This is a prototype for a vulnerability management tool, directly implementing the CVE-Search database for automating the creation of tickets.
##Installation:
###Requirements
You will need to install postgresql to your repository. It should be in your default repository. On Ubuntu, just type apt-get install postgresql
in a terminal window.< br />
You will also need to install psycopg2
using sudo pip3 install psycopg2
. A requirements file for pip3
will soon follow
###Setting up the database
Optional modifications:
If you want, you can change the data at the top of install/createPostgresDB.py
. Read carefully what you can and cannot edit, and proceed at your own risk.
Installation:
cd install
sudo su - postgres
createuser vulnmanager
psql -c "\password vulnmanager"
and set the password to vulnmanager (you can change this later on, or change the passwords in the install script)createdb -O vulnmanager vulnmanager
exit
- If you run the vulnerability manager on the same server as the postgresql server, change
local all postgres peer
tolocal all postgres md5"
in the/etc/postgresql/<version>/main/pg_hba.conf
file python3 createPostgresDB.py
- Optionally:
python3 testDataPostgres.py
- add test-data like default users, teams and systems to the database
NOTE This tool is still in development, and is not yet operational! NOTE Currently, we are only supporting PostgreSQL as a database. If you want support for other database types, we encourage you to help us build database layers for all sorts of databases.