## Introduction The project automates the daily-basis vulnerability scan currently provided by the [Friendly Probing Suite](https://gitlab.developers.cam.ac.uk/uis/infra/probing). It interacts with the Greenbone Vulnerability Management system to create and manage the different modules and processes responsible for the scanning. The implemented algorithm is inspired from the finite-state machine model; it assigns a state to each object involved in the scan and defines the actions that will be applied to it in order to advance the whole process. ## How it works (WIP) ## Requirements To test the GMP client developed in this project, a GVM daemon should be running. You can deploy the GVM components by following the instructions in https://gitlab.developers.cam.ac.uk/uis/infra/gvm-deployment. The client will then be able to access the GVM daemon on port `9390`. You may want to review [config.ini](./config.ini) to adjust the default configuration according to your environment. The hosts that will be scanned can either be specified in [data/hosts.csv](./data/hosts.csv) or retrieved from the Probing DB. The following secrets are needed to access the GVM daemon and the Probing DB and should be provided as environment variables. ```env export GMP_USERNAME=foo export GMP_PASSWORD=bar export PG_HOST=host export PG_USERNAME=qux export PG_PASSWORD=quux ``` ## Development To run the `docker-compose` file, please consider the prerequisites in the section above. ```bash docker-compose -f docker-compose.yml up -d ``` ## Kubernetes deployment To run the GMP client in a k8s cluster, follow these instructions: 1. Create a k8s secret, `probing-db`, for the Probing DB credentials. ```bash kubectl create secret generic probing-db --from-literal=host=pg_host --from-literal=username=foo --from-literal=password=bar -n gvm ``` 2. Create a k8s secret, `gmp-client`, for the GVMd credentials. ```bash kubectl create secret generic gmp-client --from-literal=username=foo --from-literal=password=bar -n gvm ``` 3. Create a k8s configmap, `gmp-client`, for the GMP client config. ```bash kubectl create cm gmp-client --from-file=config.ini=./config.ini -n gvm ``` 4. Make sure a persistent Volume Claim, `data-volume`, is available for GMP client to access GVMd certs and store its data. 4. Create the `gmp-client` k8s Deployment. ```bash kubectl apply -f k8s/gmp-client-deployment.yaml ```