{"id":19808,"date":"2018-12-11T09:00:48","date_gmt":"2018-12-11T00:00:48","guid":{"rendered":"http:\/\/www.techscore.com\/blog\/?p=19808"},"modified":"2018-12-13T14:19:51","modified_gmt":"2018-12-13T05:19:51","slug":"amazon-inspector","status":"publish","type":"post","link":"https:\/\/www.techscore.com\/blog\/2018\/12\/11\/amazon-inspector\/","title":{"rendered":"Amazon Inspector \u306e\u8a55\u4fa1\u7d50\u679c\u8a73\u7d30\u3092\u81ea\u52d5\u901a\u77e5\u3067\u304d\u308b\u304b\u8abf\u3079\u3066\u307f\u305f"},"content":{"rendered":"<p>\u3053\u308c\u306f <a href=\"\/blog\/2018\/11\/22\/techscore-advent-calendar-2018\/\">TECHSCORE Advent Calendar 2018<\/a> \u306e11\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002<\/p>\n<p>\u6700\u8fd1<a href=\"https:\/\/aws.amazon.com\/jp\/inspector\/\" rel=\"noopener\" target=\"_blank\">Amazon Inspector<\/a> \u3092\u5229\u7528\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a55\u4fa1\u3092\u884c\u3046\u6a5f\u4f1a\u304c\u3042\u308a\u307e\u3057\u305f\u3002<br \/>\nAmazon Inspector \u306e\u300c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u3092 Amazon SNS \u3067\u901a\u77e5\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u5bfe\u51e6\u65b9\u6cd5\u7b49\u306e\u8a73\u7d30\u60c5\u5831\u306f\u542b\u307e\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u3001Amazon Inspector \u30b3\u30f3\u30bd\u30fc\u30eb\u306e\u8a55\u4fa1\u30ec\u30dd\u30fc\u30c8\u3067\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u826f\u3044\u6a5f\u4f1a\u306a\u306e\u3067\u3001\u4eca\u56de\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u3092\u30c8\u30ea\u30ac\u30fc\u306b\u3057\u3066\u8a55\u4fa1\u7d50\u679c\u306e\u8a73\u7d30\u3092\u81ea\u52d5\u7684\u306b\u901a\u77e5\u3067\u304d\u306a\u3044\u304b\u3092\u8abf\u3079\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n<h1>\u524d\u63d0<\/h1>\n<ul>\n<li>Amazon Inspector \u306e\u8a55\u4fa1\u304c\u5b8c\u4e86\u3057\u3066\u3044\u308b\u3053\u3068\u3002<\/li>\n<li>\u8a55\u4fa1\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u306e\u901a\u77e5\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3002<\/li>\n<li>AWS CLI \u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3001Amazon Inspector \u306e API \u3092\u53e9\u3051\u308b\u30b5\u30fc\u30d0\u304c\u3042\u308b\u3053\u3068\u3002<\/li>\n<\/ul>\n<h1>\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u306e\u53d7\u4fe1<\/h1>\n<p>Amazon Inspector \u306b\u3088\u308b\u8a55\u4fa1\u304c\u5b8c\u4e86\u3059\u308b\u3068\u3001\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u304c\u8a2d\u5b9a\u3057\u305fSNS \u30c8\u30d4\u30c3\u30af\u306e\u901a\u77e5\u5148\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002<br \/>\n\u4ee5\u4e0b\u306f\u898b\u3084\u3059\u3044\u3088\u3046\u306b\u5fc5\u8981\u306a\u90e8\u5206\u3092\u629c\u7c8b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre>\n{\n    \"template\": \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\",\n    \"findingsCount\": \"{arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:rulespackage\/x-xxxxxxxxxx, arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:rulespackage\/x-xxxxxxxxxx, arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:rulespackage\/x-xxxxxxxxxx, arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:rulespackage\/x-xxxxxxxxxx, arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:rulespackage\/x-xxxxxxxxxx}\",\n    \"run\": \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\",\n    \"event\": \"ASSESSMENT_RUN_COMPLETED\",\n    \"target\": \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\"\n}\n<\/pre>\n<p><strong>run <\/strong>\u306b\u306f\u300c\u8a55\u4fa1\u306e\u5b9f\u884c\u300d\u306e ARN \u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3053\u3053\u304b\u3089\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u3092\u53d6\u5f97\u3067\u304d\u308b\u304b AWS CLI \u3092\u5229\u7528\u3057\u3066\u78ba\u8a8d\u3057\u3066\u3044\u304f\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n<h1>\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u4e00\u89a7\u3092\u53d6\u5f97<\/h1>\n<p><a href=\"https:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/inspector\/index.html\" rel=\"noopener\" target=\"_blank\">\u30b3\u30de\u30f3\u30c9\u30ea\u30d5\u30a1\u30ec\u30f3\u30b9\uff08inspector\uff09<\/a>\u3092\u78ba\u8a8d\u3057\u305f\u3068\u3053\u308d\u3001<strong>list-findings<\/strong> \u3067\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u4e00\u89a7\u3092\u53d6\u5f97\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002<br \/>\n\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u304b\u3089\u53d6\u5f97\u3057\u305f\u300c\u8a55\u4fa1\u306e\u5b9f\u884c\u300d\u306e ARN \u3092 <strong>assessment-run-arns<\/strong> \u30aa\u30d7\u30b7\u30e7\u30f3\u306b\u6307\u5b9a\u3057\u3066\u5b9f\u884c\u3057\u305f\u3068\u3053\u308d\u3001\u4ee5\u4e0b\u306e\u7d50\u679c\u304c\u8fd4\u3063\u3066\u304d\u307e\u3057\u305f\u3002<br \/>\n\u540c\u69d8\u306b\u5fc5\u8981\u306a\u90e8\u5206\u3092\u629c\u7c8b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre>\naws inspector list-findings --assessment-run-arns arn:aws:inspector:ap-northeast-1:xxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\n\n{\n    \"findingArns\": [\n        \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\/finding\/x-xxxxxxx1\",\n        \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\/finding\/x-xxxxxxx2\",\n        \"arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\/finding\/x-xxxxxxx3\",\n    ]\n}\n<\/pre>\n<p>\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e ARN \u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u306e\u3067\u3001\u3042\u3068\u4e00\u6b69\u3067\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u307e\u3067\u305f\u3069\u308a\u7740\u3051\u305d\u3046\u3067\u3059\u3002<\/p>\n<h1>\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u3092\u53d6\u5f97<\/h1>\n<p>\u518d\u5ea6 <a href=\"https:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/inspector\/index.html\" rel=\"noopener\" target=\"_blank\">\u30b3\u30de\u30f3\u30c9\u30ea\u30d5\u30a1\u30ec\u30f3\u30b9\uff08inspector\uff09<\/a>\u3092\u78ba\u8a8d\u3057\u305f\u3068\u3053\u308d\u3001<strong>describe-findings<\/strong> \u3067\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u3092\u53d6\u5f97\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002<br \/>\n\u53d6\u5f97\u3057\u305f\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e ARN \u3092 <strong>finding-arns<\/strong> \u30aa\u30d7\u30b7\u30e7\u30f3\u306b\u6307\u5b9a\u3057\u3066\u5b9f\u884c\u3057\u305f\u3068\u3053\u308d\u3001\u4ee5\u4e0b\u306e\u7d50\u679c\u304c\u8fd4\u3063\u3066\u304d\u307e\u3057\u305f\u3002<br \/>\n\u540c\u69d8\u306b\u5fc5\u8981\u306a\u90e8\u5206\u3092\u629c\u7c8b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre>\naws inspector describe-findings --finding-arns arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx\/finding\/x-xxxxxxx1\n\n{\n    \"findings\": [\n        {\n            \"assetType\": \"ec2-instance\",\n            \"confidence\": 10,\n            \"numericSeverity\": 9.0,\n            \"description\": \"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).\",\n            \"service\": \"Inspector\",\n            \"title\": \"Instance i-xxxxxxxxxxxxxxxxx is vulnerable to CVE-2018-0732\",\n            \"assetAttributes\": {\n                \"amiId\": \"ami-xxxxxxxxxxxxxxxxx\",\n                \"hostname\": \"ec2-xx-xxx-xxx-xxx.ap-northeast-1.compute.amazonaws.com\",\n            },\n            \"recommendation\": \"Use your Operating System's update feature to update package openssl-1:1.0.2k-12.amzn2.0.3, openssl-libs-1:1.0.2k-12.amzn2.0.3. For more information see [https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-0732](https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-0732)\",\n            \"id\": \"CVE-2018-0732\",\n            \"severity\": \"High\"\n        }\n    ]\n}\n<\/pre>\n<p>\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<br \/>\n\u5bfe\u8c61\u306e Amazon EC2 \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u691c\u51fa\u3055\u308c\u305f\u554f\u984c\u306e\u8a73\u7d30\u3084\u3001\u63a8\u5968\u3055\u308c\u308b\u5bfe\u51e6\u65b9\u6cd5\u7b49\u306e\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<h1>\u3055\u3044\u3054\u306b<\/h1>\n<p>\u4eca\u56de\u306f AWS CLI \u3092\u5229\u7528\u3057\u3066\u691c\u8a3c\u3057\u307e\u3057\u305f\u304c\u3001\u300c\u5b9f\u884c\u5b8c\u4e86\u300d\u30a4\u30d9\u30f3\u30c8\u306e\u901a\u77e5\u5185\u5bb9\u304b\u3089\u8fbf\u3063\u3066\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u3092\u53d6\u5f97\u3067\u304d\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002<br \/>\n\u4eca\u5f8c\u306f\u3001AWS Lambda \u7b49\u3067\u30a4\u30d9\u30f3\u30c8\u3092\u53d7\u4fe1\u3057\u3066\u30e1\u30fc\u30eb\u3084\u30c1\u30e3\u30c3\u30c8\u30c4\u30fc\u30eb\u306b\u81ea\u52d5\u901a\u77e5\u3059\u308b\u3068\u3053\u308d\u3092\u8a66\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<h1>appendix<\/h1>\n<p>\u8a73\u7d30\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u306b\u3053\u3060\u308f\u3089\u306a\u3044\u306e\u3067\u3042\u308c\u3070\u3001Amazon Inspector \u304c\u4f5c\u6210\u3057\u3066\u304f\u308c\u308b\u8a55\u4fa1\u30ec\u30dd\u30fc\u30c8\uff08HTML\u3001PDF\uff09\u3092\u5229\u7528\u3059\u308b\u624b\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<pre>\naws inspector get-assessment-report --assessment-run-arn arn:aws:inspector:ap-northeast-1:xxxxxxxxxxxx:target\/x-xxxxxxxx\/template\/x-xxxxxxxx\/run\/x-xxxxxxxx --report-file-format HTML --report-type FINDING\n\n{\n    \"status\": \"COMPLETED\",\n    \"url\": \"https:\/\/inspector-temp-reports-prod-ap-northeast-1.s3.ap-northeast-1.amazonaws.com\/xxxxxxxx\"\n}\n<\/pre>\n<p><strong>url<\/strong> \u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u300c\u8a55\u4fa1\u7d50\u679c\u300d\u306e\u8a73\u7d30\u304c\u307e\u3068\u3081\u3089\u308c\u305f\u30ec\u30dd\u30fc\u30c8\u3092\u53c2\u7167\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u306e\u3067\u3001\u3053\u306e <strong>url<\/strong> \u3092\u901a\u77e5\u3059\u308b\u307b\u3046\u304c\u7c21\u5358\u305d\u3046\u3067\u3059\u306d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u308c\u306f TECHSCORE Advent Calendar 2018 \u306e11\u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002<\/p>\n<p>\u6700\u8fd1Amazon Inspector \u3092\u5229\u7528\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a55\u4fa1\u3092\u884c\u3046\u6a5f\u4f1a\u304c\u3042\u308a\u307e\u3057\u305f\u3002<br \/><a href=\"https:\/\/www.techscore.com\/blog\/2018\/12\/11\/amazon-inspector\/\">\u7d9a\u304d\u3092\u8aad\u3080...<\/a><\/p>\n","protected":false},"author":42,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[308,18],"tags":[141,119],"_links":{"self":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/19808"}],"collection":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/comments?post=19808"}],"version-history":[{"count":75,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/19808\/revisions"}],"predecessor-version":[{"id":20339,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/19808\/revisions\/20339"}],"wp:attachment":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/media?parent=19808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/categories?post=19808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/tags?post=19808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}