SlideShare a Scribd company logo

Monitoramento de Vulnerabilidades com Zabbix, RHEL e Yum Security Plugin

Alessandro Silva, profile picture
Alessandro Silva

The document outlines a presentation from the Zabbix Conference LATAM 2016, focusing on monitoring vulnerabilities using Zabbix, Red Hat Enterprise Linux (RHEL), and the Yum security plugin. It covers the importance of vulnerability monitoring, the role of the CVE system, incident response, product security advisories, and how to implement a monitoring solution with Zabbix. Additionally, it provides practical examples, including scripts and templates for generating security reports and monitoring vulnerabilities in various server environments.

Technology
1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Zabbix Conference Latam 2016 Monitoring Vulnerabilities with Zabbix, RHEL and Yum Security Plugin Alessandro Silva Technical Account Manager, Red Hat alsilva@redhat.com Twitter: @alessssilva
Zabbix Conference Latam 2016 $ Who am I • Pós-graduando em Segurança da Informação – NCE/UFRJ • Mais de 12 anos na indústria de TI e 10 somente com Linux. • Certificações: • RHCE - Red Hat Certified Engineer • RHCSA em Openstack • LPIC-3 Core • LPIC-303 Security Specialist • Zabbix Certified Specialist • Desde 2011 trabalhando com Zabbix • Technical Account Manager na Red Hat • “Zabbix guy” na Red Hat
Zabbix Conference Latam 2016 Agenda • Vulnerabilidades, impactos e contramedidas • Por que monitorar vulnerabilidades? • Segurança do Produto • Como Zabbix pode nos ajudar? • A solução Enterprise e Open Source • Demo
Mas, afinal, o que é uma vulnerabilidade?
Zabbix Conference Latam 2016 CVE Common Vulnerabilities and Exposures • Formato padronizado para notificação e acompanhamento de questões de segurança relacionadas a software • Mantido pela empresa MITRE Corporation • Common Vulnerability Scoring System (CVSS) • Severidades: Crítica, Importante, Moderada e Baixa Vulnerabilidades 0 1000 2000 3000 4000 5000 6000 7000 8000 Número de Vulnerabilidades | Desde 1999 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 cve.mitre.org
Zabbix Conference Latam 2016 Resposta a Incidentes de Segurança • ERISI/CSIRT - Computer Security Incident Response Team ✔ Investiga e analisa questões relacionadas a segurança de software ✔ Analisa quais produtos são afetados, impactos e contramedidas • Publicação de erratas ✔ Severidades ✔ Impactos ✔ CVE
Zabbix Conference Latam 2016 Segurança do Produto • Red Hat Security Advisory (RHSA) • Red Hat Bug Fix Advisory (RHBA) • Red Hat Enhancement Advisory (RHEA) RHEL 6.0 RHEL 6.1 RHEL 6.2 RHEL 6.3 RHEL 6.4 0,0 1,0 2,0 3,0 4,0 5,0 6,0 7,0 8,0 9,0 Erratas de Segurança por mês Red Hat Enterprise Linux - Instalação default do Servidor Critica Importante Baixa/Moderada Sistema Operacional Errataspormês
Zabbix Conference Latam 2016 Segurança do Produto Red Hat Enterprise Linux 5 98% Das vulnerabilidades Críticas são corrigidos em 1 dia Red Hat Enterprise Linux 6 92% Das vulnerabilidades Críticas são corrigidos em 1 dia Red Hat Enterprise Linux 7 97% Das vulnerabilidades Críticas são corrigidos em 1 dia
Zabbix Conference Latam 2016 Mas, o que iremos monitorar? Servidores Físicos Eles ainda existem e precisam ser monitorados Servidores Virtuais Monitore servidores virtuais em qualquer hypervisor Monitore instâncias da nuvem Cloud servers, contêiners,...
Zabbix Conference Latam 2016 Por que Monitorar? Gerenciamento e compliance Manutenção do ciclo de vida Manter a vigilância na infraestrutura
Como o Zabbix pode ajudar?
Zabbix Conference Latam 2016 Usando o Zabbix para monitorar Notificações Controle Centralizado Configuração Status Checagens Monitoração SNMP Monitoração com agente Monitoração com ping e porta Dispositivos monitorados Dispositivos de rede Servidores com Agente Zabbix Servidores sem Agente Zabbix
Zabbix Conference Latam 2016 Zabbix + RHEL + Yum Security Plugin YUMYUM Security Plugin + +
Zabbix Conference Latam 2016 Implementação • Instalação do YUM security plugin • Agendar os relatórios de segurança no Cron • Estender o agente Zabbix via UserParameter • Criar o template RHN Security ✔ itens, triggers, gráficos, telas ... • Criar o script de checagem de vulnerabilidades
Zabbix Conference Latam 2016 YUM Security Plugin # yum install -y yum-plugin-security # yum updateinfo Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updates Information Summary: available 42 Security notice(s) 5 Critical Security notice(s) 15 Important Security notice(s) 7 Low Security notice(s) 15 Moderate Security notice(s) 143 Bugfix notice(s) 13 Enhancement notice(s) updateinfo summary done # yum install -y yum-plugin-security # yum updateinfo Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updates Information Summary: available 42 Security notice(s) 5 Critical Security notice(s) 15 Important Security notice(s) 7 Low Security notice(s) 15 Moderate Security notice(s) 143 Bugfix notice(s) 13 Enhancement notice(s) updateinfo summary done YUMYUM Security Plugin Gerando o Relatório de Segurança # crontab -e * 0 * * * yum updateinfo > $zbxlogdir/security-reports/sec-report
Zabbix Conference Latam 2016 Agente Zabbix Estendendo com UserParameter UserParameter=rhn.security,grep -m 1 "Security notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print"0"}' UserParameter=rhn.security.critical,grep "Critical Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.security.important,grep "Important Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.low,grep "Low Security" /var/log/zabbix/security-reports/sec- report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.moderate,grep "Moderate Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.bugfix,grep "Bugfix notice" /var/log/zabbix/security-reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.enhancement,grep "Enhancement notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security,grep -m 1 "Security notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print"0"}' UserParameter=rhn.security.critical,grep "Critical Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.security.important,grep "Important Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.low,grep "Low Security" /var/log/zabbix/security-reports/sec- report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.moderate,grep "Moderate Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.bugfix,grep "Bugfix notice" /var/log/zabbix/security-reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.enhancement,grep "Enhancement notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' $DIR/etc/zabbix_agentd.conf.d/zabbix_agentd.userparams.conf
Zabbix Conference Latam 2016 Relatório de Vulnerabilidades Vulnerabilidade Severidade Fix ---------------------- -------------------- ------------- CVE-2015-1781 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-7423 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2015-1473 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-1753 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4616 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4650 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2015-3276 Moderate/Sec. openldap-2.4.40-8.el7.x86_64 CVE-2015-3194 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3196 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3195 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-7575 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 CVE-2016-0797 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0702 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0705 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0800 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2015-3197 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 Vulnerabilidade Severidade Fix ---------------------- -------------------- ------------- CVE-2015-1781 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-7423 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2015-1473 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-1753 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4616 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4650 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2015-3276 Moderate/Sec. openldap-2.4.40-8.el7.x86_64 CVE-2015-3194 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3196 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3195 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-7575 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 CVE-2016-0797 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0702 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0705 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0800 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2015-3197 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 Gerando o Relatório de Vulnerabilidades: # crontab -e * 0 * * * yum updateinfo list cve > $zbxlogdir/security-reports/vuln-report
Zabbix Conference Latam 2016 Projeto está disponível • Template • Arquivos de configuração • Scripts https://github.com/alessssilva/zabbix/tree/master/zabbix-security-insights It's better to SHARE Your mother was right
DEMO
Zabbix Conference Latam 2016 Referências • Product Security Overview ✔ https://access.redhat.com/site/security/team/ • Red Hat Security Center ✔ https://access.redhat.com/security/ • Documentação oficial do Zabbix ✔ http://zabbix.com/documentation • Common Vulnerabilities and Exposure ✔ http://cve.mitre.org/
22INSERT DESIGNATOR, IF NEEDED OBRIGADO! plus.google.com/+Red Hat linkedin.com/company/red-h at youtube.com/user/RedHatVide os facebook.com/redhati nc twitter.com/RedHatNe ws

More Related Content

PPT
Server virtualization by VMWare
sgurnam73
 
PDF
Apresentação sobre Zabbix na iDEZ 2012
Aécio Pires
 
PDF
Zabbix: Uma ferramenta para Gerenciamento de ambientes de T.I
Aécio Pires
 
PDF
Módulo 3-Sistema Operativo Servidor - V3.pdf
FChico2
 
PPTX
Virtualization 101: Everything You Need To Know To Get Started With VMware
Datapath Consulting
 
PPTX
Gerenciamento de Arquivos Nos Sistemas Operacionais
Leandro Júnior
 
PDF
Comandos do linux
PeslPinguim
 
PPTX
Apresentacao zabbix
Daniel Peres
 
Server virtualization by VMWare
sgurnam73
 
Apresentação sobre Zabbix na iDEZ 2012
Aécio Pires
 
Zabbix: Uma ferramenta para Gerenciamento de ambientes de T.I
Aécio Pires
 
Módulo 3-Sistema Operativo Servidor - V3.pdf
FChico2
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Datapath Consulting
 
Gerenciamento de Arquivos Nos Sistemas Operacionais
Leandro Júnior
 
Comandos do linux
PeslPinguim
 
Apresentacao zabbix
Daniel Peres
 

What's hot (20)

PPTX
Vmware Data Center Virtualization ESXI and vCenter
A. Shamel
 
PPTX
Sistema operativo servidor
Sandu Postolachi
 
PDF
Curso de Desenvolvimento Web - Módulo 02 - CSS
Rodrigo Bueno Santa Maria, BS, MBA
 
PDF
Introduction to virtualization
Sasikumar Thirumoorthy
 
PPTX
Sistemas operacionais de redes particionamento de discos ii
Carlos Melo
 
PDF
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
Edureka!
 
PPTX
História dos Sistemas Operativos
TROLITO LALALAL
 
PDF
Les avantages de la virtualisation
NRC
 
PDF
[Curso Java Basico] Aula 12: Lendo dados do teclado usando a classe Scanner
Loiane Groner
 
PDF
Exemplo de Plano de testes
Leandro Rodrigues
 
PDF
Android - Conceito e Arquitetura
Ana Dolores Lima Dias
 
PDF
Sistemas Operacionais em redes
Daniel Brandão
 
PDF
Administration serveur linux
Sehla Loussaief Zayen
 
PDF
Curso CSS 3 - Aula Introdutória com conceitos básicos
Tiago Antônio da Silva
 
PPTX
VMware Vsphere Graduation Project Presentation
Rabbah Adel Ammar
 
PPTX
Yaml
Christoph Santschi
 
PPT
What is Virtualization
Israel Marcus
 
PDF
Monitoramento Enterprise com Zabbix+RHEL
Alessandro Silva
 
PDF
Sistemas de arquivos cap 04 (iii unidade)
Faculdade Mater Christi
 
PDF
Plano de aula sobre HTML básico
Silvio Sales do Nascimento Júnior
 
Vmware Data Center Virtualization ESXI and vCenter
A. Shamel
 
Sistema operativo servidor
Sandu Postolachi
 
Curso de Desenvolvimento Web - Módulo 02 - CSS
Rodrigo Bueno Santa Maria, BS, MBA
 
Introduction to virtualization
Sasikumar Thirumoorthy
 
Sistemas operacionais de redes particionamento de discos ii
Carlos Melo
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
Edureka!
 
História dos Sistemas Operativos
TROLITO LALALAL
 
Les avantages de la virtualisation
NRC
 
[Curso Java Basico] Aula 12: Lendo dados do teclado usando a classe Scanner
Loiane Groner
 
Exemplo de Plano de testes
Leandro Rodrigues
 
Android - Conceito e Arquitetura
Ana Dolores Lima Dias
 
Sistemas Operacionais em redes
Daniel Brandão
 
Administration serveur linux
Sehla Loussaief Zayen
 
Curso CSS 3 - Aula Introdutória com conceitos básicos
Tiago Antônio da Silva
 
VMware Vsphere Graduation Project Presentation
Rabbah Adel Ammar
 
Yaml
Christoph Santschi
 
What is Virtualization
Israel Marcus
 
Monitoramento Enterprise com Zabbix+RHEL
Alessandro Silva
 
Sistemas de arquivos cap 04 (iii unidade)
Faculdade Mater Christi
 
Plano de aula sobre HTML básico
Silvio Sales do Nascimento Júnior
 
Ad

Similar to Monitoramento de Vulnerabilidades com Zabbix, RHEL e Yum Security Plugin (20)

PPTX
AppSec California 2016 - Making Security Agile
Oleg Gryb
 
PDF
Pragmatic Pipeline Security
James Wickett
 
PDF
Alexey Kupriyanenko "Release Early, Often, Stable"
Fwdays
 
ODP
Effective DevSecOps
Pawel Krawczyk
 
PPTX
InSpec at DevOps ATL Meetup January 22, 2020
Mandi Walls
 
PPTX
Blue Teamin' on a Budget [of zero]
Kyle Bubp
 
PDF
1.3. (In)security Software
defconmoscow
 
PDF
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
PPTX
SAST Code Security Advisor for SAP [Webinar]
akquinet enterprise solutions GmbH
 
PDF
2013-06-12 Compliance Made Easy, Red Hat Summit 2013
Shawn Wells
 
PDF
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
Shawn Wells
 
PDF
Sensu and Sensibility - Puppetconf 2014
Tomas Doran
 
PDF
AWS Loft Talk: Behind the Scenes with SignalFx
SignalFx
 
PDF
Security in open source projects
Jose Manuel Ortega Candel
 
PPT
Agentless System Crawler - InterConnect 2016
Canturk Isci
 
PDF
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
PDF
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
Lucy Huh Kerner
 
PDF
Time to Shift Left - Unkomplizierte Security Tools und Technologien für den E...
QAware GmbH
 
PDF
SAP (in)security: New and best
ERPScan
 
PDF
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
AppSec California 2016 - Making Security Agile
Oleg Gryb
 
Pragmatic Pipeline Security
James Wickett
 
Alexey Kupriyanenko "Release Early, Often, Stable"
Fwdays
 
Effective DevSecOps
Pawel Krawczyk
 
InSpec at DevOps ATL Meetup January 22, 2020
Mandi Walls
 
Blue Teamin' on a Budget [of zero]
Kyle Bubp
 
1.3. (In)security Software
defconmoscow
 
stackconf 2024 | How to hack and defend (your) open source by Roman Zhukov.pdf
NETWAYS
 
SAST Code Security Advisor for SAP [Webinar]
akquinet enterprise solutions GmbH
 
2013-06-12 Compliance Made Easy, Red Hat Summit 2013
Shawn Wells
 
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
Shawn Wells
 
Sensu and Sensibility - Puppetconf 2014
Tomas Doran
 
AWS Loft Talk: Behind the Scenes with SignalFx
SignalFx
 
Security in open source projects
Jose Manuel Ortega Candel
 
Agentless System Crawler - InterConnect 2016
Canturk Isci
 
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
2017 Red Hat Summit Lab: Proactive security compliance automation with Red Ha...
Lucy Huh Kerner
 
Time to Shift Left - Unkomplizierte Security Tools und Technologien für den E...
QAware GmbH
 
SAP (in)security: New and best
ERPScan
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
Ad

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Encapsulation theory and applications.pdf
gurumoop
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 

Monitoramento de Vulnerabilidades com Zabbix, RHEL e Yum Security Plugin

  • 1. Zabbix Conference Latam 2016 Monitoring Vulnerabilities with Zabbix, RHEL and Yum Security Plugin Alessandro Silva Technical Account Manager, Red Hat alsilva@redhat.com Twitter: @alessssilva
  • 2. Zabbix Conference Latam 2016 $ Who am I • Pós-graduando em Segurança da Informação – NCE/UFRJ • Mais de 12 anos na indústria de TI e 10 somente com Linux. • Certificações: • RHCE - Red Hat Certified Engineer • RHCSA em Openstack • LPIC-3 Core • LPIC-303 Security Specialist • Zabbix Certified Specialist • Desde 2011 trabalhando com Zabbix • Technical Account Manager na Red Hat • “Zabbix guy” na Red Hat
  • 3. Zabbix Conference Latam 2016 Agenda • Vulnerabilidades, impactos e contramedidas • Por que monitorar vulnerabilidades? • Segurança do Produto • Como Zabbix pode nos ajudar? • A solução Enterprise e Open Source • Demo
  • 4. Mas, afinal, o que é uma vulnerabilidade?
  • 5. Zabbix Conference Latam 2016 CVE Common Vulnerabilities and Exposures • Formato padronizado para notificação e acompanhamento de questões de segurança relacionadas a software • Mantido pela empresa MITRE Corporation • Common Vulnerability Scoring System (CVSS) • Severidades: Crítica, Importante, Moderada e Baixa Vulnerabilidades 0 1000 2000 3000 4000 5000 6000 7000 8000 Número de Vulnerabilidades | Desde 1999 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 cve.mitre.org
  • 6. Zabbix Conference Latam 2016 Resposta a Incidentes de Segurança • ERISI/CSIRT - Computer Security Incident Response Team ✔ Investiga e analisa questões relacionadas a segurança de software ✔ Analisa quais produtos são afetados, impactos e contramedidas • Publicação de erratas ✔ Severidades ✔ Impactos ✔ CVE
  • 7. Zabbix Conference Latam 2016 Segurança do Produto • Red Hat Security Advisory (RHSA) • Red Hat Bug Fix Advisory (RHBA) • Red Hat Enhancement Advisory (RHEA) RHEL 6.0 RHEL 6.1 RHEL 6.2 RHEL 6.3 RHEL 6.4 0,0 1,0 2,0 3,0 4,0 5,0 6,0 7,0 8,0 9,0 Erratas de Segurança por mês Red Hat Enterprise Linux - Instalação default do Servidor Critica Importante Baixa/Moderada Sistema Operacional Errataspormês
  • 8. Zabbix Conference Latam 2016 Segurança do Produto Red Hat Enterprise Linux 5 98% Das vulnerabilidades Críticas são corrigidos em 1 dia Red Hat Enterprise Linux 6 92% Das vulnerabilidades Críticas são corrigidos em 1 dia Red Hat Enterprise Linux 7 97% Das vulnerabilidades Críticas são corrigidos em 1 dia
  • 9. Zabbix Conference Latam 2016 Mas, o que iremos monitorar? Servidores Físicos Eles ainda existem e precisam ser monitorados Servidores Virtuais Monitore servidores virtuais em qualquer hypervisor Monitore instâncias da nuvem Cloud servers, contêiners,...
  • 10. Zabbix Conference Latam 2016 Por que Monitorar? Gerenciamento e compliance Manutenção do ciclo de vida Manter a vigilância na infraestrutura
  • 11. Como o Zabbix pode ajudar?
  • 12. Zabbix Conference Latam 2016 Usando o Zabbix para monitorar Notificações Controle Centralizado Configuração Status Checagens Monitoração SNMP Monitoração com agente Monitoração com ping e porta Dispositivos monitorados Dispositivos de rede Servidores com Agente Zabbix Servidores sem Agente Zabbix
  • 13. Zabbix Conference Latam 2016 Zabbix + RHEL + Yum Security Plugin YUMYUM Security Plugin + +
  • 14. Zabbix Conference Latam 2016 Implementação • Instalação do YUM security plugin • Agendar os relatórios de segurança no Cron • Estender o agente Zabbix via UserParameter • Criar o template RHN Security ✔ itens, triggers, gráficos, telas ... • Criar o script de checagem de vulnerabilidades
  • 15. Zabbix Conference Latam 2016 YUM Security Plugin # yum install -y yum-plugin-security # yum updateinfo Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updates Information Summary: available 42 Security notice(s) 5 Critical Security notice(s) 15 Important Security notice(s) 7 Low Security notice(s) 15 Moderate Security notice(s) 143 Bugfix notice(s) 13 Enhancement notice(s) updateinfo summary done # yum install -y yum-plugin-security # yum updateinfo Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updates Information Summary: available 42 Security notice(s) 5 Critical Security notice(s) 15 Important Security notice(s) 7 Low Security notice(s) 15 Moderate Security notice(s) 143 Bugfix notice(s) 13 Enhancement notice(s) updateinfo summary done YUMYUM Security Plugin Gerando o Relatório de Segurança # crontab -e * 0 * * * yum updateinfo > $zbxlogdir/security-reports/sec-report
  • 16. Zabbix Conference Latam 2016 Agente Zabbix Estendendo com UserParameter UserParameter=rhn.security,grep -m 1 "Security notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print"0"}' UserParameter=rhn.security.critical,grep "Critical Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.security.important,grep "Important Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.low,grep "Low Security" /var/log/zabbix/security-reports/sec- report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.moderate,grep "Moderate Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.bugfix,grep "Bugfix notice" /var/log/zabbix/security-reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.enhancement,grep "Enhancement notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security,grep -m 1 "Security notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print"0"}' UserParameter=rhn.security.critical,grep "Critical Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.security.important,grep "Important Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.low,grep "Low Security" /var/log/zabbix/security-reports/sec- report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.security.moderate,grep "Moderate Security" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR)print "0"}' UserParameter=rhn.bugfix,grep "Bugfix notice" /var/log/zabbix/security-reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' UserParameter=rhn.enhancement,grep "Enhancement notice" /var/log/zabbix/security- reports/sec-report | awk '{print $1} END { if (!NR) print "0"}' $DIR/etc/zabbix_agentd.conf.d/zabbix_agentd.userparams.conf
  • 17. Zabbix Conference Latam 2016 Relatório de Vulnerabilidades Vulnerabilidade Severidade Fix ---------------------- -------------------- ------------- CVE-2015-1781 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-7423 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2015-1473 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-1753 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4616 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4650 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2015-3276 Moderate/Sec. openldap-2.4.40-8.el7.x86_64 CVE-2015-3194 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3196 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3195 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-7575 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 CVE-2016-0797 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0702 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0705 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0800 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2015-3197 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 Vulnerabilidade Severidade Fix ---------------------- -------------------- ------------- CVE-2015-1781 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-7423 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2015-1473 Moderate/Sec. glibc-2.17-105.el7.x86_64 CVE-2013-1753 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4616 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2014-4650 Moderate/Sec. python-2.7.5-34.el7.x86_64 CVE-2015-3276 Moderate/Sec. openldap-2.4.40-8.el7.x86_64 CVE-2015-3194 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3196 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-3195 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.1.x86_64 CVE-2015-7575 Moderate/Sec. openssl-libs-1:1.0.1e-51.el7_2.2.x86_64 CVE-2016-0797 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0702 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0705 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2016-0800 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 CVE-2015-3197 Important/Sec. openssl-libs-1:1.0.1e-51.el7_2.4.x86_64 Gerando o Relatório de Vulnerabilidades: # crontab -e * 0 * * * yum updateinfo list cve > $zbxlogdir/security-reports/vuln-report
  • 18. Zabbix Conference Latam 2016 Projeto está disponível • Template • Arquivos de configuração • Scripts https://github.com/alessssilva/zabbix/tree/master/zabbix-security-insights It's better to SHARE Your mother was right
  • 19. DEMO
  • 20. Zabbix Conference Latam 2016 Referências • Product Security Overview ✔ https://access.redhat.com/site/security/team/ • Red Hat Security Center ✔ https://access.redhat.com/security/ • Documentação oficial do Zabbix ✔ http://zabbix.com/documentation • Common Vulnerabilities and Exposure ✔ http://cve.mitre.org/
  • 21. 22INSERT DESIGNATOR, IF NEEDED OBRIGADO! plus.google.com/+Red Hat linkedin.com/company/red-h at youtube.com/user/RedHatVide os facebook.com/redhati nc twitter.com/RedHatNe ws