Skip to content

Casval REM (Casval Remote Execution Module)

Notifications You must be signed in to change notification settings

recruit-tech/casval-rem

Repository files navigation

CASVAL REM (CASVAL Remote Execution Module)

Deploy

Production (on Google App Engine)

cd example/gke
terraform init
terraform apply
pipenv run config

# Move config.env to casval/rem
pipenv run freeze
pipenv run deploy

Local Development

docker run -e MYSQL_DATABASE=casval -e MYSQL_ROOT_PASSWORD=Passw0rd! -d -p 3306:3306 mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
docker run -e PUBLIC_HOSTNAME=localhost -d -p 443:443 -p 9390:9390 mikesplain/openvas:9
pipenv shell
pipenv install -d
pipenv run server

Configurations

Variable Name Default Value Description Note
ADMIN_PASSWORD admin-password Password for entering CASVAL ORIGIN
  • Need to set in app.yaml for GCP environment
  • CONFIG_ENV_FILE_PATH config.env Relative file path of configuration file from the application root directory of CASVAL REM
  • GCP environment only
  • Need to set in app.yaml
  • DB_ENDPOINT 127.0.0.1 MySQL server endpoint
  • Local environment only
  • DB_PORT 3306 MySQL server port
  • Local environment only
  • DB_INSTANCE_NAME - Google Cloud SQL instance name
  • GCP environment only
  • Load from terraform state
  • DB_NAME casval MySQL database name
  • Load from terraform state in GCP environment
  • DB_USER root MySQL user account name
  • Load from terraform state in GCP environment
  • DB_PASSWORD Passw0rd! MySQL database password
  • Load from terraform state in GCP environment
  • GCP_PROJECT_NAME - GCP project name that deploys CASVAL REM
  • GCP environment only
  • Load from terraform state
  • GCP_REPORT_STORAGE_NAME - GCS bucket name that stores raw scan report file
  • GCP environment only
  • Load from terraform state
  • KUBERNETES_MASTER_SERVER - Kubernetes master endpoint of the REM's cluster
  • GCP environment only
  • Load from terraform state
  • KUBERNETES_NAMESPACE default Kuberenates namespace name
  • GCP environment only
  • Need to set in app.yaml
  • OPENVAS_OMP_ENDPOINT 127.0.0.1 OpenVAS OMP server endpoint
  • Local environment only
  • OPENVAS_OMP_PORT 9390 OpenVAS OMP server port
  • Need to set in app.yaml for GCP environment
  • OPENVAS_OMP_USERNAME admin OpenVAS server login user name
  • Need to set in app.yaml for GCP environment
  • OPENVAS_OMP_PASSWORD admin OpenVAS server login password
  • Need to set in app.yaml for GCP environment
  • OPENVAS_SCAN_ENDPOINT 127.0.0.1 OpenVAS scan source endpoint
  • Load from terraform state in GCP environment
  • OPENVAS_ALIVE_TEST Consider Alive OpenVAS option specifies the method to check if a target is reachable
  • Need to set in app.yaml for GCP environment
  • OPENVAS_PROFILE Full and very deep OpenVAS scan configuration profile
  • Need to set in app.yaml for GCP environment
  • PASSWORD_SALT password-salt Salt string for password hash
  • Need to set in app.yaml for GCP environment
  • CORS_PERMITTED_ORIGINS * Origins that allow to send cross origin requests, that value is set to Access-Control-Allow-Origin response header
  • Need to set in app.yaml for GCP environment
  • PERMITTED_SOURCE_IP_RANGES - Comma separated source IP address ranges that allows to call restricted APIs
  • Need to set in app.yaml for GCP environment
  • SCAN_MAX_PARALLEL_SESSION 1 Max parallel scan session count
  • Need to set in app.yaml for GCP environment
  • JWT_SECRET_KEY super-secret Secret key used for signing JWT credentials
  • Need to set in app.yaml for GCP environment
  • For Developers

    Format Code

    pipenv run format
    

    Update openvas_lib

    CASVAL internally uses openvas_lib for communicating with remote OpenVAS server(s) through OMP protocol. This library is useful but it doesn't support Python 3.x, so we convert their code with 2to3 to make them Python 3.x compatible and include them into the root openvas_lib directory. If you'd like to update the library with upstream changes, try to do follows. Note that our confirmed revision is the commit bd650702 only.

    export CASVAL_ROOT = {YOUR CASVAL REM ROOT DIR}
    cd /tmp
    git clone https://github.com/golismero/openvas_lib
    cd openvas_lib
    2to3 -w .
    cp openvas_lib/* $CASVAL_ROOT/openvas_lib
    

    About

    Casval REM (Casval Remote Execution Module)

    Resources

    Stars

    Watchers

    Forks

    Releases

    No releases published

    Packages

    No packages published