EC2の脆弱性対応で何が使える？ Inspector や SSM あたりを整理する #nakanoshima_dev

&$ͷ੬ऑੑରԠͰԿ͕࢖͑Δʁ *OTQFDUPS΍ 44.͋ͨΓΛ੔ཧ͢Δ

OBLBOPTIJNB@EFW ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ d"845PQ&OHJOFFST ˔ ޷͖ͳ΋ͷ
˓ "84"84$-* ˓ "84Ҏ֎πʔϦϯάɺ&NBDTɺѪೣ IUUQTEFWDMBTTNFUIPEKQBVUIPSLBXBIBSBNBTBIJSP

OBLBOPTIJNB@EFW ΞδΣϯμ ˔ ੬ऑੑରԠ͸ԿΛ͢Δʁ ˔ ࣝผ΍ద༻Ͱ໾ཱٕͭज़ GPS&$˞ ˔ ͓ΘΓʹ ˞ओʹ
-JOVY04 "NB[PO-JOVY౳ ʹߜͬͨ࿩ͱ͠·͢

ͦ΋ͦ΋੬ऑੑରԠ͸ԿΛ͢Δʁ

OBLBOPTIJNB@EFW ࣝผͱద༻ɺϓϩηεΛҙࣝ͢Δ

OBLBOPTIJNB@EFW ࢀߟϓϩηεྫ ը૾Ҿ༻੬ऑੑରࡦͷޮՌతͳਐΊํʢπʔϧ׆༻ฤʣ ʙ ੬ऑੑݕ஌πʔϧ 7VMTΛར༻ͨ͠੬ऑੑରࡦ ʙ IUUQTXXXJQBHPKQTFDVSJUZSFQPSUTUFDIOJDBMXBUDIIKVPKNPBUUQEG

ࣝผͰ໾ཱٕͭज़ GPS&$

OBLBOPTIJNB@EFW ʮιϑτ΢ΣΞͷ೺Ѳʯͱʮ੬ऑੑͷಛఆʯʹϑΥʔΧε ˞ʮ੬ऑੑؔ࿈৘ใͷ৘ใऩूʯ͸ׂѪ

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ ιϑτ΢ΣΞͷ೺Ѳ

OBLBOPTIJNB@EFW 5JQT"-Ͱ͸ EOGΛ࢖͏ ZVN͸ EOG΁ͷϙΠϯλʹͳ͍ͬͯΔɻ ιϑτ΢ΣΞͷ೺Ѳ 5IFEFGBVMUTPGUXBSFQBDLBHFNBOBHFNFOUUPPMJO"-JT%/' %/' JTUIFTVDDFTTPSUP:6. UIFQBDLBHFNBOBHFNFOUUPPMJO"-
r Ҿ༻1BDLBHFNBOBHFNFOUUPPM "NB[PO-JOVY

OBLBOPTIJNB@EFW "84ͳΒ r44.*OWFOUPSZʂ ˞44."844ZTUFNT.BOBHFSͷུশ ˔ αʔόʔͷΠϯϕϯτϦσʔλΛऩूͯ͘͠ΕΔػೳ ˔ ऩूͯ͘͠ΕΔσʔλͷྫ ˓ 04৘ใ
˓ ΞϓϦέʔγϣϯ৘ใ ˓ ωοτϫʔΫ৘ใ ͳͲ ιϑτ΢ΣΞͷ೺Ѳ

OBLBOPTIJNB@EFW ৄ͘͠͸ͪ͜ΒΛݟͯͶ ιϑτ΢ΣΞͷ೺Ѳ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTNJEPTVKJUFDITTNJOWFOUPSZ

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW "84ͳΒ r"NB[PO*OTQFDUPS ˔ "84ͷ੬ऑੑεΩϟϯαʔϏε ˔ ܧଓతͳεΩϟϯ ˔ τϦΞʔδʹ໾ཱͭ৘ใΛ෇༩͠ ͯϨϙʔτΛࣗಈੜ੒
੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ Πϯελϯεผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ ੬ऑੑৄࡉ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ ੬ऑੑผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW 5JQT*OTQFDUPSͷ ΤʔδΣϯτϨε਍அ ʹ Ұൠఏڙ։࢝ (" ͞ΕͨػೳͰ͢ɻ ैདྷ͸&$ʹ44.ΤʔδΣϯτಋೖ͕ඞཁͰ͕ͨ͠ɺ ΤʔδΣϯτແ͠εΩϟϯ΋ՄೳʹͳΓ·ͨ͠ɻ ࢓૊Έͱͯ͠͸&#4εφοϓγϣοτΛ׆༻͠·͢ɻ
੬ऑੑͷಛఆ

ద༻Ͱ໾ཱٕͭज़ GPS&$

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ XJUI44) ύονద༻

OBLBOPTIJNB@EFW "84ͳΒ r44.Λ࢖ͬͯεςοϓΞοϓʂ ύονద༻

OBLBOPTIJNB@EFW ৄ͘͠͸ͪ͜ΒΛݟͯͶ ύονద༻ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBMQBUDIQBUUFSOT

͓ΘΓ

OBLBOPTIJNB@EFW ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·͢ʂ

OBLBOPTIJNB@EFW ࢀߟ ˔ ੬ऑੑରࡦͷޮՌతͳਐΊํʢπʔϧ׆༻ฤʣ c*1" ˔ "844ZTUFNT.BOBHFSͱ͸ c"84 ˔ "NB[PO*OTQFDUPSͱ͸
c"84 ˔ 44.*OWFOUPSZΛ࢖ͬͯศརʹ &$୨Է͠ʢϋϚΓͲ͜ΖΛఴ͑ͯʣ NJEPTVKJ@UFDIc%FWFMPQFST*0 ˔ ʲ੬ऑੑରԠʳ"NB[PO-JOVYͷ &$Πϯελϯε΁ಛఆύονΛ౰ͯΔํ๏Λͭ c%FWFMPQFST*0

EC2の脆弱性対応で何が使える？ Inspector や SSM あたりを整理する #nakanoshima_dev

EC2の脆弱性対応で何が使える？ Inspector や SSM あたりを整理する #nakanoshima_dev

MasahiroKawahara

More Decks by MasahiroKawahara

Other Decks in Technology

Featured

Transcript

&$ͷ੬ऑੑରԠͰԿ͕࢖͑Δʁ *OTQFDUPS΍ 44.͋ͨΓΛ੔ཧ͢Δ

OBLBOPTIJNB@EFW ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ d"845PQ&OHJOFFST ˔ ޷͖ͳ΋ͷ

OBLBOPTIJNB@EFW ΞδΣϯμ ˔ ੬ऑੑରԠ͸ԿΛ͢Δʁ ˔ ࣝผ΍ద༻Ͱ໾ཱٕͭज़ GPS&$˞ ˔ ͓ΘΓʹ ˞ओʹ

ͦ΋ͦ΋੬ऑੑରԠ͸ԿΛ͢Δʁ

OBLBOPTIJNB@EFW ࣝผͱద༻ɺϓϩηεΛҙࣝ͢Δ

OBLBOPTIJNB@EFW ࢀߟϓϩηεྫ ը૾Ҿ༻੬ऑੑରࡦͷޮՌతͳਐΊํʢπʔϧ׆༻ฤʣ ʙ ੬ऑੑݕ஌πʔϧ 7VMTΛར༻ͨ͠੬ऑੑରࡦ ʙ IUUQTXXXJQBHPKQTFDVSJUZSFQPSUTUFDIOJDBMXBUDIIKVPKNPBUUQEG

ࣝผͰ໾ཱٕͭज़ GPS&$

OBLBOPTIJNB@EFW ʮιϑτ΢ΣΞͷ೺Ѳʯͱʮ੬ऑੑͷಛఆʯʹϑΥʔΧε ˞ʮ੬ऑੑؔ࿈৘ใͷ৘ใऩूʯ͸ׂѪ

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ ιϑτ΢ΣΞͷ೺Ѳ

OBLBOPTIJNB@EFW 5JQT"-Ͱ͸ EOGΛ࢖͏ ZVN͸ EOG΁ͷϙΠϯλʹͳ͍ͬͯΔɻ ιϑτ΢ΣΞͷ೺Ѳ 5IFEFGBVMUTPGUXBSFQBDLBHFNBOBHFNFOUUPPMJO"-JT%/' %/' JTUIFTVDDFTTPSUP:6. UIFQBDLBHFNBOBHFNFOUUPPMJO"-

OBLBOPTIJNB@EFW "84ͳΒ r44.*OWFOUPSZʂ ˞44."844ZTUFNT.BOBHFSͷུশ ˔ αʔόʔͷΠϯϕϯτϦσʔλΛऩूͯ͘͠ΕΔػೳ ˔ ऩूͯ͘͠ΕΔσʔλͷྫ ˓ 04৘ใ

OBLBOPTIJNB@EFW ৄ͘͠͸ͪ͜ΒΛݟͯͶ ιϑτ΢ΣΞͷ೺Ѳ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTNJEPTVKJUFDITTNJOWFOUPSZ

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW "84ͳΒ r"NB[PO*OTQFDUPS ˔ "84ͷ੬ऑੑεΩϟϯαʔϏε ˔ ܧଓతͳεΩϟϯ ˔ τϦΞʔδʹ໾ཱͭ৘ใΛ෇༩͠ ͯϨϙʔτΛࣗಈੜ੒

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ Πϯελϯεผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ Πϯελϯεผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ ੬ऑੑৄࡉ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ ੬ऑੑผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW ࢀߟ*OTQFDUPSը໘ ੬ऑੑผ ੬ऑੑͷಛఆ

OBLBOPTIJNB@EFW 5JQT*OTQFDUPSͷ ΤʔδΣϯτϨε਍அ ʹ Ұൠఏڙ։࢝ (" ͞ΕͨػೳͰ͢ɻ ैདྷ͸&$ʹ44.ΤʔδΣϯτಋೖ͕ඞཁͰ͕ͨ͠ɺ ΤʔδΣϯτແ͠εΩϟϯ΋ՄೳʹͳΓ·ͨ͠ɻ ࢓૊Έͱͯ͠͸&#4εφοϓγϣοτΛ׆༻͠·͢ɻ

ద༻Ͱ໾ཱٕͭज़ GPS&$

OBLBOPTIJNB@EFW ૉ๿ͳํ๏ rύοέʔδ؅ཧπʔϧΛ࢖͏ XJUI44) ύονద༻

OBLBOPTIJNB@EFW "84ͳΒ r44.Λ࢖ͬͯεςοϓΞοϓʂ ύονద༻

OBLBOPTIJNB@EFW ৄ͘͠͸ͪ͜ΒΛݟͯͶ ύονద༻ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBMQBUDIQBUUFSOT

͓ΘΓ

OBLBOPTIJNB@EFW ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·͢ʂ

OBLBOPTIJNB@EFW ࢀߟ ˔ ੬ऑੑରࡦͷޮՌతͳਐΊํʢπʔϧ׆༻ฤʣ c1" ˔ "844ZTUFNT.BOBHFSͱ͸ c"84 ˔ "NB[POOTQFDUPSͱ͸