c 100 http://192.168.11.191/

This is ApacheBench, Version 2.4 <$Revision: 655654 $>

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.11.191 (be patient)

Completed 100 requests

Completed 200 requests

Completed 300 requests

Completed 400 requests

Completed 500 requests

Completed 600 requests

Completed 700 requests

Completed 800 requests

Completed 900 requests

Completed 1000 requests

Finished 1000 requests

Server Software: h2o/2.2.2

Server Hostname: 192.168.11.191

Server Port: 80

Document Path: /

Document Length: 12240 bytes

Concurrency Level: 100

Time taken for tests: 0.881 seconds

Complete requests: 1000

Failed requests: 0

Write errors: 0

Total transferred: 12496000 bytes

HTML transferred: 12240000 bytes

Requests per second: 1134.98 [#/sec] (mean)

Time per request: 88.107 [ms] (mean)

Time per request: 0.881 [ms] (mean, across all concurrent requests)

Transfer rate: 13850.32 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median max

Connect: 0 2 8.4 0 39

Processing: 10 82 18.4 84 125

Waiting: 3 79 17.3 83 117

Total: 41 84 14.7 84 125

Percentage of the requests served within a certain time (ms)

50% 84

66% 85

75% 87

80% 95

90% 103

95% 106

98% 110

99% 112

100% 125 (longest request)

ConoHa 3CPU2GB

# ab -n 1000 -c 100 http://150.95.182.43/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 150.95.182.43 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        h2o/2.2.2
Server Hostname:        150.95.182.43
Server Port:            80

Document Path:          /
Document Length:        51601 bytes

Concurrency Level:      100
Time taken for tests:   26.283 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      51863000 bytes
HTML transferred:       51601000 bytes
Requests per second:    38.05 [#/sec] (mean)
Time per request:       2628.317 [ms] (mean)
Time per request:       26.283 [ms] (mean, across all concurrent requests)
Transfer rate:          1926.99 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   2.5      0      10
Processing:   107 2542 356.6   2543    3580
Waiting:       93 2506 356.4   2511    3539
Total:        107 2543 355.8   2543    3590

Percentage of the requests served within a certain time (ms)
  50%   2543
  66%   2598
  75%   2667
  80%   2728
  90%   2870
  95%   3027
  98%   3215
  99%   3459
 100%   3590 (longest request)

# ab -n 1000 -c 100 http://150.95.182.43/

This is ApacheBench, Version 2.3 <$Revision: 1430300 $>

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 150.95.182.43 (be patient)

Completed 100 requests

Completed 200 requests

Completed 300 requests

Completed 400 requests

Completed 500 requests

Completed 600 requests

Completed 700 requests

Completed 800 requests

Completed 900 requests

Completed 1000 requests

Finished 1000 requests

Server Software: h2o/2.2.2

Server Hostname: 150.95.182.43

Server Port: 80

Document Path: /

Document Length: 51601 bytes

Concurrency Level: 100

Time taken for tests: 26.283 seconds

Complete requests: 1000

Failed requests: 0

Write errors: 0

Total transferred: 51863000 bytes

HTML transferred: 51601000 bytes

Requests per second: 38.05 [#/sec] (mean)

Time per request: 2628.317 [ms] (mean)

Time per request: 26.283 [ms] (mean, across all concurrent requests)

Transfer rate: 1926.99 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median max

Connect: 0 1 2.5 0 10

Processing: 107 2542 356.6 2543 3580

Waiting: 93 2506 356.4 2511 3539

Total: 107 2543 355.8 2543 3590

Percentage of the requests served within a certain time (ms)

50% 2543

66% 2598

75% 2667

80% 2728

90% 2870

95% 3027

98% 3215

99% 3459

100% 3590 (longest request)

H2O, PHP-FPM, MariaDB, システム面がデフォルト設定なので、チューニングすれば全然違う結果になるかもしれません。

また、今回は講義形式だったので、サーバにアクセスして攻撃して頂いたのは僅かでしたが、H2Oを実際に使うことで動作や負荷を与えた場合の検証が出来たので良かったです。

ディスク複製玄人志向 KURO-DACHI/CLONE/U3

投稿日: 2017年10月1日2017年10月2日投稿者: 優

玄人志向

http://www.kuroutoshikou.com/product/case/original/kuro-dachi_clone_u3/

単純なディスククのコールドクローンはこれが楽で活躍中。

注意

100%だけのところが光っている時は、まだ75～99%で進捗中、引き抜かないように。全ての色がぴかっぴかと点灯したらディスクの複製が完了です。

他にLinuxのddコマンドを使う方法などもあります。

パーティション単位や、ホットクローンはAOMEI Backupperを使います。

ipset+Firewalld アクセス制御 CentOS7

投稿日: 2017年10月1日2017年10月2日投稿者: 優

クラウド側のファイアウォールで制御するのが標準で、Fail2banなどのIPSでBANを自動化するように設定するので、実際に手作業でipsetによるアクセス制御を実施するような要望が発生することはかなり少ないですが、知っていると知らないとでは大きな違いですし、国単位のアクセス制御する場合など使えます。

環境

記事にする為に攻撃して貰うように、
SSHにてデフォルトポート、パスワード認証、rootログイン可能にしています。

# yum install ipset

Package ipset-6.29-1.el7.x86_64 already installed and latest version

# yum install ipset

Package ipset-6.29-1.el7.x86_64 already installed and latest version

# tail -f  /var/log/secure

Oct  1 12:44:51 150-xxx-yyy-43 sshd[16846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.xxx.yyy.40  user=root
Oct  1 12:44:51 150-xxx-yyy-43 sshd[16846]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

# tail -f /var/log/secure

Oct 1 12:44:51 150-xxx-yyy-43 sshd[16846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.xxx.yyy.40 user=root

Oct 1 12:44:51 150-xxx-yyy-43 sshd[16846]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

# ipset create BLACKLIST hash:ip hashsize 4096

# ipset add BLACKLIST 61.xxx.yyy.40
※# ipset add BLACKLIST 192.168.0.0/24という指定もできる。

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0  -m set --match-set BLACKLIST src -j DROP
success

# ipset create BLACKLIST hash:ip hashsize 4096

# ipset add BLACKLIST 61.xxx.yyy.40

※# ipset add BLACKLIST 192.168.0.0/24という指定もできる。

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m set --match-set BLACKLIST src -j DROP

success

# tail -f  /var/log/secure

Oct  1 12:53:36 150-xxx-yyy-43 sshd[16881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Oct  1 12:53:39 150-xxx-yyy-43 sshd[16881]: Failed password for root from 58.xxx.yyy.160 port 12587 ssh2

# tail -f /var/log/secure

Oct 1 12:53:36 150-xxx-yyy-43 sshd[16881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

Oct 1 12:53:39 150-xxx-yyy-43 sshd[16881]: Failed password for root from 58.xxx.yyy.160 port 12587 ssh2

禁止したいIPを追加します。

# ipset add BLACKLIST 58.xxx.yyy.160

1	# ipset add BLACKLIST 58.xxx.yyy.160

# date
Sun Oct  1 13:04:25 JST 2017

1 2	# date Sun Oct 1 13:04:25 JST 2017

# tail -f  /var/log/secure

Oct  1 12:55:03 150-xxx-yyy-43 sshd[16907]: Failed password for root from 58.xxx.yyy.160 port 23577 ssh2
Oct  1 12:55:04 150-xxx-yyy-43 sshd[16907]: Received disconnect from 58.xxx.yyy.160 port 23577:11:  [preauth]
Oct  1 12:55:04 150-xxx-yyy-43 sshd[16907]: Disconnected from 58.xxx.yyy.160 port 23577 [preauth]
Oct  1 12:55:04 150-xxx-yyy-43 sshd[16907]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.xxx.yyy.160  user=root

# tail -f /var/log/secure

Oct 1 12:55:03 150-xxx-yyy-43 sshd[16907]: Failed password for root from 58.xxx.yyy.160 port 23577 ssh2

Oct 1 12:55:04 150-xxx-yyy-43 sshd[16907]: Received disconnect from 58.xxx.yyy.160 port 23577:11: [preauth]

Oct 1 12:55:04 150-xxx-yyy-43 sshd[16907]: Disconnected from 58.xxx.yyy.160 port 23577 [preauth]

Oct 1 12:55:04 150-xxx-yyy-43 sshd[16907]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.xxx.yyy.160 user=root

設定を反映

# firewall-cmd --reload
success

1 2	# firewall-cmd --reload success

状態を確認します。

# iptables -L INPUT_direct -v

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination
   17  1020 DROP       all  --  any    any     anywhere             anywhere             match-set BLACKLIST src

# iptables -L INPUT_direct -v

Chain INPUT_direct (1 references)

pkts bytes target prot opt in out source destination

17 1020 DROP all -- any any anywhere anywhere match-set BLACKLIST src

禁止されているIPの確認

# ipset list 

Name: BLACKLIST
Type: hash:ip
Revision: 1
Header: family inet hashsize 4096 maxelem 65536
Size in memory: 65712
References: 1
Members:
58.xxx.yyy.160
61.xxx.yyy.40

# ipset list

Name: BLACKLIST

Type: hash:ip

Revision: 1

Header: family inet hashsize 4096 maxelem 65536

Size in memory: 65712

References: 1

Members:

58.xxx.yyy.160

61.xxx.yyy.40

61.xxx.yyy.40のIPを外します。

# ipset del BLACKLIST 61.xxx.yyy.40

1	# ipset del BLACKLIST 61.xxx.yyy.40

状態を確認します。

# ipset list BLACKLIST

Name: BLACKLIST
Type: hash:ip
Revision: 1
Header: family inet hashsize 4096 maxelem 65536
Size in memory: 65712
References: 1
Members:
58.xxx.yyy.160

# ipset list BLACKLIST

Name: BLACKLIST

Type: hash:ip

Revision: 1

Header: family inet hashsize 4096 maxelem 65536

Size in memory: 65712

References: 1

Members:

58.xxx.yyy.160

状況確認します。

# date
Sun Oct  1 13:14:07 JST 2017

1 2	# date Sun Oct 1 13:14:07 JST 2017

# tail -f  /var/log/secure
Oct  1 13:26:03 150-xxx-yyy-43 sshd[17076]: Received disconnect from 61.xxx.yyy.40 port 38921:11:  [preauth]
Oct  1 13:26:03 150-xxx-yyy-43 sshd[17076]: Disconnected from 61.xxx.yyy.40 port 38921 [preauth]

# tail -f /var/log/secure

Oct 1 13:26:03 150-xxx-yyy-43 sshd[17076]: Received disconnect from 61.xxx.yyy.40 port 38921:11: [preauth]

Oct 1 13:26:03 150-xxx-yyy-43 sshd[17076]: Disconnected from 61.xxx.yyy.40 port 38921 [preauth]

攻撃が再開された。

攻撃者側の通信がサーバに可能になったことがわかります。

3次関数の性質

変曲点で点対象になっている
極大値と極小値がある
微分して導関数f´(x) = 0の時に、極大値と極小値のx座標が出る、
更に原子関数に極大値と極小値のx座標を代入すれば、極大値、極小値のy座標が出せる

変曲点

グラフの凸と凹が入れ替わる点を変曲点、変曲点によって3次関数のグラフは点対象になる
変曲点は2階微分した2次導関数が0の時のx座標が変曲点のx座標、
そのx座標を原子関数のxに代入すると、変曲点のy座標が出る
グラフの極大、極小がx座標の接点として接する時に、接点、変曲点、交点の位置は
| 変曲点－接点 | ： | 交点－変曲点 | = 1 ： 2

変曲点の導出

Vuls+VulsRepoのインストール CentOS7 パッケージ脆弱性スキャナ

投稿日: 2017年9月28日2017年9月29日投稿者: 優

Vuls

VulsでRedHat系OSの脆弱性をスキャンする定期更新スクリプト

寄稿しました。

会社内のESXi上にVulsサーバを設置し、外部のサーバ群の脆弱性を管理しています…(๑❛ᴗ❛๑ )

Vulsサーバのインストール+設定

開発系+基本インストール

# yum groupinstall "Development Tools"

# yum groupinstall "Base"
 
# yum install gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2 libxml2-devel libxslt-devel libxslt libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools-devel flex libmcrypt libtool-ltdl libtidy libXpm libtiff gd-last autoconf automake gmp gmp-devel libgmp.so.3 libssl.so.6

# yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker

# yum install sqlite git gcc make yum-plugin-changelog

# yum groupinstall "Development Tools"

# yum groupinstall "Base"

# yum install gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2 libxml2-devel libxslt-devel libxslt libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools-devel flex libmcrypt libtool-ltdl libtidy libXpm libtiff gd-last autoconf automake gmp gmp-devel libgmp.so.3 libssl.so.6

# yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker

# yum install sqlite git gcc make yum-plugin-changelog

# yum update

1	# yum update

# reboot now

1	# reboot now

Vuls用ユーザの作成

# useradd vulsuser

# passwd vulsuser

# useradd vulsuser

# passwd vulsuser

# visudo

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

※下記を追加

Defaults:vuls !requiretty
vulsuser ALL=(root) NOPASSWD: ALL
Defaults:vuls env_keep="http_proxy https_proxy HTTP_PROXY HTTPS_PROXY"

# visudo

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

※下記を追加

Defaults:vuls !requiretty

vulsuser ALL=(root) NOPASSWD: ALL

Defaults:vuls env_keep="http_proxy https_proxy HTTP_PROXY HTTPS_PROXY"

ここからVuls用ユーザで作業します。

# su - vulsuser

1	# su - vulsuser

公開鍵認証用の鍵ペアを作る

$ ssh-keygen -t rsa -b 4096

1	$ ssh-keygen -t rsa -b 4096

$ cat id_rsa

-----BEGIN RSA PRIVATE KEY-----
MIIJKQjjoidsofijdslkfjlakfopoerdpotdj53498vl;sgfdgazAdflk$#sdfaf
MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n
A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM
MIIJKQjjoidsofijdslkfjlakfopoerdpot53498vl;sgfdgazAdfgslk$#sdfaf
MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n
A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM

(略)

MIIJKQjjoidsofijdslkfjlakfopoerdpot53498vl;sgfdgazAdfgslk$#sdfaf
MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n
A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM
l0URzEnbBmFZ0L3hOGDn678G7aO4vffGEvEP9LvF0CbXXJ93iP6EkxK0ZV80
-----END RSA PRIVATE KEY-----

$ cat id_rsa

-----BEGIN RSA PRIVATE KEY-----

MIIJKQjjoidsofijdslkfjlakfopoerdpotdj53498vl;sgfdgazAdflk$#sdfaf

MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n

A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM

MIIJKQjjoidsofijdslkfjlakfopoerdpot53498vl;sgfdgazAdfgslk$#sdfaf

MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n

A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM

(略)

MIIJKQjjoidsofijdslkfjlakfopoerdpot53498vl;sgfdgazAdfgslk$#sdfaf

MnQo889W9WMCGvwlcDX2Ml1VgaQuDdtZLd8+ER+AWdi/pdtrXBaqjkqe5Zkr802n

A705NYPnn76kLfhaBAWw/vQXD819ufk7PBpLCDEbj23iz/b7/Lm47oxhtRW28gRM

l0URzEnbBmFZ0L3hOGDn678G7aO4vffGEvEP9LvF0CbXXJ93iP6EkxK0ZV80

-----END RSA PRIVATE KEY-----

$ cat id_rsa.pub

ssh-rsa oiwto4tp42AFDSfoEBbD+9BcPzX25+Ts8GksIMRuPbeLP9vv8ubjujGG1FbbyBExpqLWVOa2/eXpkYIVnGUzEExQ/UiJzVTZw1uifS/LGydcOXFEFvLsYUmFUQjoXpLIxyf76FXLWg1JXLlKC8zzC3f3A+xN3RVtxTbWUv6eu2UPhBaItCwrNQqDaQSRfCSDioY472wlW23fXSQLMpVpqeyvQzoDGHJ0UByPsVMk8PXqyegG5wg/qC/ujlbSbirAnVjX5d/mxQRDs8ynZF85YtX8LwyCTZBu3uzkUoMIHovmLKDFs3duw8IPEc9QtRK6x0y5z2V9L4c1H/8YpJww57HUzzEbbuvjihMt1kpnrpNrB4lPVGtoV0nGVLhQ86djAZQPurfvT0dyEO0sFWDSRTWEj/zh==

$ cat id_rsa.pub

ssh-rsa oiwto4tp42AFDSfoEBbD+9BcPzX25+Ts8GksIMRuPbeLP9vv8ubjujGG1FbbyBExpqLWVOa2/eXpkYIVnGUzEExQ/UiJzVTZw1uifS/LGydcOXFEFvLsYUmFUQjoXpLIxyf76FXLWg1JXLlKC8zzC3f3A+xN3RVtxTbWUv6eu2UPhBaItCwrNQqDaQSRfCSDioY472wlW23fXSQLMpVpqeyvQzoDGHJ0UByPsVMk8PXqyegG5wg/qC/ujlbSbirAnVjX5d/mxQRDs8ynZF85YtX8LwyCTZBu3uzkUoMIHovmLKDFs3duw8IPEc9QtRK6x0y5z2V9L4c1H/8YpJww57HUzzEbbuvjihMt1kpnrpNrB4lPVGtoV0nGVLhQ86djAZQPurfvT0dyEO0sFWDSRTWEj/zh==

パーミッション設定

$ sudo chmod 700 /home/vulsuser/.ssh

$ sudo chmod 400 /home/vulsuser/.ssh/id_rsa

$ mv /home/vulsuser/.ssh/id_rsa.pub /home/vulsuser/.ssh/authorized_keys

$ sudo chmod 600 /home/vulsuser/.ssh/authorized_keys

$ sudo chmod 700 /home/vulsuser/.ssh

$ sudo chmod 400 /home/vulsuser/.ssh/id_rsa

$ mv /home/vulsuser/.ssh/id_rsa.pub /home/vulsuser/.ssh/authorized_keys

$ sudo chmod 600 /home/vulsuser/.ssh/authorized_keys

SSH設定

$ sudo vi /etc/ssh/sshd_config


#Port 22
Port xxx22

#PermitRootLogin yes
PermitRootLogin no

#PasswordAuthentication yes
PasswordAuthentication no

$ sudo vi /etc/ssh/sshd_config

#Port 22

Port xxx22

#PermitRootLogin yes

PermitRootLogin no

#PasswordAuthentication yes

PasswordAuthentication no

$ sudo sshd -t

$ sudo systemctl reload sshd

$ sudo sshd -t

$ sudo systemctl reload sshd

Go言語インストール

$ cd

$ cd

https://golang.org/dl/

$ wget https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz

https://golang.org/dl/

$ wget https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz

$ sudo tar -C /usr/local -xzf go1.9.linux-amd64.tar.gz

$ mkdir $HOME/go

$ ls
go  go1.9.linux-amd64.tar.gz

$ rm go1.9.linux-amd64.tar.gz

$ sudo tar -C /usr/local -xzf go1.9.linux-amd64.tar.gz

$ mkdir $HOME/go

$ ls

go go1.9.linux-amd64.tar.gz

$ rm go1.9.linux-amd64.tar.gz

環境変数設定

$ sudo vi /etc/profile.d/goenv.sh

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

$ sudo vi /etc/profile.d/goenv.sh

export GOROOT=/usr/local/go

export GOPATH=$HOME/go

export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

反映させる

$ sudo chmod 755 /etc/profile.d/goenv.sh

$ source /etc/profile.d/goenv.sh

$ go version
go version go1.9 linux/amd64

$ sudo chmod 755 /etc/profile.d/goenv.sh

$ source /etc/profile.d/goenv.sh

$ go version

go version go1.9 linux/amd64

辞書ファイルライブラリのインストール

$ sudo mkdir /var/log/vuls

$ sudo chown vulsuser /var/log/vuls

$ sudo chmod 700 /var/log/vuls

$ mkdir -p $GOPATH/src/github.com/kotakanbe

$ sudo mkdir /var/log/vuls

$ sudo chown vulsuser /var/log/vuls

$ sudo chmod 700 /var/log/vuls

$ mkdir -p $GOPATH/src/github.com/kotakanbe

$ cd $GOPATH/src/github.com/kotakanbe

$ pwd
/home/vulsuser/go/src/github.com/kotakanbe

$ git clone https://github.com/kotakanbe/go-cve-dictionary.git

Cloning into 'go-cve-dictionary'...
remote: Counting objects: 500, done.
remote: Total 500 (delta 0), reused 0 (delta 0), pack-reused 500
Receiving objects: 100% (500/500), 142.72 KiB | 64.00 KiB/s, done.
Resolving deltas: 100% (259/259), done.


$ cd go-cve-dictionary

$ make install

go get -u github.com/golang/dep/...
dep ensure
go install -ldflags "-X 'main.version=v0.1.1' -X 'main.revision=f5406ff'"

$ cd $GOPATH/src/github.com/kotakanbe

$ pwd

/home/vulsuser/go/src/github.com/kotakanbe

$ git clone https://github.com/kotakanbe/go-cve-dictionary.git

Cloning into 'go-cve-dictionary'...

remote: Counting objects: 500, done.

remote: Total 500 (delta 0), reused 0 (delta 0), pack-reused 500

Receiving objects: 100% (500/500), 142.72 KiB | 64.00 KiB/s, done.

Resolving deltas: 100% (259/259), done.

$ cd go-cve-dictionary

$ make install

go get -u github.com/golang/dep/...

dep ensure

go install -ldflags "-X 'main.version=v0.1.1' -X 'main.revision=f5406ff'"

エラーが出る場合

古いバージョンのgoが残っているパターンの場合

go get -u github.com/golang/dep/…
go install runtime/internal/atomic: open /usr/local/go/pkg/linux_amd64/runtime/internal/atomic.a: permission denied
make: *** [dep] Error 1

エラー

$ cd /usr/local

$ ls -laht
total 287M
drwxr-xr-x 13 root root 4.0K Sep 27 21:18 .
drwxr-xr-x 13 root root 4.0K Sep 26 14:49 ..
-rw-r–r– 1 root root 286M Aug 25 07:44 go1.9.linux-amd64.tar
drwxr-xr-x 11 root root 4.0K Aug 25 06:51 go

$ sudo rm -rf /usr/local/go

脆弱性データベース取得

$ cd $HOME

$ pwd
/home/vulsuser

NVD 約10分
$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done

JVN 約5分
$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done

$ cd $HOME

$ pwd

/home/vulsuser

NVD 約10分

$ for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done

JVN 約5分

$ for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done

Redhat系脆弱性情報取得 CentOS5, 6, 7

$ cd $GOPATH/src/github.com/kotakanbe

$ git clone https://github.com/kotakanbe/goval-dictionary.git

$ cd goval-dictionary
 
$ make install

fatal: No names found, cannot describe anything.
go get -u github.com/golang/dep/...
dep ensure
go install -ldflags "-X 'main.version=' -X 'main.revision=fd8ff5a'"


$ goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7

$ cd $GOPATH/src/github.com/kotakanbe

$ git clone https://github.com/kotakanbe/goval-dictionary.git

$ cd goval-dictionary

$ make install

fatal: No names found, cannot describe anything.

go get -u github.com/golang/dep/...

dep ensure

go install -ldflags "-X 'main.version=' -X 'main.revision=fd8ff5a'"

$ goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7

Vulsのインストール

$ mkdir -p $GOPATH/src/github.com/future-architect

$ cd $GOPATH/src/github.com/future-architect

$ pwd
/home/vulsuser/go/src/github.com/future-architect


$ git clone https://github.com/future-architect/vuls.git

Cloning into 'vuls'...
remote: Counting objects: 3756, done.
remote: Compressing objects: 100% (32/32), done.
remote: Total 3756 (delta 17), reused 22 (delta 11), pack-reused 3711
Receiving objects: 100% (3756/3756), 3.94 MiB | 1.13 MiB/s, done.
Resolving deltas: 100% (2564/2564), done.




$ cd vuls

vuls]$ make install

go get -u github.com/golang/dep/...
dep ensure
go install -ldflags "-X 'main.version=v0.4.0' -X 'main.revision=e5eb8e4'"

$ mkdir -p $GOPATH/src/github.com/future-architect

$ cd $GOPATH/src/github.com/future-architect

$ pwd

/home/vulsuser/go/src/github.com/future-architect

$ git clone https://github.com/future-architect/vuls.git

Cloning into 'vuls'...

remote: Counting objects: 3756, done.

remote: Compressing objects: 100% (32/32), done.

remote: Total 3756 (delta 17), reused 22 (delta 11), pack-reused 3711

Receiving objects: 100% (3756/3756), 3.94 MiB | 1.13 MiB/s, done.

Resolving deltas: 100% (2564/2564), done.

$ cd vuls

vuls]$ make install

go get -u github.com/golang/dep/...

dep ensure

go install -ldflags "-X 'main.version=v0.4.0' -X 'main.revision=e5eb8e4'"

コンフィグ設定

$ vi /home/vulsuser/config.toml

[email]
smtpAddr      = "localhost"
smtpPort      = "25"
from          = "VulsServer@example.net"
to            = ["hoge@gmail.com"]
subjectPrefix = "[vuls]"


[servers]

# localhost
[servers.localhost]
host =      "localhost" 
port =      "local"


# HOGEサーバ
[servers.HOGE]
host = "153.xxx.yyy.17"
port = "xxx22"
user = "vulsuser"
keyPath = "/home/vulsuser/.ssh/id_rsa"


# MOGEサーバ
[servers.MOGE]
host = "153.xxx.yyy.46"
port = "xxx22"
user = "vulsuser"
keyPath = "/home/vulsuser/.ssh/id_rsa"

$ vi /home/vulsuser/config.toml

[email]

smtpAddr = "localhost"

smtpPort = "25"

from = "VulsServer@example.net"

to = ["hoge@gmail.com"]

subjectPrefix = "[vuls]"

[servers]

# localhost

[servers.localhost]

host = "localhost"

port = "local"

# HOGEサーバ

[servers.HOGE]

host = "153.xxx.yyy.17"

port = "xxx22"

user = "vulsuser"

keyPath = "/home/vulsuser/.ssh/id_rsa"

# MOGEサーバ

[servers.MOGE]

host = "153.xxx.yyy.46"

port = "xxx22"

user = "vulsuser"

keyPath = "/home/vulsuser/.ssh/id_rsa"

“クライアント側”サーバ作業 ※検査される対象

# useradd vulsuser

# su - vulsuser

$ mkdir .ssh

Vulsサーバで作った公開鍵を貼り付ける。
$ vi ~/.ssh/authorized_keys

ssh-rsa oiwto4tp42AFDSfoEBbD+9BcPzX25+Ts8GksIMRuPbeLP9vv8ubjujGG1FbbyBExpqLWVOa2/eXpkYIVnGUzEExQ/UiJzVTZw1uifS/LGydcOXFEFvLsYUmFUQjoXpLIxyf76FXLWg1JXLlKC8zzC3f3A+xN3RVtxTbWUv6eu2UPhBaItCwrNQqDaQSRfCSDioY472wlW23fXSQLMpVpqeyvQzoDGHJ0UByPsVMk8PXqyegG5wg/qC/ujlbSbirAnVjX5d/mxQRDs8ynZF85YtX8LwyCTZBu3uzkUoMIHovmLKDFs3duw8IPEc9QtRK6x0y5z2V9L4c1H/8YpJww57HUzzEbbuvjihMt1kpnrpNrB4lPVGtoV0nGVLhQ86djAZQPurfvT0dyEO0sFWDSRTWEj/zh==


$ chmod 700 .ssh

$ chmod 600 ~/.ssh/authorized_keys

# useradd vulsuser

# su - vulsuser

$ mkdir .ssh

Vulsサーバで作った公開鍵を貼り付ける。

$ vi ~/.ssh/authorized_keys

$ chmod 700 .ssh

$ chmod 600 ~/.ssh/authorized_keys

Vulsサーバ側作業

クライアント側サーバに手動で１度ログインを行うことで、クライアントのknown_hostsに登録する。※これを行わないとエラーになる。

$ ssh vulsuser@153.xxx.yyy.46 -p 35522 -i /home/vulsuser/.ssh/id_rsa

(略)
Are you sure you want to continue connecting (yes/no)? yes


$ ssh vulsuser@153.xxx.yyy.17 -p 35522 -i /home/vulsuser/.ssh/id_rsa

(略)
Are you sure you want to continue connecting (yes/no)? yes

$ ssh vulsuser@153.xxx.yyy.46 -p 35522 -i /home/vulsuser/.ssh/id_rsa

(略)

Are you sure you want to continue connecting (yes/no)? yes

$ ssh vulsuser@153.xxx.yyy.17 -p 35522 -i /home/vulsuser/.ssh/id_rsa

(略)

Are you sure you want to continue connecting (yes/no)? yes

コンフィグテスト

$ cd $HOME


$ vuls configtest

[Sep 28 18:30:38]  INFO [localhost] Validating config...
[Sep 28 18:30:38]  INFO [localhost] Detecting Server/Container OS...
[Sep 28 18:30:38]  INFO [localhost] Detecting OS of servers...
[Sep 28 18:30:38]  INFO [localhost] (1/3) Detected: localhost: centos 7.4.1708
[Sep 28 18:30:39]  INFO [localhost] (2/3) Detected: MOGE: centos 6.8
[Sep 28 18:30:41]  INFO [localhost] (3/3) Detected: HOGE: centos 7.4.1708
[Sep 28 18:30:41]  INFO [localhost] Detecting OS of containers...
[Sep 28 18:30:41]  INFO [localhost] Checking dependencies...
[Sep 28 18:30:41]  INFO [localhost] Dependencies ... Pass
[Sep 28 18:30:42]  INFO [MOGE] Dependencies ... Pass
[Sep 28 18:30:42]  INFO [HOGE] Dependencies ... Pass
[Sep 28 18:30:42]  INFO [localhost] Checking sudo settings...
[Sep 28 18:30:42]  INFO [HOGE] sudo ... No need
[Sep 28 18:30:42]  INFO [localhost] sudo ... No need
[Sep 28 18:30:42]  INFO [MOGE] sudo ... No need
[Sep 28 18:30:42]  INFO [localhost] Scannable servers are below...
HOGE localhost MOGE

$ cd $HOME

$ vuls configtest

[Sep 28 18:30:38] INFO [localhost] Validating config...

[Sep 28 18:30:38] INFO [localhost] Detecting Server/Container OS...

[Sep 28 18:30:38] INFO [localhost] Detecting OS of servers...

[Sep 28 18:30:38] INFO [localhost] (1/3) Detected: localhost: centos 7.4.1708

[Sep 28 18:30:39] INFO [localhost] (2/3) Detected: MOGE: centos 6.8

[Sep 28 18:30:41] INFO [localhost] (3/3) Detected: HOGE: centos 7.4.1708

[Sep 28 18:30:41] INFO [localhost] Detecting OS of containers...

[Sep 28 18:30:41] INFO [localhost] Checking dependencies...

[Sep 28 18:30:41] INFO [localhost] Dependencies ... Pass

[Sep 28 18:30:42] INFO [MOGE] Dependencies ... Pass

[Sep 28 18:30:42] INFO [HOGE] Dependencies ... Pass

[Sep 28 18:30:42] INFO [localhost] Checking sudo settings...

[Sep 28 18:30:42] INFO [HOGE] sudo ... No need

[Sep 28 18:30:42] INFO [localhost] sudo ... No need

[Sep 28 18:30:42] INFO [MOGE] sudo ... No need

[Sep 28 18:30:42] INFO [localhost] Scannable servers are below...

HOGE localhost MOGE

スキャン開始！

$ vuls scan

[Sep 28 18:31:05]  INFO [localhost] Start scanning
[Sep 28 18:31:05]  INFO [localhost] config: /home/vulsuser/config.toml
[Sep 28 18:31:05]  INFO [localhost] Validating config...
[Sep 28 18:31:05]  INFO [localhost] Detecting Server/Container OS...
[Sep 28 18:31:05]  INFO [localhost] Detecting OS of servers...
[Sep 28 18:31:05]  INFO [localhost] (1/3) Detected: localhost: centos 7.4.1708
[Sep 28 18:31:06]  INFO [localhost] (2/3) Detected: MOGE: centos 6.8
[Sep 28 18:31:08]  INFO [localhost] (3/3) Detected: HOGE: centos 7.4.1708
[Sep 28 18:31:08]  INFO [localhost] Detecting OS of containers...
[Sep 28 18:31:08]  INFO [localhost] Detecting Platforms...
[Sep 28 18:31:20]  INFO [localhost] (1/3) HOGE is running on other
[Sep 28 18:31:20]  INFO [localhost] (2/3) localhost is running on other
[Sep 28 18:31:20]  INFO [localhost] (3/3) HOGE is running on other
[Sep 28 18:31:20]  INFO [localhost] Scanning vulnerabilities...
[Sep 28 18:31:20]  INFO [localhost] Scanning vulnerable OS packages...


One Line Summary
================
localhost centos7.4.1708 0 updatable packages
[Reboot Required] HOGE centos7.4.1708 0 updatable packages
[Reboot Required] MOGE centos6.8 212 updatable packages

$ vuls scan

[Sep 28 18:31:05] INFO [localhost] Start scanning

[Sep 28 18:31:05] INFO [localhost] config: /home/vulsuser/config.toml

[Sep 28 18:31:05] INFO [localhost] Validating config...

[Sep 28 18:31:05] INFO [localhost] Detecting Server/Container OS...

[Sep 28 18:31:05] INFO [localhost] Detecting OS of servers...

[Sep 28 18:31:05] INFO [localhost] (1/3) Detected: localhost: centos 7.4.1708

[Sep 28 18:31:06] INFO [localhost] (2/3) Detected: MOGE: centos 6.8

[Sep 28 18:31:08] INFO [localhost] (3/3) Detected: HOGE: centos 7.4.1708

[Sep 28 18:31:08] INFO [localhost] Detecting OS of containers...

[Sep 28 18:31:08] INFO [localhost] Detecting Platforms...

[Sep 28 18:31:20] INFO [localhost] (1/3) HOGE is running on other

[Sep 28 18:31:20] INFO [localhost] (2/3) localhost is running on other

[Sep 28 18:31:20] INFO [localhost] (3/3) HOGE is running on other

[Sep 28 18:31:20] INFO [localhost] Scanning vulnerabilities...

[Sep 28 18:31:20] INFO [localhost] Scanning vulnerable OS packages...

One Line Summary

================

localhost centos7.4.1708 0 updatable packages

[Reboot Required] HOGE centos7.4.1708 0 updatable packages

[Reboot Required] MOGE centos6.8 212 updatable packages

ショートテキスト

$ vuls report -format-short-text -cvedb-path=$PWD/cve.sqlite3 --lang=ja -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7

[Sep 28 03:22:00]  INFO [localhost] Validating config...
[Sep 28 03:22:00]  INFO [localhost] cve-dictionary: /home/vulsuser/cve.sqlite3
[Sep 28 03:22:00]  INFO [localhost] Loaded: /home/vulsuser/results/2017-09-28T03:21:31+09:00
[Sep 28 03:22:00]  INFO [localhost] Fill CVE detailed information with OVAL
[Sep 28 03:22:00]  WARN [localhost] OVAL entries of redhat 6 are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag
[Sep 28 03:22:00]  INFO [localhost] Fill CVE detailed information with CVE-DB
[Sep 28 03:22:00]  INFO [localhost] Fill CVE detailed information with OVAL
[Sep 28 03:22:00]  WARN [localhost] OVAL entries of redhat 7 are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag
[Sep 28 03:22:00]  INFO [localhost] Fill CVE detailed information with CVE-DB

[Reboot Required] MOGE (centos6.8)
===================================
Total: 0 (High:0 Medium:0 Low:0 ?:0)    212 updatable packages

No CVE-IDs are found in updatable packages.
212 updatable packages


[Reboot Required] localhost (centos7.4.1708)
============================================
Total: 0 (High:0 Medium:0 Low:0 ?:0)    0 updatable packages

No CVE-IDs are found in updatable packages.
0 updatable packages

$ vuls report -format-short-text -cvedb-path=$PWD/cve.sqlite3 --lang=ja -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7

[Sep 28 03:22:00] INFO [localhost] Validating config...

[Sep 28 03:22:00] INFO [localhost] cve-dictionary: /home/vulsuser/cve.sqlite3

[Sep 28 03:22:00] INFO [localhost] Loaded: /home/vulsuser/results/2017-09-28T03:21:31+09:00

[Sep 28 03:22:00] INFO [localhost] Fill CVE detailed information with OVAL

[Sep 28 03:22:00] WARN [localhost] OVAL entries of redhat 6 are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag

[Sep 28 03:22:00] INFO [localhost] Fill CVE detailed information with CVE-DB

[Sep 28 03:22:00] INFO [localhost] Fill CVE detailed information with OVAL

[Sep 28 03:22:00] WARN [localhost] OVAL entries of redhat 7 are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag

[Sep 28 03:22:00] INFO [localhost] Fill CVE detailed information with CVE-DB

[Reboot Required] MOGE (centos6.8)

===================================

Total: 0 (High:0 Medium:0 Low:0 ?:0) 212 updatable packages

No CVE-IDs are found in updatable packages.

212 updatable packages

[Reboot Required] localhost (centos7.4.1708)

============================================

Total: 0 (High:0 Medium:0 Low:0 ?:0) 0 updatable packages

No CVE-IDs are found in updatable packages.

0 updatable packages

フルテキストバージョン

こんな風に出ます。

$ vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3  -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja

1	$ vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3 -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja

TUIモード

$ vuls tui

1	$ vuls tui

メール送信

$ vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3  -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja -format-one-email -to-email

1	$ vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3 -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja -format-one-email -to-email

脆弱性情報DBの更新

$ go-cve-dictionary fetchnvd -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

$ go-cve-dictionary fetchjvn -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

$ goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7 > /dev/null 2>&1

$ go-cve-dictionary fetchnvd -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

$ go-cve-dictionary fetchjvn -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

$ goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7 > /dev/null 2>&1

定期実行設定

メール, 送信テスト

# yum install mailx

# echo "root送信テスト2206" | mail -s "mail2206" root

# yum install mailx

# echo "root送信テスト2206" | mail -s "mail2206" root

$ sudo vi /root/vulscheck.sh


#!/bin/bash

## ===========================
VULS_USER=vulsuser

## ===========================


cd /home/$VULS_USER

# CVE, OVALアップデート
go-cve-dictionary fetchnvd -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1
go-cve-dictionary fetchjvn -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1
goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7 > /dev/null 2>&1

# スキャンとメール送信
/home/$VULS_USER/go/bin/vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3  -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja -format-one-email -to-email > /dev/null 2>&1

$ sudo vi /root/vulscheck.sh

#!/bin/bash

## ===========================

VULS_USER=vulsuser

## ===========================

cd /home/$VULS_USER

# CVE, OVALアップデート

go-cve-dictionary fetchnvd -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

go-cve-dictionary fetchjvn -last2y -dbpath=$HOME/cve.sqlite3 > /dev/null 2>&1

goval-dictionary fetch-redhat -dbpath=$HOME/oval.sqlite3 5 6 7 > /dev/null 2>&1

# スキャンとメール送信

/home/$VULS_USER/go/bin/vuls report -format-full-text -cvedb-path=$PWD/cve.sqlite3 -ovaldb-path $HOME/oval.sqlite3 -cvss-over=7 --lang=ja -format-one-email -to-email > /dev/null 2>&1

$ sudo chmod +x /root/vulscheck.sh

1	$ sudo chmod +x /root/vulscheck.sh

テスト実行

$ sudo /root/vulscheck.sh

1	$ sudo /root/vulscheck.sh

Crontabに登録します。

# sudo vi /etc/crontab


SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=''

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

## 日曜 朝6時30分にVulsによるチェックを行う
30 6 * * 7 vulsuser /root/vulscheck.sh

# sudo vi /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=''

# For details see man 4 crontabs

# Example of job definition:

# .---------------- minute (0 - 59)

# | .------------- hour (0 - 23)

# | | .---------- day of month (1 - 31)

# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...

# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat

# | | | | |

# * * * * * user-name command to be executed

## 日曜朝6時30分にVulsによるチェックを行う

30 6 * * 7 vulsuser /root/vulscheck.sh

反映させます。

$ sudo systemctl enable crond

$ sudo systemctl restart crond

$ sudo systemctl enable crond

$ sudo systemctl restart crond

VulsRepoのインストール

$ cd

$ git clone https://github.com/usiusi360/vulsrepo.git

$ cd $HOME/vulsrepo/server

$ cp vulsrepo-config.toml.sample vulsrepo-config.toml

$ cd

$ git clone https://github.com/usiusi360/vulsrepo.git

$ cd $HOME/vulsrepo/server

$ cp vulsrepo-config.toml.sample vulsrepo-config.toml

設定を編集します。

$ vi vulsrepo-config.toml

[Server]
rootPath = "/home/vuls-user/vulsrepo"
resultsPath  = "/opt/vuls/results"
serverPort  = "5111"

#[Auth]
#authFilePath = "/home/vuls-user/.htdigest"
#realm = "vulsrepo_local"


↓変更


[Server]
rootPath = "/home/vulsuser/vulsrepo"
resultsPath  = "/home/vulsuser/results"
serverPort  = "5111"

#[Auth]
#authFilePath = "/home/vulsuser/.htdigest"
#realm = "vulsrepo_local"

$ vi vulsrepo-config.toml

[Server]

rootPath = "/home/vuls-user/vulsrepo"

resultsPath = "/opt/vuls/results"

serverPort = "5111"

#[Auth]

#authFilePath = "/home/vuls-user/.htdigest"

#realm = "vulsrepo_local"

↓変更

[Server]

rootPath = "/home/vulsuser/vulsrepo"

resultsPath = "/home/vulsuser/results"

serverPort = "5111"

#[Auth]

#authFilePath = "/home/vulsuser/.htdigest"

#realm = "vulsrepo_local"

$ pwd
/home/vulsuser/vulsrepo/server

1 2	$ pwd /home/vulsuser/vulsrepo/server

サーバ起動

$ nohup ./vulsrepo-server &

1	$ nohup ./vulsrepo-server &

※$ nohup スクリプト &
ログアウト後もバックグラウンドでスクリプトが継続して動きます。

アクセスする

http://192.168.aaa.bbb:5111/

jQuery toggle() 表示, 非表示を繰り返す

投稿日: 2017年9月28日2018年9月28日投稿者: 優

toggle()

表示、非表示を繰り返す

jQuery

<script>
$(".btn").click(function(){
	$(".box1").toggle(1000, 'linear');
});
</script>

$(".btn").click(function(){

$(".box1").toggle(1000, 'linear');

});

</script>

HTML

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>無題ドキュメント</title>

<style>

.box {

}
	
.box1 {
	width: 150px;
	height: 150px;
	background-color: cornflowerblue;
	display: block;
}
	
.btn{
    display: inline-block;
    text-decoration: none;
    background: #87befd;
    color: #FFF;
    width: 120px;
    height: 120px;
    line-height: 120px;
    border-radius: 50%;
    text-align: center;
    vertical-align: middle;
    overflow: hidden;
    box-shadow: 0px 0px 0px 5px #87befd;
    border: dashed 1px #FFF;
    transition: .4s;
	margin-top: 100px;
}

.btn:hover{
    background: #668ad8;
     box-shadow: 0px 0px 0px 5px #668ad8;
}

</style>

</head>

<body>

<span class="box1"></span>


<a href="#" class="btn">BUTTON</a>
	
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(".btn").click(function(){
	$(".box1").toggle(1000, 'linear');
});
</script>
</body>
</html>

<!doctype html>

<html>

<head>

<title>無題ドキュメント</title>

<style>

.box {

}

.box1 {

width: 150px;

height: 150px;

background-color: cornflowerblue;

display: block;

}

.btn{

display: inline-block;

text-decoration: none;

background: #87befd;

color: #FFF;

width: 120px;

height: 120px;

line-height: 120px;

border-radius: 50%;

text-align: center;

vertical-align: middle;

overflow: hidden;

box-shadow: 0px 0px 0px 5px #87befd;

border: dashed 1px #FFF;

transition: .4s;

margin-top: 100px;

}

.btn:hover{

background: #668ad8;

box-shadow: 0px 0px 0px 5px #668ad8;

}

</style>

</head>

<body>

<a href="#" class="btn">BUTTON</a>

$(".btn").click(function(){

$(".box1").toggle(1000, 'linear');

});

</script>

</body>

</html>

DEMO

2乗すること、√を付与するということ

投稿日: 2017年9月28日2018年9月28日投稿者: 優

結論

nを２乗する = 1辺がnの正方形の面積
nを√にする = 面積がnである正方形の一辺の長さ

１辺が12cm, 一辺が3cmの長方形の面積

12 × 3
= 36cm^2の長方形になります。

これに√をつけると

√36
= 6

この6ってなに？

36cm^2の長方形を正方形と見た時 = 1辺を平均化

その正方形の一辺の長さが6cmということを表します。

統計学の分散

(サンプルデータ – 平均) = 偏差

分散 = 偏差^2によって得られた複数の正方形の面積の平均

統計学の標準偏差

分散 = 正方形の面積の平均

標準偏差 = √分散

標準偏差 = 複数の正方形の一辺の長さの平均

商売の原則

投稿日: 2017年9月27日2018年9月28日投稿者: 優

利益率が高い

ITは良い商品、
プラットフォーム開発なども良い

在庫を持たない、ロスがない

ITならハードウェアを在庫で扱わなければ良い

定期収入

毎月きちんと入ってくる、サブスクリプション
システム会社はシステムの保守料が大事

初期投資少ない、低リスク

投資やリスクが少ない = 何度でも改善し試行出来る
自分でアプリやサービスのプロトタイプを開発すれば、開発費は自分のみ
プラットフォームを開発して、ユーザさんに耕して貰う
パートナーとのコラボなど、自社だけですべてをやらない
APIや外部サービスなども利用して豊かに素早く。

Thunderbird IMAPでのメールデータ複製御引越

投稿日: 2017年9月27日2018年9月27日投稿者: 優

Thunderbird標準機能ではメール複製機能が弱いので、「Copy Folder」アドオンを追加して使って解決します。

軽いしおすすめ。

アドオン有効化後は右クリックから使えるようになり、
移行元から移行先アドレスとフォルダを指定して複製することが出来ます。

Logwatchのインストール

投稿日: 2017年9月27日2017年10月12日投稿者: 優

root宛メール設定

# vi /etc/aliases

# trap decode to catch security attacks
decode:         root

# Person who should get root's mail
#root:          marc
root:           marc
marc:           hoge@gmail.com

# vi /etc/aliases

# trap decode to catch security attacks

decode: root

# Person who should get root's mail

#root: marc

root: marc

marc: hoge@gmail.com

反映させる

# newaliases

1	# newaliases

メール送信テスト

# echo "root送信テスト" | mail -s "mail" root

1	# echo "root送信テスト" \| mail -s "mail" root

Logwatchのインストール

# yum install logwatch

1	# yum install logwatch

# vi /etc/logwatch/conf/logwatch.conf


# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

MailTo = root
LogDir = /var/log
Detail = High
Archives = Yes
HostLimit = Yes
Range = yesterday



※複数にメールを送りたい場合は

MailTo = hoge@gmail.com, hoge2@gmail.com

# vi /etc/logwatch/conf/logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

MailTo = root

LogDir = /var/log

Detail = High

Archives = Yes

HostLimit = Yes

Range = yesterday

※複数にメールを送りたい場合は

MailTo = hoge@gmail.com, hoge2@gmail.com

動作テスト

※CentOS7の場合

# logwatch --output stdout

1	# logwatch --output stdout

※CentOS6の場合

# logwatch --print

1	# logwatch --print

 ################### Logwatch 7.4.0 (03/01/11) ####################
        Processing Initiated: Tue Sep 26 22:16:23 2017
        Date Range Processed: yesterday
                              ( 2017-Sep-25 )
                              Period is day.
        Detail Level of Output: 10
        Type of Output/Format: stdout / text
        Logfiles for Host: www.example.net
 ##################################################################

 --------------------- Disk Space Begin ------------------------

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/xvda1       99G  1.4G   92G   2% /
 devtmpfs        3.2G     0  3.2G   0% /dev


 ---------------------- Disk Space End -------------------------


 ###################### Logwatch End #########################

################### Logwatch 7.4.0 (03/01/11) ####################

Processing Initiated: Tue Sep 26 22:16:23 2017

Date Range Processed: yesterday

( 2017-Sep-25 )

Period is day.

Detail Level of Output: 10

Type of Output/Format: stdout / text

Logfiles for Host: www.example.net

##################################################################

--------------------- Disk Space Begin ------------------------

Filesystem Size Used Avail Use% Mounted on

/dev/xvda1 99G 1.4G 92G 2% /

devtmpfs 3.2G 0 3.2G 0% /dev

---------------------- Disk Space End -------------------------

###################### Logwatch End #########################

メール送信テスト

# logwatch --output mail
or
# logwatch --mailto hoge@example.net

# logwatch --output mail

# logwatch --mailto hoge@example.net

定期実行スクリプトの確認

# cat /etc/cron.daily/0logwatch

#!/bin/sh

#Set logwatch location
LOGWATCH_SCRIPT="/usr/sbin/logwatch"
#Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf,
#but some are only for the nightly cronrun such as --output mail and should be set here.
#Other options to consider might be "--format html" or "--encode base64", man logwatch for more details.
OPTIONS="--output mail"

#Call logwatch
$LOGWATCH_SCRIPT $OPTIONS

exit 0

# cat /etc/cron.daily/0logwatch

#!/bin/sh

#Set logwatch location

LOGWATCH_SCRIPT="/usr/sbin/logwatch"

#Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf,

#but some are only for the nightly cronrun such as --output mail and should be set here.

#Other options to consider might be "--format html" or "--encode base64", man logwatch for more details.

OPTIONS="--output mail"

#Call logwatch

$LOGWATCH_SCRIPT $OPTIONS

exit 0

メールが飛ばない場合の対応

# yum install logwatch

1	# yum install logwatch

下記を行う

# cat /usr/share/logwatch/default.conf/logwatch.conf >> /etc/logwatch/conf/logwatch.conf

1	# cat /usr/share/logwatch/default.conf/logwatch.conf >> /etc/logwatch/conf/logwatch.conf

設定を修正します。※任意

# vi /etc/logwatch/conf/logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)


Detail = Low

↓変更

Detail = High


# ホスト名指定
HostName = www.example.com


------------------------------------------------------
※複数にメールを送りたい場合は

MailTo = hoge@gmail.com, hoge2@gmail.com
------------------------------------------------------

# vi /etc/logwatch/conf/logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

Detail = Low

↓変更

Detail = High

# ホスト名指定

HostName = www.example.com

------------------------------------------------------

※複数にメールを送りたい場合は

MailTo = hoge@gmail.com, hoge2@gmail.com

------------------------------------------------------

動作テスト

# logwatch --output stdout

# logwatch --output mail

# logwatch --output stdout

# logwatch --output mail

rkhunterのインストール Rootkit検知

投稿日: 2017年9月26日2018年10月3日投稿者: 優

今回はRootkitを検知するrkhunterをインストールするTipsです。

Rootkitは不正侵入したサーバに、クラッカーがまず行うことはRootkitのインストール。Rootkitはバックドアやボットを設置、セキュリティを無効化するクラッキング用のツールがまとめられた一揃いの嫁入り道具です。

rkhunterはそのRootkitの痕跡を検知して教えてくれます。

何年も管理されていないサーバ、世の中にたくさんあります。管理されているサーバであっても不正侵入から気付くのは早くて100日以降と言われています。RootKit検知ツールによって異常を感知し、早期発見が被害を最小化します。

# yum install epel-release

# yum --enablerepo=epel install rkhunter

# yum install epel-release

# yum --enablerepo=epel install rkhunter

エラー対策

Warning: Checking for prerequisites [ Warning ]
Unable to find ‘file’ command – all script replacement checks will be skipped.
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option ‘PermitRootLogin’: no
Rkhunter configuration option ‘ALLOW_SSH_ROOT_USER’: unset

# vi /etc/rkhunter.conf


#ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_ROOT_USER=unset

↓変更

#ALLOW_SSH_ROOT_USER=no
#ALLOW_SSH_ROOT_USER=unset
ALLOW_SSH_ROOT_USER=no

# vi /etc/rkhunter.conf

#ALLOW_SSH_ROOT_USER=no

ALLOW_SSH_ROOT_USER=unset

↓変更

#ALLOW_SSH_ROOT_USER=no

#ALLOW_SSH_ROOT_USER=unset

ALLOW_SSH_ROOT_USER=no

# yum install file

1	# yum install file

データベースのアップデート

システムのファイル情報アップデート

# rkhunter --propupd

[ Rootkit Hunter version 1.4.4 ]
File created: searched for 174 files, found 121

# rkhunter --propupd

[ Rootkit Hunter version 1.4.4 ]

File created: searched for 174 files, found 121

検知用データベースのアップデート

# rkhunter --update

[ Rootkit Hunter version 1.4.4 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Updated ]
  Checking file programs_bad.dat                             [ Updated ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ Updated ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ Updated ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ Updated ]
  Checking file i18n/tr.utf8                                 [ Updated ]
  Checking file i18n/zh                                      [ Updated ]
  Checking file i18n/zh.utf8                                 [ Updated ]
  Checking file i18n/ja                                      [ Updated ]

# rkhunter --update

[ Rootkit Hunter version 1.4.4 ]

Checking rkhunter data files...

Checking file mirrors.dat [ Updated ]

Checking file programs_bad.dat [ Updated ]

Checking file backdoorports.dat [ No update ]

Checking file suspscan.dat [ Updated ]

Checking file i18n/cn [ No update ]

Checking file i18n/de [ Updated ]

Checking file i18n/en [ No update ]

Checking file i18n/tr [ Updated ]

Checking file i18n/tr.utf8 [ Updated ]

Checking file i18n/zh [ Updated ]

Checking file i18n/zh.utf8 [ Updated ]

Checking file i18n/ja [ Updated ]

チェックしてみよう

# rkhunter --check --sk

※--rwoをつけると警告がある場合のみ結果が表示されます
# rkhunter --check --sk --rwo

# rkhunter --check --sk

※--rwoをつけると警告がある場合のみ結果が表示されます

# rkhunter --check --sk --rwo

動作を確認してくださいね。

定期実行スクリプトの作成

# vi /root/rkhunter.sh


#!/bin/sh

## -------------------------------

MAILTO=root
## -------------------------------

MAILBODY=`mktemp temp.XXXXXX`


# rootkit判定データベース更新
rkhunter --update > /dev/null 2>&1

# チェック実行 異常があればメールを行う
rkhunter -c --sk --cronjob --rwo 2>&1 > $MAILBODY
if [ -s $MAILBODY ]; then
    mail -s "[Rootkit Hunter] `hostname` `date +%Y-%m-%d`" $MAILTO < $MAILBODY
fi


rm -f $MAILBODY

# vi /root/rkhunter.sh

#!/bin/sh

## -------------------------------

MAILTO=root

## -------------------------------

MAILBODY=`mktemp temp.XXXXXX`

# rootkit判定データベース更新

rkhunter --update > /dev/null 2>&1

# チェック実行異常があればメールを行う

rkhunter -c --sk --cronjob --rwo 2>&1 > $MAILBODY

if [ -s $MAILBODY ]; then

mail -s "[Rootkit Hunter] `hostname` `date +%Y-%m-%d`" $MAILTO < $MAILBODY

rm -f $MAILBODY

# chmod +x /root/rkhunter.sh

1	# chmod +x /root/rkhunter.sh

# sh /root/rkhunter.sh

1	# sh /root/rkhunter.sh

# vi /etc/crontab

※下記を追加

## 4時40分にrkhunter実行
20 4 * * * root /root/rkhunter.sh

# vi /etc/crontab

※下記を追加

## 4時40分にrkhunter実行

20 4 * * * root /root/rkhunter.sh

これで設定はおしまい。rkhunter以外にもセキュリティ系のミドルウェアは豊富ですので、調べてもみるのも面白いかと思います。

お疲れ様です。

AIDE ファイル改竄検知

投稿日: 2017年9月26日2018年10月3日投稿者: 優

AIDEでファイルの改ざんチェック

寄稿しました。

AIDEのインストール

# yum install aide

1	# yum install aide

# vi /etc/aide.conf

# 監視対象ディレクトリの指定
/var/www/vhosts NORMAL

#追加設定 対象除去
!/var/log/.*~
!/dev
!/tmp
!/proc
!/sys
!/root

# vi /etc/aide.conf

# 監視対象ディレクトリの指定

/var/www/vhosts NORMAL

#追加設定対象除去

!/var/log/.*~

!/dev

!/tmp

!/proc

!/sys

!/root

データファイル作成 ※初期インストール状態で 1～2分程度かかる

# aide -i

AIDE, version 0.15.1

### AIDE database at /var/lib/aide/aide.db.new.gz initialized.

# aide -i

AIDE, version 0.15.1

### AIDE database at /var/lib/aide/aide.db.new.gz initialized.

リネーム

# mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

1	# mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

改竄チェック

# touch aidetest.txt

1	# touch aidetest.txt

改ざんチェック！

# aide -C


AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2017-09-26 15:55:16

Summary:
  Total number of files:        51192
  Added files:                  2
  Removed files:                0
  Changed files:                1


---------------------------------------------------
Added files:
---------------------------------------------------

added: /root/aidetest.txt
added: /var/log/lastlog

---------------------------------------------------
Changed files:
---------------------------------------------------

changed: /etc/aide.conf

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------

# aide -C

AIDE 0.15.1 found differences between database and filesystem!!

Start timestamp: 2017-09-26 15:55:16

Summary:

Total number of files: 51192

Added files: 2

Removed files: 0

Changed files: 1

---------------------------------------------------

Added files:

---------------------------------------------------

added: /root/aidetest.txt

added: /var/log/lastlog

---------------------------------------------------

Changed files:

---------------------------------------------------

changed: /etc/aide.conf

---------------------------------------------------

Detailed information about changes:

---------------------------------------------------

aideに-uオプションをつけると、
ファイルの改ざんチェックとDBの更新を行ってくれます。

# aide -u

# aide -u

ログロテーション設定

# vi /etc/logrotate.d/aide

/var/log/aide/*.log {
        weekly
        missingok
        rotate 4
        compress
        delaycompress
        copytruncate
        minsize 100k
}


↓変更


/var/log/aide/*.log {
        daily
        missingok
        rotate 7
        compress
        delaycompress
}

# vi /etc/logrotate.d/aide

/var/log/aide/*.log {

weekly

missingok

rotate 4

compress

delaycompress

copytruncate

minsize 100k

}

↓変更

/var/log/aide/*.log {

daily

missingok

rotate 7

compress

delaycompress

}

定期実行設定

メールコマンドをインストール

# yum install mailx

1	# yum install mailx

定期チェックスクリプト作成

# vi /root/aidechecker.sh


#!/bin/bash
 
MAILTO=root
MAILFROM=AIDE@`hostname`
LOGFILE=/var/log/aide/aide.log
AIDEDIR=/var/lib/aide
 
 
/usr/sbin/aide  -u > $LOGFILE
mv -f $AIDEDIR/aide.db.new.gz $AIDEDIR/aide.db.gz
 
x=$(grep "Looks okay" $LOGFILE | wc -l)
if [ $x -ne 1 ]
then
  echo "$(egrep "added|changed|removed" $LOGFILE)" | /bin/mail -s "AIDE DETECTED CHANGES" -r $MAILFROM $MAILTO
fi
exit

# vi /root/aidechecker.sh

#!/bin/bash

MAILTO=root

MAILFROM=AIDE@`hostname`

LOGFILE=/var/log/aide/aide.log

AIDEDIR=/var/lib/aide

/usr/sbin/aide -u > $LOGFILE

mv -f $AIDEDIR/aide.db.new.gz $AIDEDIR/aide.db.gz

x=$(grep "Looks okay" $LOGFILE | wc -l)

if [ $x -ne 1 ]

then

echo "$(egrep "added|changed|removed" $LOGFILE)" | /bin/mail -s "AIDE DETECTED CHANGES" -r $MAILFROM $MAILTO

exit

権限の付与を行います。

# chmod +x /root/aidechecker.sh

1	# chmod +x /root/aidechecker.sh

Crontabの設定

# vi /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
#MAILTO=root
MAILTO=''

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

## 4時20分にAIDEにより改ざんチェックを行う
20 4 * * * root /root/aidechecker.sh > /dev/null 2>&1

# vi /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

#MAILTO=root

MAILTO=''

# For details see man 4 crontabs

# Example of job definition:

# .---------------- minute (0 - 59)

# | .------------- hour (0 - 23)

# | | .---------- day of month (1 - 31)

# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...

# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat

# | | | | |

# * * * * * user-name command to be executed

## 4時20分にAIDEにより改ざんチェックを行う

20 4 * * * root /root/aidechecker.sh > /dev/null 2>&1

反映を行います。

# systemctl enable crond
# systemctl restart crond

1 2	# systemctl enable crond # systemctl restart crond

vsftpd よく使う設定

投稿日: 2017年9月26日2017年9月29日投稿者: 優

# cd /etc/pki/tls/certs/

1	# cd /etc/pki/tls/certs/

# /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout server.key -nodes -x509 -days 36500 -out ftp.crt -set_serial 0

Generating a 1024 bit RSA private key
..++++++
.........................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Nakano-ku
Organization Name (eg, company) [Default Company Ltd]:Hoge Co., Ltd.
Organizational Unit Name (eg, section) []:Management Department
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:postmaster@example.com

# /usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout server.key -nodes -x509 -days 36500 -out ftp.crt -set_serial 0

Generating a 1024 bit RSA private key

..++++++

.........................++++++

writing new private key to 'server.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP

State or Province Name (full name) []:Tokyo

Locality Name (eg, city) [Default City]:Nakano-ku

Organization Name (eg, company) [Default Company Ltd]:Hoge Co., Ltd.

Organizational Unit Name (eg, section) []:Management Department

Common Name (eg, your name or your server's hostname) []:www.example.com

Email Address []:postmaster@example.com

# cat server.key ftp.crt > ftp.pem
# chmod 400 ftp.*

1 2	# cat server.key ftp.crt > ftp.pem # chmod 400 ftp.*

# yum install vsftpd

1	# yum install vsftpd

# systemctl start vsftpd
# systemctl enable vsftpd

1 2	# systemctl start vsftpd # systemctl enable vsftpd

# vi /etc/vsftpd/vsftpd.conf


pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

#匿名の接続を許可しない
anonymous_enable=NO

#アスキーファイルの送受信の許可(メモ帳で読めるファイル)
ascii_upload_enable=YES
ascii_download_enable=YES

#バージョン情報の秘匿
ftpd_banner=Welcome to blah FTP service.

#自分のユーザディレクトリより上層にいけなくする
chroot_local_user=YES

#通常ユーザとchrootユーザ設定。この場合chroot_listに書かれると上位にいける
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd/chroot_list

#ディレクトリごと削除できるようにする。
ls_recurse_enable=YES
pam_service_name=vsftpd
tcp_wrappers=YES

#/etc/vsftpd/user_listのユーザーだけを許可。
userlist_deny=NO

#設定を簡単にするためにPASVのポート範囲を限定。
pasv_min_port=50000
pasv_max_port=50030

#ユーザーの初期アクセスディレクトリ。（無効にしています、設定したい人は解除して下さい）
#wwwで/home/ユーザー名/www
#local_root=www
user_config_dir=/etc/vsftpd/vsftpd_user_conf

#ユーザのホームディレクトリより上位のディレクトリへの移動を不許可に。
chroot_local_user=YES

#.ファイルをアップ可能に
force_dot_files=YES

#ログの形式をvsftpd.logに、ログイン時の記録も取る。
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=NO
log_ftp_protocol=YES

#SSLを設定する場合(条件：証明書適用済み)
ssl_enable=YES
pasv_addr_resolve=YES

#グローバルIPを指定する
pasv_address=153.xxx.yyy.46
rsa_cert_file=/etc/pki/tls/certs/ftp.pem
require_ssl_reuse=NO
force_local_logins_ssl=NO
force_local_data_ssl=NO
port_enable=YES
allow_anon_ssl=NO

#時刻設定
use_localtime=YES

#refusing to run with writable anonymous root inside chroot()対策 ※7から
allow_writeable_chroot=YES


#ポート
listen_port=xxx21


# IPv6の禁止
listen=YES
listen_ipv6=NO

# vi /etc/vsftpd/vsftpd.conf

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

#匿名の接続を許可しない

anonymous_enable=NO

#アスキーファイルの送受信の許可(メモ帳で読めるファイル)

ascii_upload_enable=YES

ascii_download_enable=YES

#バージョン情報の秘匿

ftpd_banner=Welcome to blah FTP service.

#自分のユーザディレクトリより上層にいけなくする

chroot_local_user=YES

#通常ユーザとchrootユーザ設定。この場合chroot_listに書かれると上位にいける

#chroot_list_enable=YES

#chroot_list_file=/etc/vsftpd/chroot_list

#ディレクトリごと削除できるようにする。

ls_recurse_enable=YES

pam_service_name=vsftpd

tcp_wrappers=YES

#/etc/vsftpd/user_listのユーザーだけを許可。

userlist_deny=NO

#設定を簡単にするためにPASVのポート範囲を限定。

pasv_min_port=50000

pasv_max_port=50030

#ユーザーの初期アクセスディレクトリ。（無効にしています、設定したい人は解除して下さい）

#wwwで/home/ユーザー名/www

#local_root=www

user_config_dir=/etc/vsftpd/vsftpd_user_conf

#ユーザのホームディレクトリより上位のディレクトリへの移動を不許可に。

chroot_local_user=YES

#.ファイルをアップ可能に

force_dot_files=YES

#ログの形式をvsftpd.logに、ログイン時の記録も取る。

xferlog_file=/var/log/vsftpd.log

xferlog_std_format=NO

log_ftp_protocol=YES

#SSLを設定する場合(条件：証明書適用済み)

ssl_enable=YES

pasv_addr_resolve=YES

#グローバルIPを指定する

pasv_address=153.xxx.yyy.46

rsa_cert_file=/etc/pki/tls/certs/ftp.pem

require_ssl_reuse=NO

force_local_logins_ssl=NO

force_local_data_ssl=NO

port_enable=YES

allow_anon_ssl=NO

#時刻設定

use_localtime=YES

#refusing to run with writable anonymous root inside chroot()対策 ※7から

allow_writeable_chroot=YES

#ポート

listen_port=xxx21

# IPv6の禁止

listen=YES

listen_ipv6=NO

#  /etc/vsftpd/user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
hogeuser ←接続ユーザ

# /etc/vsftpd/user_list

# vsftpd userlist

# If userlist_deny=NO, only allow users in this file

# If userlist_deny=YES (default), never allow users in this file, and

# do not even prompt for a password.

# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers

# for users that are denied.

root

bin

daemon

adm

sync

shutdown

halt

mail

news

uucp

operator

games

nobody

hogeuser ←接続ユーザ

ログイン後のディレクトリを指定

# mkdir /etc/vsftpd/vsftpd_user_conf

1	# mkdir /etc/vsftpd/vsftpd_user_conf

# vi /etc/vsftpd/vsftpd_user_conf/hogeuser

local_root=/var/www/

# vi /etc/vsftpd/vsftpd_user_conf/hogeuser

local_root=/var/www/

反映させる。

# systemctl reload vsftpd

1	# systemctl reload vsftpd

Buffalo Tera Station + AWS S3連携

投稿日: 2017年9月25日2018年9月25日投稿者: 優

AWS S3

ストレージ：約3.3円/1GB
アップロード：無料
ダウンロード：約14円/1GB

AWS S3 Buffalo 設定ガイド

http://buffalo.jp/products/b-solutions/backup-ts/amazon-guide.html

G Suite登録

投稿日: 2017年9月25日2018年9月25日投稿者: 優

事前準備

ドメインの取得
今回はValue Domain

流れ

Gsuiteに申し込み
https://gsuite.google.co.jp/intl/ja/
ビジネス用アカウント(管理)の作成

メールアドレスの設定
メールサーバをGmailにするので、MXレコードをValue DomainのDNSに設定

mx ASPMX.L.GOOGLE.COM. 1
mx ALT1.ASPMX.L.GOOGLE.COM. 5
mx ALT2.ASPMX.L.GOOGLE.COM. 5
mx ASPMX2.GOOGLEMAIL.COM. 10
mx ASPMX3.GOOGLEMAIL.COM. 10
mx ASPMX4.GOOGLEMAIL.COM. 10
mx ASPMX5.GOOGLEMAIL.COM. 10

mx ASPMX.L.GOOGLE.COM. 1

mx ALT1.ASPMX.L.GOOGLE.COM. 5

mx ALT2.ASPMX.L.GOOGLE.COM. 5

mx ASPMX2.GOOGLEMAIL.COM. 10

mx ASPMX3.GOOGLEMAIL.COM. 10

mx ASPMX4.GOOGLEMAIL.COM. 10

mx ASPMX5.GOOGLEMAIL.COM. 10

ドメインの確認とメールの設定
Google側で30分程度かかるので待つ

H2Oってなにもの？

インストール

MariaDBのインストール

WordPressのダウンロード

PHP7のインストール

H2Oのインストール

Firewalld設定

アクセスしてみよう

ベンチマーク ab

カンファレンス用PCサーバ 2CPU5GB

ConoHa 3CPU2GB

注意

3次関数の性質

変曲点

変曲点の導出

Vulsサーバのインストール+設定

辞書ファイルライブラリのインストール

脆弱性データベース取得

“クライアント側”サーバ作業 ※検査される対象

Vulsサーバ側作業

定期実行設定

VulsRepoのインストール

toggle()

jQuery

HTML

結論

１辺が12cm, 一辺が3cmの長方形の面積

これに√をつけると

この6ってなに？

統計学の分散

統計学の標準偏差

利益率が高い

在庫を持たない、ロスがない

定期収入

初期投資少ない、低リスク

root宛メール設定

Logwatchのインストール

動作テスト

メールが飛ばない場合の対応

rkhunterはそのRootkitの痕跡を検知して教えてくれます。

エラー対策

データベースのアップデート

チェックしてみよう

定期実行スクリプトの作成

AIDEのインストール

改竄チェック

定期実行設定

AWS S3

AWS S3 Buffalo 設定ガイド

事前準備

流れ

カンファレンス用PCサーバ　2CPU5GB