-
Notifications
You must be signed in to change notification settings - Fork 1
VulnerabilityScanner Listener Application Setup
The VulnerabilityScanner is an application which interfaces directly with an openvas installation in order to automatically create and execute security scans on VMs. The application will also send the generated vulnerability report to the email address associated with the VM.
After the security scan of the VM is complete, the application will attempt to deploy a firewall to the VM. It does this directly through the cloud platform the VM is hosted on.
- Java 7 JRE
- Openvas Security Scanner
To run the VulnerabilityScanner application, create a JAR file from the provided source code. Next, if Openvas is running inside a docker container, move the JAR file inside this container. This can be done using the following command:
cat <FILENAME.jar> | sudo docker exec -i <DOCKER_CONTAINER_ID> sh -c 'cat > /<FILENAME.jar>'
The scannerConfig.properties file should be included in the same directory as the JAR file. It can be used to set parameters for either a single cloud platform, or multiple cloud platforms. Any properties in the config file which are not required should be left blank, but not removed.
FCOCloudUsername The admin username used to log into the FCO platform
FCOCloudPassword The admin password used to log into the FCO platform
FCOCloudAdminUUID The UUID of the FCO admin account
FCOAdminEndpoint The endpoint used to access the FCO Admin API
FCOUserEndpoint The endpoint used to access the FCO User API
FCOSSHKey The key file path or the key itself that has permission to access one or more VMs on the FCO platform
FCOScan Should be set to true/false depending on whether the user wants a vulnerability scan to be undertaken as part of the process
FCOFirewall Should be set to true/false depending on whether the user wants a firewall to be deployed to the cloud as part of the process
FCOChef Should be set to true/false depending on whether the user wants chef to be deployed on the VM as part of the process
OpenstackCloudUsername The username used to log into the Openstack deployment
OpenstackCloudPassword The password used to log into the Openstack deployment
OpenstackCloudTenant The tenant/project to be accessed on the Openstack deployment
OpenstackEndpoint The Openstack Identity API endpoint
OpenstackSSHKey The key file path or the key itself that has permission to access VMs on the Openstack platform
OpenstackScan Should be set to true/false depending on whether the user wants a vulnerability scan to be undertaken as part of the process
OpenstackFirewall Should be set to true/false depending on whether the user wants a firewall to be deployed to the cloud as part of the process
OpenstackChef Should be set to true/false depending on whether the user wants chef to be deployed on the VM as part of the process
OpenNebulaCloudUsername The username used to log into the Open Nebula platform
OpenNebulaCloudPassword The password used to log into the Open Nebula platform
OpenNebulaEndpoint The Open Nebula API endpoint
OpenNebulaSSHKey The key file path or the key itself that has permission to access VMs on the Open Nebula platform
OpenNebulaScan Should be set to true/false depending on whether the user wants a vulnerability scan to be undertaken as part of the process
OpenNebulaFirewall Should be set to true/false depending on whether the user wants a firewall to be deployed to the cloud as part of the process
OpenNebulaChef Should be set to true/false depending on whether the user wants chef to be deployed on the VM as part of the process
AWSAccessKey The access key associated with the AWS account
AWSSecretKey The secret key associated with the AWS account
AWSEndpoint The AWS API endpoint to be used when applying the firewall
AWSSSHKey The key file path or the key itself that has permission to access VMs on the AWS platform
AWSScan Should be set to true/false depending on whether the user wants a vulnerability scan to be undertaken as part of the process
AWSFirewall Should be set to true/false depending on whether the user wants a firewall to be deployed to the cloud as part of the process
AWSChef Should be set to true/false depending on whether the user wants chef to be deployed on the VM as part of the process
ChefKnifeLocation The path to the chef knife executable
ChefRepoLocation The path to the base chef repo directory
ChefRole The role to be used to bootstrap the VMs. To be written in the format "role[]".
FirewallConfigDirectory The path to the base directory containing the firewall configuration files
To start the application, run the jar file using the following command:
java -jar <FILENAME.jar>.