1.... 1 2.... 2 2.1.... 2 2.2.... 4 2.3.... 7 3.... 9 3.1.... 9 3.1.1.... 10 3.1.2.... 11 3.1.3.... 13 3.1.4.... 15 3.1.5.... 16 3.1.6.... 17 3.2.... 18 3.2.1.... 19 3.2.2.... 20 3.2.3.... 20 3.2.4.... 24 3.3.... 26 3.3.1.... 26 3.3.2.... 29 4.... 31 - i
1. 2. 3. 4. 5. 6. 7.... 4... 7... 8... 8 ICAT... 21... 24... 25 - ii
1. 2. 3. 4. 5. 6. 7. 1... 5... 9... 13 LINUX... 14... 16... 29... 31 - iii
1. (Open Source Software) 2 3 4-1
2. 1) 1997 Eric S.Raymond The Cathedral and the Bazar 1 2 1 http://www.tuxedo.org/~esr/writings/cathedral-bazaar/ 2 http://cruel.org/freeware/cathedral.pdf - 2
2) Linux Apache 3) 3 4 4) - 3
1 S/W,H/W 1. 1 1-4
SorceForge OSS 5 50 CERT/CC H/WS/W (Linux etc.) Linux Red HatDebianSuSE S/W,H/W 1. 1 1-5
(1) Linux 60-90 (2) Linux 3 (3) - 24h7days 365days - 8 - - - (4) (5) 2.1 3-6
3 1 2 OSS 2. 3-7
OSS 3. 4 OSS 4. 3 3-8
3. 2 3 2) 3) 2 5 * * * * 2. - 9
3.1.1. 3.1.1.1. Free Software Foundation (FSF) Free Software Foundation ( FSF) FSF Unix GNU(GNU's Not Unix.: GNU Unix ) GNU 1900 URL 3.1.1.2. Open Source Initiative (OSI) Open Source Initiative(OSI) The Cathedral and the Bazar (1998) Eric S.Raymond 1998 12 OSI Open Source Definition: OSD OSI freshmeat.net, SourceForge, OSDir.com, BerliOS, Bioinformatics.org URL 3.1.1.3. URL - 10
3.1.1.4. SourceForge.jp URL 3.1.2. 3.1.2.1. CERT/CC CERT/CC 1988 DARPAthe Defense Advanced Research Projects Agency (Software Engineering Institute) URL 3.1.2.2. JPCERT/CC JPCERT/CC Japan Computer Emergency Response Team/Coordination Center JPCERT/CC URL - 11
3.1.2.3. IPA (IPA/ISEC) IPA IPA/ISEC IPA IT IT URL 3.1.2.4. SANS SANS (SysAdmi Audit Network Security) 1989 SANS 156,000 SANS URL 3.1.2.5. CVE CVE (Common Vulnerabilities & Exposures) URL - 12
3.1.2.6. Internet Storm Center Computer Incident Advisory Capability Department of Defense CERT Federal Computer Incident Response Capability (FedCIRC) Forum of Incident Response and Security Teams (FIRST) Computer Security Resource Center (CSRC) ICAT (CVE Vulnerability Search Engine) http://icat.nist.gov/ 3. 3.1.3. Linux Red Hat Linux,SuSE Linux WebMail 4 Linux Red Hat Red Hat, Inc. RPM Red Hat Network Red Hat Linux Red Hat Errata URL Turbo Linux ( ) Linux Red Hat Linux RPM - 13
Miracle Linux Vine Caldera Laser5 SuSE Debian URL Miracle Linux Linux URL Miracle Linux Q&A URL Project Vine man Vmail Vedit Windows URL Vine Linux URL Caldera Systems Red Hat Linux URL URL Red Hat Linux Laser5 Laser5 Red Hat Red Hat Linux Red Hat Linux URL Laser5 URL SuSE Linux SuSE Linux URL URL Ian Murdock Debian Project Debian JP Project Debian Project DEB URL URL 4.Linux - 14
3.1.4. Linux 5 NEC IBM 4 Linux NEC NEC OSS Linux Linux OSS Linux Linux OS Linux URL Linux Linux URL Linux 2000 1 Linux Linux Fujitsu Linux Center: Linux URL NTT NTT NTT IT Linux PROgART - 15
IBM Linux URL IBM Linux IBM Linux Linux IBM Windows Linux URL 5. 3.1.5. BugTraq DeepSight Alert Services BugTraq BugTraq DeepSight Alert Services 24 Bugtraq 13 3 [4] - 16
3.1.6. 5 1 3 1 2 3 2-17
1BIND BIND ISC(Internet Software Consortium) BIND ISC ISC 2Linux Linux FTP wu-ftp Linux Linux Linux IT - 18
3.2.1. [1] 9 1. 2. 3. 4. 5. 6. 7. 8. 9. 4-19
3.2.2. 1. 2. 3. 3.2.3. 1. - 20
- BIOS - OS - 2. 5 ICAT 5 5. ICAT 3. 5 http://icat.nist.gov/ - 21
- - - 4. 5. - - - 6. - 22
7. 8. 9 6-23
2. 5. 4. 1. 3. 6. 8. 7. 9. 6. 3.2.4. - 24
2. 1. 3. 7. - 25
JPCERT/CC 16 [2] 2 3.3.1. 16 1) 2) 3) 4) 5) - 26
6) 7) 8) OS 11) - 27
12) 10 OS 13) 14) 15) JPCERT/CC 6 6-28
3.3.2. 3.3.1 2 13 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 JPCERT/CC 1 2 3 6. 14 57 8 3 9-29
10 11 3 10 12 3 JPCERT/CC - 30
4. 3 10, 12 5, 6, 7, 8, 13, 14 10, 11, 12 1 2 3 7. 7 1 2 10,12 3 3-31
[1] National Institute of Standard and Technology, Procedures for Handling Security Patches, April 2002 [2] JPCERT, http://www.jpcert.or.jp/magazine/atmarkit/ [3] IT,, [4] IPA 12 http://www.ipa.go.jp/security/ccj/report/h12/chousa/vuldb.pdf - 32