Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/recruit-tech/casval-rem

Casval REM (Casval Remote Execution Module)
https://github.com/recruit-tech/casval-rem

Last synced: about 11 hours ago
JSON representation

Casval REM (Casval Remote Execution Module)

Host: GitHub
URL: https://github.com/recruit-tech/casval-rem
Owner: recruit-tech
Created: 2018-07-16T08:24:37.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-12-08T05:46:52.000Z (almost 2 years ago)
Last Synced: 2023-07-31T14:42:55.070Z (over 1 year ago)
Language: Python
Size: 2.51 MB
Stars: 1
Watchers: 12
Forks: 1
Open Issues: 8
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # CASVAL REM (CASVAL Remote Execution Module)

## Deploy

### Production (on Google App Engine)

```

cd example/gke

terraform init

terraform apply

pipenv run config

# Move config.env to casval/rem

pipenv run freeze

pipenv run deploy

```

### Local Development

```

docker run -e MYSQL_DATABASE=casval -e MYSQL_ROOT_PASSWORD=Passw0rd! -d -p 3306:3306 mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci

docker run -e PUBLIC_HOSTNAME=localhost -d -p 443:443 -p 9390:9390 mikesplain/openvas:9

pipenv shell

pipenv install -d

pipenv run server

```

## Configurations

| Variable Name | Default Value | Description | Note |

| ------------- | ------------- | ----------- | ---- |

| ADMIN_PASSWORD | admin-password | Password for entering CASVAL ORIGIN | 
Need to set in `app.yaml` for GCP environment |

| CONFIG\_ENV\_FILE\_PATH | config.env | Relative file path of configuration file from the application root directory of CASVAL REM | GCP environment only
 Need to set in `app.yaml` |

| DB_ENDPOINT | 127.0.0.1 | MySQL server endpoint | Local environment only |

| DB_PORT | 3306 | MySQL server port | Local environment only |

| DB\_INSTANCE\_NAME | - | Google Cloud SQL instance name | GCP environment only
 Load from terraform state |

| DB_NAME | casval | MySQL database name | Load from terraform state in GCP environment |

| DB_USER | root | MySQL user account name | Load from terraform state in GCP environment |

| DB_PASSWORD | Passw0rd! | MySQL database password | Load from terraform state in GCP environment |

| GCP\_PROJECT\_NAME | - | GCP project name that deploys CASVAL REM | GCP environment only
 Load from terraform state |

| GCP\_REPORT\_STORAGE\_NAME | - | GCS bucket name that stores raw scan report file | GCP environment only
 Load from terraform state |

| KUBERNETES\_MASTER\_SERVER | - | Kubernetes master endpoint of the REM's cluster | GCP environment only
 Load from terraform state |

| KUBERNETES_NAMESPACE | default | Kuberenates namespace name | GCP environment only
 Need to set in `app.yaml` |

| OPENVAS\_OMP\_ENDPOINT | 127.0.0.1 | OpenVAS OMP server endpoint | Local environment only |

| OPENVAS\_OMP\_PORT | 9390 | OpenVAS OMP server port | Need to set in `app.yaml` for GCP environment |

| OPENVAS\_OMP\_USERNAME | admin | OpenVAS server login user name | Need to set in `app.yaml` for GCP environment |

| OPENVAS\_OMP\_PASSWORD | admin | OpenVAS server login password | Need to set in `app.yaml` for GCP environment |

| OPENVAS\_SCAN\_ENDPOINT | 127.0.0.1 | OpenVAS scan source endpoint | Load from terraform state in GCP environment |

| OPENVAS\_ALIVE\_TEST | Consider Alive | OpenVAS option specifies the method to check if a target is reachable | Need to set in `app.yaml` for GCP environment |

| OPENVAS_PROFILE | Full and very deep | OpenVAS scan configuration profile | Need to set in `app.yaml` for GCP environment |

| PASSWORD_SALT | password-salt | Salt string for password hash |  Need to set in `app.yaml` for GCP environment |

| CORS\_PERMITTED\_ORIGINS | * | Origins that allow to send cross origin requests, that value is set to `Access-Control-Allow-Origin` response header | Need to set in `app.yaml` for GCP environment |

| PERMITTED\_SOURCE\_IP\_RANGES | - | Comma separated source IP address ranges that allows to call restricted APIs | Need to set in `app.yaml` for GCP environment |

| SCAN\_MAX\_PARALLEL\_SESSION | 1 | Max parallel scan session count | Need to set in `app.yaml` for GCP environment |

| JWT\_SECRET\_KEY | super-secret | Secret key used for signing JWT credentials | Need to set in `app.yaml` for GCP environment
 |

## For Developers

### Format Code

```

pipenv run format

```

### Update openvas_lib

CASVAL internally uses [openvas_lib](https://github.com/golismero/openvas_lib) for communicating with remote OpenVAS server(s) through OMP protocol. This library is useful but it doesn't support Python 3.x, so we convert their code with [2to3](https://docs.python.org/3/library/2to3.html) to make them Python 3.x compatible and include them into the root `openvas_lib` directory. If you'd like to update the library with upstream changes, try to do follows. Note that our confirmed revision is the commit [bd650702](https://github.com/golismero/openvas_lib/commit/bd65070246e674e68a4689d929f491f76d32635b) only.

```

export CASVAL_ROOT = {YOUR CASVAL REM ROOT DIR}

cd /tmp

git clone https://github.com/golismero/openvas_lib

cd openvas_lib

2to3 -w .

cp openvas_lib/* $CASVAL_ROOT/openvas_lib

```