- This is the repo for the course CS 6620 Cloud Computing 18Sp.
Security scans are integral process of any Commercial account, specifically the Financial Services industry. Security teams can either scan end-point devices or target data repositories. Trilio is a native OpenStack Cloud data protection software technology, that creates a snapshot of the production environment, making it easy to restore an entire workload/environment with a single click. Trilio exposes these snapshots to 3rd party applications so that organizations can use the solution for Security, BC/DR, and other solutions.
This project is a tool to scan these backups for vulnerabilities in installed applications using a vulnerability database.
- We have built on an existing tool, vminspect to read the VM backup images and find installed applications and search the vulnerability database
- Our modified code uses instead a local copy of the NVD CVE datafeed as the vulnerability database and provides for each vulnerability its full entry in the database. This yields much more information on each vulnerability
- See vulnscan_use.md for more details
- Our tool schedules running these scans on all VM images in a workload using Celery and RabbitMQ
- Scanning results are augmented with metadata about the image that was scanned and saved to the workload directory.
- See saving_results.md for more details
Once the environement is set up, run the vulnerability scanner
on each worker VM: celery worker -l info -A my_celery.tasks --concurrency=3
on the master VM: python securityscan.py [workload_path] [redis_DB_IP]
Scan results are saved to corresponding snapshot directory in NFS. Results can also be browsed visually using the visualization front-end. ANd example is shown here:
-
claradepaolis - Clara De Paolis Kaluza <depaoliskaluza.m at husky.neu.edu>
-
dilip7 - Dilip Makwana <makwana.d at husky.neu.edu>
-
wuhao4u - Hao Wu <wu.hao2 at husky.neu.edu>
-
Chi Zhang - Chi Zhang <zhang.chi12 at husky.neu.edu>