Merge pull request #859 from cisagov/improvement/scanning-by-hostname

Support scanning by hostname

Author: dav3r

ansible/roles/cyhy_commander/templates/commander.conf.j2

@@ -1,62 +1,66 @@
 [DEFAULT]
-default-section = production
 database-uri = mongodb://{{ cyhy_commander_commander_user }}:{{ cyhy_commander_commander_pw }}@database1.cyhy:27017/{{ cyhy_commander_commander_db }}
-jobs-per-nmap-host = 8
+debug-logging = true
+# default-scheduler specifies which scheduler should be used if the request
+# document for the default CYHY owner doesn't exist and must be created by the
+# commander.
+default-scheduler = PERSISTENT1
+default-section = production
 jobs-per-nessus-host = 16
-poll-interval = 30
-next-scan-limit = 8192
-test-mode = false
+jobs-per-nmap-host = 8
 keep-failures = true
 keep-successes = false
-shutdown-when-idle = false
-debug-logging = true
-nmap-hosts = portscan1
 nessus-hosts = vulnscan1
+next-scan-limit = 8192
+nmap-hosts = portscan1
+poll-interval = 30
+shutdown-when-idle = false
+test-mode = false
 
 [production]
 database-name = cyhy
-jobs-per-nmap-host = {{ cyhy_commander_jobs_per_nmap_host }}
 jobs-per-nessus-host = {{ cyhy_commander_jobs_per_nessus_host }}
+jobs-per-nmap-host = {{ cyhy_commander_jobs_per_nmap_host }}
+nessus-hosts = {{ cyhy_commander_nessus_hosts }}
 next-scan-limit = {{ cyhy_commander_next_scan_limit }}
 nmap-hosts = {{ cyhy_commander_nmap_hosts }}
-nessus-hosts = {{ cyhy_commander_nessus_hosts }}
 
 [purge]
 # use to collect remaining jobs without creating new ones
-jobs-per-nmap-host = 0
+database-name = cyhy
 jobs-per-nessus-host = 0
+jobs-per-nmap-host = 0
 shutdown-when-idle = true
-database-name = cyhy
 
 [purge-production]
 # use to collect remaining jobs without creating new ones
 database-name = cyhy
-jobs-per-nmap-host = 0
 jobs-per-nessus-host = 0
-shutdown-when-idle = false
-nmap-hosts = {{ cyhy_commander_nmap_hosts }}
+jobs-per-nmap-host = 0
 nessus-hosts = {{ cyhy_commander_nessus_hosts }}
+nmap-hosts = {{ cyhy_commander_nmap_hosts }}
+shutdown-when-idle = false
 
 [purge-trash]
 # purge jobs from scanners
 # but send to trash db
-jobs-per-nmap-host = 0
+database-name = trash
 jobs-per-nessus-host = 0
+jobs-per-nmap-host = 0
 shutdown-when-idle = true
-database-name = trash
 
 [testing]
-# test-mode = true
 database-name = cyhy
-jobs-per-nmap-host = 1
 jobs-per-nessus-host = 1
-nmap-hosts = portscan1
+jobs-per-nmap-host = 1
 nessus-hosts = vulnscan1
+nmap-hosts = portscan1
+# test-mode = true
 
 [testing-bonus]
-# test-mode = true
 database-name = cyhy
-jobs-per-nmap-host = 12
 jobs-per-nessus-host = 16
-nmap-hosts = portscan1, portscan2, portscan3, portscan4
+jobs-per-nmap-host = 12
 nessus-hosts = vulnscan1
+nmap-hosts = portscan1, portscan2, portscan3, portscan4
+# test-mode = true

terraform/scripts/deploy_new_database_ami.sh

@@ -42,6 +42,7 @@ terraform apply -var-file="$workspace.tfvars" \
   -target=aws_security_group_rule.adi_lambda_to_cyhy_mongo \
   -target=aws_security_group_rule.bastion_egress_to_mongo_via_mongo \
   -target=aws_security_group_rule.fdi_lambda_to_cyhy_mongo \
+  -target=aws_security_group_rule.lambda_egress_to_mongo_via_mongo \
   -target=aws_security_group_rule.private_mongodb_egress_to_mongo_host \
   -target=aws_security_group_rule.private_mongodb_ingress \
   -target=aws_volume_attachment.cyhy_mongo_data_attachment \

version.txt

@@ -1 +1 @@
-2025.07.31
+2025.09.09