diff --git a/vulnz/Dockerfile b/vulnz/Dockerfile new file mode 100644 index 00000000..ad482765 --- /dev/null +++ b/vulnz/Dockerfile @@ -0,0 +1,42 @@ +FROM httpd:alpine + +ARG BUILD_DATE +ARG BUILD_VERSION + +ARG http_proxy +ARG https_proxy +ARG no_proxy + +LABEL authors="derhecht,stevespringett,jeremylong" +LABEL maintainer="jeremy.long@gmail.com" +LABEL name="jeremylong/vulnz" +LABEL version=$BUILD_VERSION +LABEL org.label-schema.schema-version="1.0" +LABEL org.label-schema.build-date=$BUILD_DATE +LABEL org.label-schema.name="jeremylong/vulnz" +LABEL org.label-schema.description="Persist the data using the open-vulnerability-store." +LABEL org.label-schema.url="https://github.com/jeremylong/Open-Vulnerability-Project" +LABEL org.label-schema.vcs-url="https://github.com/jeremylong/Open-Vulnerability-Project" +LABEL org.label-schema.vendor="jeremylong" +LABEL org.label-schema.version=$BUILD_VERSION +LABEL org.label-schema.docker.cmd="docker run -it --rm --name mirror -e NVD_API_KEY=YOUR_API_KEY_HERE -p 80:80 jeremylong/vulnz" + +ENV user=mirror +ENV BUILD_VERSION=$BUILD_VERSION + +RUN apk update && \ + apk add --no-cache openjdk11 dcron nss supervisor && \ + addgroup -S "$user" && \ + adduser -S "$user" -G "$user" && \ + chown -R "$user":"$user" /usr/local/apache2/htdocs && \ + rm -v /usr/local/apache2/htdocs/index.html + +COPY ["/src/docker/conf/supervisord.conf", "/etc/supervisor/conf.d/supervisord.conf"] +COPY ["/src/docker/scripts/mirror.sh", "/mirror.sh"] +COPY ["/src/docker/crontab/mirror", "/etc/crontabs/mirror"] +COPY ["/src/docker/conf/mirror.conf", "/usr/local/apache2/conf"] +COPY ["/build/libs/vulnz-$BUILD_VERSION.jar", "/usr/local/bin/vulnz"] + +EXPOSE 80/tcp + +CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/conf.d/supervisord.conf", "-l", "/var/log/supervisord.log", "-j", "/var/run/supervisord.pid"] diff --git a/vulnz/README.md b/vulnz/README.md index c6aec104..de1db343 100644 --- a/vulnz/README.md +++ b/vulnz/README.md @@ -36,11 +36,12 @@ is created that will hold the CVEs that have been modified in the last 7 days. A the below command you will end up with a directory with: - `cache.properties` -- `nvdcve-modified.json` -- `nvdcve-2002.json` -- `nvdcve-2003.json` +- `nvdcve-modified.json.gz` +- `nvdcve-2002.json.gz` +- `nvdcve-2003.json.gz` - ... -- `nvdcve-2023.json` +- `nvdcve-2023.json.gz` +- `nvdcve-modified.json.gz` ### API Key is used and a 404 error occurs @@ -81,17 +82,13 @@ To create a local cache of the NVD CVE Data you can execute the following comman via a daily schedule to keep the cached data current: ```bash -vulnz cve --cache --directory ./cache -cd cache -for file in *.json; do gzip -k "${file}"; done +vulnz cve --cache --directory ./cache ``` Alternatively, without using the above install command: ```bash ./vulnz-5.1.0.jar cve --cache --directory ./cache -cd cache -for file in *.json; do gzip -k "${file}"; done ``` When creating the cache all other arguments to the vulnz cli diff --git a/vulnz/src/docker/conf/mirror.conf b/vulnz/src/docker/conf/mirror.conf new file mode 100644 index 00000000..0fe94c57 --- /dev/null +++ b/vulnz/src/docker/conf/mirror.conf @@ -0,0 +1,8 @@ +# +# Configuration for the httpd mirror +# +ServerName localhost + + Options +Indexes +MultiViews + IndexOptions FancyIndexing -SuppressLastModified + \ No newline at end of file diff --git a/vulnz/src/docker/conf/supervisord.conf b/vulnz/src/docker/conf/supervisord.conf new file mode 100644 index 00000000..ca6fb1b7 --- /dev/null +++ b/vulnz/src/docker/conf/supervisord.conf @@ -0,0 +1,23 @@ +[supervisord] +nodaemon=true +user=root + +[program:crond] +command=crond -s /var/spool/cron/crontabs -f +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true + +[program:httpd] +command=/usr/local/bin/httpd-foreground +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true + +[program:initialize_htdocs] +command=/mirror.sh +autorestart=false +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true +user=mirror \ No newline at end of file diff --git a/vulnz/src/docker/crontab/mirror b/vulnz/src/docker/crontab/mirror new file mode 100755 index 00000000..cfad381f --- /dev/null +++ b/vulnz/src/docker/crontab/mirror @@ -0,0 +1 @@ +0 0 * * * /mirror.sh \ No newline at end of file diff --git a/vulnz/src/docker/scripts/mirror.sh b/vulnz/src/docker/scripts/mirror.sh new file mode 100755 index 00000000..f1202683 --- /dev/null +++ b/vulnz/src/docker/scripts/mirror.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +echo "Updating..." + +java -jar /usr/local/bin/vulnz cve --cache --directory /usr/local/apache2/htdocs