新钛云服已累计为您分享643篇技术干货
云安全中心应急漏洞扫描
云安全中心是一个实时识别、分析、预警安全威胁的统一安全管理系统,通过防勒索、防病毒、防篡改、合规检查等安全能力,实现威胁检测、告警响应、攻击溯源的自动化安全运营闭环,保护云上资产和本地服务器安全,并满足监管合规要求。
前提条件配置
①子账户生成阿里云的AKSK信息,授权云安全中心权限
②python环境配置
1安装依赖
2yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel gdbm-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel gcc-c++ libffi zlib zlib-dev libssl-dev db4-devel libpcap-devel xz-devel
3
4
5下载python3.10.4
6wget -c https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz
7
8解压python3.10.4
9tar -zxvf Python-3.10.4.tgz
10
11cd Python-3.10.4/
12./configure --with-ssl
13make && make install
14
15备份python文件
16mv /usr/bin/python /usr/bin/python.bak
17
18#建立python3的软链接
19ln -s /usr/local/bin/python3 /usr/bin/python
20
21which pip3
22#yum执行异常解决
23vi /usr/libexec/urlgrabber-ext-down
24#! /usr/bin/python2
25
26vi /usr/bin/yum
27#!/usr/bin/python2
28
29
30安装模块
31pip3 install --upgrade pip
32pip3 install alibabacloud_sas20181203==1.1.13
33pip install alibabacloud_tea_console
34
35如果在import ssl调式报错ImportError: cannot import name 'OPENSSL_VERSION_NUMBER' from '_ssl' (unknown location)解决办法如下
36
37#下载安装openssl
38wget -c https://www.openssl.org/source/openssl-1.1.1n.tar.gz
39tar -zxvf openssl-1.1.1n.tar.gz
40cd openssl-1.1.1n
41./config --prefix=/usr/local/openssl
42make && make instal
43mv /usr/bin/openssl /usr/bin/openssl.bak
44ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
45echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
46
47ldconfig -v
48
49#查询openssl版本
50openssl version
51
52vim /root/Python-3.10.4/Modules/Setup
53211 OPENSSL=/usr/local/openssl
54212 _ssl _ssl.c \
55213 -I$(OPENSSL)/include -L$(OPENSSL)/lib \
56214 -lssl -lcrypto
57
58
59最后在执行下python3.10.4安装
60cd Python-3.10.4/
61./configure
62make && make install
一、扫描获取特定应急漏洞的名称信息
如扫描fastjson <= 1.2.80 反序列化任意代码执行漏洞
API文档 https://help.aliyun.com/document_detail/421691.html
Lang:zh
RiskStatus:y
ScanType:python
CheckType:fastjson <= 1.2.80 反序列化任意代码执行漏洞
VulName:
1{
2 "TotalCount": 1,
3 "RequestId": "A79C0E69-CE10-5688-8D01-7322BD3715C8",
4 "PageSize": 5,
5 "CurrentPage": 1,
6 "GroupedVulItems": [
7 {
8 "Status": 30,
9 "PendingCount": 116,
10 "Type": "python",
11 "Description": "fastjson已使用黑白名单用于防御反序列化漏洞,经研究该利用在特定条件下可绕过默认autoType关闭限制,攻击远程服务器,风险影响较大。建议fastjson用户尽快采取安全措施保障系统安全。\n\n特定依赖存在下影响 ≤1.2.80。",
12 "CheckType": 1,
13 "AliasName": "fastjson <= 1.2.80 反序列化任意代码执行漏洞【原理扫描】",
14 "GmtLastCheck": 1653471386000,
15 "GmtPublish": 1653273837000,
16 "Name": "emg:SCA:AVD-2022-1243027"
17 }
18 ]
19}
得到特定应急漏洞名称信息为emg:SCA:AVD-2022-1243027
pip install alibabacloud_sas20181203==1.1.13
pip install alibabacloud_tea_console
1# -*- coding: utf-8 -*-
2# This file is auto-generated, don't edit it. Thanks.
3import sys
4
5from typing import List
6from Tea.core import TeaCore
7
8from alibabacloud_sas20181203.client import Client as Sas20181203Client
9from alibabacloud_tea_openapi import models as open_api_models
10from alibabacloud_sas20181203 import models as sas_20181203_models
11from alibabacloud_tea_util import models as util_models
12from alibabacloud_tea_console.client import Client as ConsoleClient
13from alibabacloud_tea_util.client import Client as UtilClient
14
15
16class Sample:
17 def __init__(self):
18 pass
19
20 @staticmethod
21 def create_client(
22 access_key_id: str,
23 access_key_secret: str,
24 ) -> Sas20181203Client:
25 """
26 使用AK&SK初始化账号Client
27 @param access_key_id:
28 @param access_key_secret:
29 @return: Client
30 @throws Exception
31 """
32 config = open_api_models.Config(
33 # 您的AccessKey ID,
34 access_key_id='LTAI5t',
35 # 您的AccessKey Secret,
36 access_key_secret='dSr'
37 )
38 # 访问的域名
39 conf