HTTPS SSH

About

enforces security metrics: manages (generates and updates) vulnerability lists, orchestrates scans, checks for updates/upgrades of vulnerable libraries installed on the EU’s target services, and build reports.

Installation

SVA core repository SVA_core, should be in the same dir level as this repository

Switch to root user:

su root

Create a virtualenv with:

virtualenv /path/to/env
source /path/to/env/bin/activate

Install requirements:

pip install -r /path/to/specs_enforcement_sva/requirements.txt

zypper install openscap-utils
zypper install postgresql-devel
zypper install postgresql
zypper install postgresql-contrib

service postgresql start

sudo -u postgres createdb sva
sudo -u postgres createuser -P sva

you will be prompted for password, password should be sva

sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE sva TO sva;“

you will also need to configure pg_hba.conf located in /var/lib/pgsql/data/pg_hba.conf,
change line host all all 127.0.0.1/32 ident to host all all 127.0.0.1/32 md5

Usage

Switch to root user:

su root

Run enforcement with three arguments (scanning_frequency, list_update_frequency, up_report_frequency) in seconds:

python /path/to/specs_enforcement_sva/src/enforcement.py run_enforcement 3600 3600 3600

Or run each metric separately:

Vulnerability list

Will download vulnerability list

python /path/to/specs_enforcement_sva/src/enforcement.py vulnerability_list

Vulnerability Scan

Will perform basic scan using openSCAP, and send results to SVA Dashbaord

python /path/to/specs_enforcement_sva/src/enforcement.py vulnerability_scan

Upgrade report

Will perform upgrade report and send results to SVA Dashboard

python /path/to/specs_enforcement_sva/src/enforcement.py upgrade_report

Reconfigure repository

Will use secondary repository for fetching oval files

python /path/to/specs_enforcement_sva/src/enforcement.py reconfigure_repository

Notice

This product includes software developed at "XLAB d.o.o, Slovenia", as part of the "SPECS - Secure Provisioning of Cloud Services based on SLA Management" research project (an EC FP7-ICT Grant, agreement 610795). http://www.specs-project.eu/ http://www.xlab.si/

Developers:

Aljaž Košir, aljaz.kosir@xlab.si

Copyright:

Copyright 2013-2015, XLAB d.o.o, Slovenia
    http://www.xlab.si

E2EE client is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License, version 3,
as published by the Free Software Foundation.

E2EE client is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.