Last active
November 19, 2016 02:02
-
-
Save na0AaooQ/b0d85d5d3010a181c1956fb6a6224b72 to your computer and use it in GitHub Desktop.
AWS Lambda で Amazon Inspector によるEC2のセキュリティ脆弱性評価を実行する ref: http://qiita.com/na0AaooQ/items/9cfd66ac0e83de651f98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"inspector:Get*", | |
"inspector:List*", | |
"inspector:Preview*", | |
"inspector:Describe*", | |
"inspector:StartAssessmentRun", | |
"inspector:StartDataCollection", | |
"inspector:AddAttributesToFindings", | |
"inspector:AttachAssessmentAndRulesPackage", | |
"inspector:DetachAssessmentAndRulesPackage", | |
"inspector:GetAssessmentTelemetry", | |
"inspector:LocalizeText", | |
"inspector:PreviewAgentsForResourceGroup", | |
"inspector:RegisterCrossAccountAccessRole", | |
"inspector:RemoveAttributesFromFindings", | |
"inspector:RetireRulesPackage", | |
"inspector:RunAssessment", | |
"inspector:SetTagsForResource", | |
"inspector:UpdateApplication", | |
"inspector:UpdateAssessment", | |
"ec2:DescribeInstances", | |
"ec2:DescribeTags", | |
"sns:ListTopics" | |
], | |
"Resource": "*" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
// http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Inspector.html#startAssessmentRun-property | |
var AWS = require('aws-sdk') | |
, inspector = new AWS.Inspector({ apiVersion: '2016-02-16' }) | |
; | |
exports.handler = (event, context) => { | |
console.log('Start Amazon Inspector AssessmentRun'); | |
// Add timedate to description | |
var date = new Date(); | |
var year = date.getFullYear(); | |
var month = date.getMonth() + 1; | |
var day = date.getDate(); | |
var hour = date.getHours(); | |
var minutes = date.getMinutes(); | |
if ( day < 10 ) { | |
day = '0' + day; | |
} | |
// UTC to JST | |
hour += 9; | |
if ( hour < 10 ) { | |
hour = '0' + hour; | |
} | |
if ( minutes < 10 ) { | |
minutes = '0' + minutes; | |
} | |
var assessmentRunDate = '-' + year.toString() + month.toString() + day.toString() + '-' + hour.toString() + minutes.toString(); | |
var params = { | |
assessmentTemplateArn: 'arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX', | |
assessmentRunName: 'example-server' + assessmentRunDate | |
}; | |
inspector.startAssessmentRun(params, function(err, data) { | |
if (err) context.done(err, err.stack); | |
else context.done(null, data); | |
}); | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Resource": "arn:aws:logs:*:*:*" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ chkconfig --list | grep awsagent | |
awsagent 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ diff /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo vi /etc/ssh/sshd_config | |
PermitRootLogin forced-commands-only | |
↓ | |
PermitRootLogin no | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ grep PermitRootLogin /etc/ssh/sshd_config | grep -v ^# | |
PermitRootLogin no | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ diff /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ diff /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo vi /etc/ssh/sshd_config | |
PermitRootLogin forced-commands-only | |
↓ | |
PermitRootLogin no | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ grep PermitRootLogin /etc/ssh/sshd_config | grep -v ^# | |
PermitRootLogin no | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ diff /etc/ssh/sshd_config /etc/ssh/sshd_config.ORG | |
51c51 | |
< PermitRootLogin no | |
--- | |
> PermitRootLogin forced-commands-only | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ rpm -qa | grep AwsAgent | |
AwsAgentKernelModule__amzn__4.4.30-32.54.amzn1-1.0.18.10-0.x86_64 | |
AwsAgent-1.0.536.0-100536.x86_64 | |
AwsAgentKernelModule__amzn__4.4.23-31.54.amzn1-1.0.18.5-0.x86_64 | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ sudo /etc/init.d/sshd restart | |
sshd を停止中: [ OK ] | |
sshd を起動中: [ OK ] | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ ps awux | grep -v grep | grep sshd | |
root 3686 0.0 0.6 117812 6692 ? Ss 10:44 0:00 sshd: ec2-user [priv] | |
ec2-user 3688 0.0 0.3 117812 3964 ? S 10:44 0:00 sshd: ec2-user@pts/0 | |
root 3771 0.0 0.2 77844 2744 ? Ss 10:48 0:00 /usr/sbin/sshd | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ssh -i EC2インスタンスログイン用のpemファイル ec2-user@EC2インスタンスのIPアドレス | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ssh -i root@EC2インスタンスのIPアドレス |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ ps awux | grep -v grep | grep awsagent | |
root 2616 0.1 3.6 570932 37508 ? Ssl 10:04 0:20 /opt/aws/awsagent/bin/awsagent | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ /usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`" | |
{ | |
"assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX/run/0-XXXXXXXX" | |
} | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ /bin/hostname | |
example-server | |
[ec2-user@example-server ~]$ /bin/date '+%Y%m%d-%H%M%S' | |
20161116-213151 | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ /usr/bin/aws inspector start-assessment-run --region ap-northeast-1 --assessment-template-arn "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX" --assessment-run-name "`/bin/hostname`-`/bin/date '+%Y%m%d-%H%M%S'`" | |
{ | |
"assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX/run/0-XXXXXXXX" | |
} | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-G6DLCZXC/template/X-XXXXXXXX/run/0-XXXXXXXX" | |
<img width="1241" alt="スクリーンショット 2016-11-16 22.18.01.png" src="https://qiita-image-store.s3.amazonaws.com/0/63647/8c1615ec-1955-6de2-bffe-7420567aec0b.png"> | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"assessmentRunArn": "arn:aws:inspector:ap-northeast-1:XXXXXXXXXXXX:target/0-XXXXXXXX/template/X-XXXXXXXX/run/0-XXXXXXXX" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It is recommended that you configure your EC2 instance to prevent root logins over SSH. Instead, log in as a non-root user and use sudo to escalate privileges when necessary. To disable SSH root logins, set PermitRootLogin to "no" in /etc/ssh/sshd_config and restart sshd. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Instance i-XXXXXXXX is configured to allow users to log in with root credentials over SSH. This increases the likelihood of a successful brute-force attack. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This rule helps determine whether the SSH daemon is configured to permit logging in to your EC2 instance as root. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-server ~]$ uname -a | |
Linux example-server 4.4.30-32.54.amzn1.x86_64 #1 SMP Thu Nov 10 15:52:05 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | |
[ec2-user@example-server ~]$ | |
[ec2-user@example-server ~]$ cat /etc/system-release | |
Amazon Linux AMI release 2016.09 | |
[ec2-user@example-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
example-server-20161117-1552 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment