CASVAL REM (CASVAL Remote Execution Module)

Deploy

Production (on Google App Engine)

cd example/gke
terraform init
terraform apply
pipenv run config

# Move config.env to casval/rem
pipenv run freeze
pipenv run deploy

Local Development

docker run -e MYSQL_DATABASE=casval -e MYSQL_ROOT_PASSWORD=Passw0rd! -d -p 3306:3306 mysql:5.7 --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
docker run -e PUBLIC_HOSTNAME=localhost -d -p 443:443 -p 9390:9390 mikesplain/openvas:9
pipenv shell
pipenv install -d
pipenv run server

Configurations

Variable Name	Default Value	Description	Note
ADMIN_PASSWORD	admin-password	Password for entering CASVAL ORIGIN	Need to set in app.yaml for GCP environment
CONFIG_ENV_FILE_PATH	config.env	Relative file path of configuration file from the application root directory of CASVAL REM	GCP environment only Need to set in app.yaml
DB_ENDPOINT	127.0.0.1	MySQL server endpoint	Local environment only
DB_PORT	3306	MySQL server port	Local environment only
DB_INSTANCE_NAME	-	Google Cloud SQL instance name	GCP environment only Load from terraform state
DB_NAME	casval	MySQL database name	Load from terraform state in GCP environment
DB_USER	root	MySQL user account name	Load from terraform state in GCP environment
DB_PASSWORD	Passw0rd!	MySQL database password	Load from terraform state in GCP environment
GCP_PROJECT_NAME	-	GCP project name that deploys CASVAL REM	GCP environment only Load from terraform state
GCP_REPORT_STORAGE_NAME	-	GCS bucket name that stores raw scan report file	GCP environment only Load from terraform state
KUBERNETES_MASTER_SERVER	-	Kubernetes master endpoint of the REM's cluster	GCP environment only Load from terraform state
KUBERNETES_NAMESPACE	default	Kuberenates namespace name	GCP environment only Need to set in app.yaml
OPENVAS_OMP_ENDPOINT	127.0.0.1	OpenVAS OMP server endpoint	Local environment only
OPENVAS_OMP_PORT	9390	OpenVAS OMP server port	Need to set in app.yaml for GCP environment
OPENVAS_OMP_USERNAME	admin	OpenVAS server login user name	Need to set in app.yaml for GCP environment
OPENVAS_OMP_PASSWORD	admin	OpenVAS server login password	Need to set in app.yaml for GCP environment
OPENVAS_SCAN_ENDPOINT	127.0.0.1	OpenVAS scan source endpoint	Load from terraform state in GCP environment
OPENVAS_ALIVE_TEST	Consider Alive	OpenVAS option specifies the method to check if a target is reachable	Need to set in app.yaml for GCP environment
OPENVAS_PROFILE	Full and very deep	OpenVAS scan configuration profile	Need to set in app.yaml for GCP environment
PASSWORD_SALT	password-salt	Salt string for password hash	Need to set in app.yaml for GCP environment
CORS_PERMITTED_ORIGINS	*	Origins that allow to send cross origin requests, that value is set to Access-Control-Allow-Origin response header	Need to set in app.yaml for GCP environment
PERMITTED_SOURCE_IP_RANGES	-	Comma separated source IP address ranges that allows to call restricted APIs	Need to set in app.yaml for GCP environment
SCAN_MAX_PARALLEL_SESSION	1	Max parallel scan session count	Need to set in app.yaml for GCP environment
JWT_SECRET_KEY	super-secret	Secret key used for signing JWT credentials	Need to set in app.yaml for GCP environment

For Developers

Format Code

pipenv run format

Update openvas_lib

CASVAL internally uses openvas_lib for communicating with remote OpenVAS server(s) through OMP protocol. This library is useful but it doesn't support Python 3.x, so we convert their code with 2to3 to make them Python 3.x compatible and include them into the root openvas_lib directory. If you'd like to update the library with upstream changes, try to do follows. Note that our confirmed revision is the commit bd650702 only.

export CASVAL_ROOT = {YOUR CASVAL REM ROOT DIR}
cd /tmp
git clone https://github.com/golismero/openvas_lib
cd openvas_lib
2to3 -w .
cp openvas_lib/* $CASVAL_ROOT/openvas_lib