FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • gmp-11
  • fsm-example
  • anna-code
  • add-functions
  • gmp-20
6 results
Blame Permalink
Forked from Wajdi Hajji / GVM GMP Client
113 commits ahead of the upstream repository.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
README.md 2.35 KiB

Introduction

The project automates the daily-basis vulnerability scan currently provided by the Friendly Probing Suite. It interacts with the Greenbone Vulnerability Management system to create and manage the different modules and processes responsible for the scanning.

The implemented algorithm is inspired from the finite-state machine model; it assigns a state to each object involved in the scan and defines the actions that will be applied to it in order to advance the whole process.

How it works (WIP)

Requirements

To test the GMP client developed in this project, a GVM daemon should be running. You can deploy the GVM components by following the instructions in https://gitlab.developers.cam.ac.uk/uis/infra/gvm-deployment. The client will then be able to access the GVM daemon on port 9390.

You may want to review config.ini to adjust the default configuration according to your environment.

The hosts that will be scanned can either be specified in data/hosts.csv or retrieved from the Probing DB.

The following secrets are needed to access the GVM daemon and the Probing DB and should be provided as environment variables.

export GMP_USERNAME=foo
export GMP_PASSWORD=bar
export PG_HOST=host
export PG_USERNAME=qux
export PG_PASSWORD=quux

Development

To run the docker-compose file, please consider the prerequisites in the section above.

docker-compose -f docker-compose.yml up -d

Kubernetes deployment

To run the GMP client in a k8s cluster, follow these instructions:

  1. Create a k8s secret, probing-db, for the Probing DB credentials.
kubectl create secret generic probing-db --from-literal=host=pg_host --from-literal=username=foo --from-literal=password=bar -n gvm
  1. Create a k8s secret, gmp-client, for the GVMd credentials.
kubectl create secret generic gmp-client --from-literal=username=foo --from-literal=password=bar -n gvm
  1. Create a k8s configmap, gmp-client, for the GMP client config.
kubectl create cm gmp-client --from-file=config.ini=./config.ini -n gvm

  1. Make sure a persistent Volume Claim, data-volume, is available for GMP client to access GVMd certs and store its data.

  2. Create the gmp-client k8s Deployment.

kubectl apply -f k8s/gmp-client-deployment.yaml