Skip to content

Commit

Permalink
setup cronjob
Browse files Browse the repository at this point in the history
  • Loading branch information
mandeepdhiman123 committed Sep 9, 2020
1 parent 07b75b4 commit 0b2589c
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 37 deletions.
67 changes: 49 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,64 @@
# mosip-security
This framework is designed for mosip e2e security. this framework will cover below security testings:

1. Basic setup of all the required tools, packages
2. Build latest functional testrig for Mosip
1. Basic setup of all the required tools, packages for the framework
2. Build latest functional test rig for Mosip.
3. OS hardening of your complete cluster
4. Aggressive port scanning of your cluster
5. Port scanning of your domain
6. Network Scanning of your cluster
7. Docker scanning of your cluster
4. Aggressive port scanning of complete cluster
5. Port scanning of domain
6. Network Scanning of complete cluster
7. Docker scanning of complete cluster
8. e2e API scanning for vulnerabilities
9. Setup scheduled cron jobs for daily functional stability run.
10. Git workflow to scan all your repositories for secrets.

#Requirements:
1. Ubuntu 18.04 or above, 16 GB RAM, 2 Cores, 120 GB hard-drive.
2. Install git on machine to clone the repo.
2. Install git to clone the repo.
3. Install ansible for running the script.
4. Create a sudo less user on machine.
5. Setup java on machine if Path is not set.
5. Setup java on machine.


#start
#Prerequisite:
1. Clone the repo.
2. Run playbook using ansible-playbook -i hosts.ini run.yml
3. Network scanning is available through OpenVAS. You can access the url @ https://<Your IP>:4000/.
4. Command line scripts for cluster scanning is in progress.

#Additional:
1. I has a Git workflow to scan all your repositories for secrets.
2. You need to add your github repository URL in batch.txt file.
3. Reschedule your workflow by changing time in repo-scanner.yml file.
2. Edit variables file under group_vars/all.yml
3. Change below parameters according to requirements: <br/>

<b>For API security testing</b><br/>
play_dir <br/>
target_name: 'Mosip' <br/>
target_uri: 'https://qa.mosip.net/' <br/>
context: 'qa.mosip.net' <br/>
author: 'Mandeep Dhiman' <br/>
scan_policy: 'Default Policy' <br/>
module: 'prereg' *****for module wise run <br/>
module: 'all' *****for complete e2e run <br/>
envuser: 'qa' <br/>
testlevel: 'smoke' <br/>
host: '127.0.0.1' <br/>
port: '8090' <br/>

<b>For running/scheduling only functional test rig</b> <br/>
schedule_time: '1' <br/>
modules: '[ "prereg", "kernel", "admin", "regproc", "idrepository", "resident", "partner" ]' for parallel processing <br/>
modules: '["all"]' for sequencial processing <br/>

<b>For OS hardening</b> <br/>
oscap_profile: 'xccdf_org.ssgproject.content_profile_pci-dss' <br/>
oscap_policy: 'ssg-centos7-ds' <br/>


<b>For nmap</b> <br/>
scan_type: '-p- -Pn -sS -A --script banner' <br/>

<b>For Git Hub Repo</b><br/>
1. You need to add your github repository URL in batch.txt file.
2. Reschedule your workflow by changing time in repo-scanner.yml file.

#Run
1. Run playbook using ansible-playbook -i hosts.ini run.yml
2. Network scanning is available through OpenVAS. You can access the url @ https://<Your IP>:4000/.
3. Command line scripts for cluster scanning is in progress. Available with version 2.0.


#WorkFlow:
Expand Down
19 changes: 10 additions & 9 deletions mosip-security-playbook/group_vars/all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,18 @@
#
tmp_dir: '/tmp/'
logs_dir: '/tmp/'
reporting_user: 'mosipdocs@gmail.com'

play_dir: '/home/mosipuser/mosip-security/mosip-security-playbook/'
play_dir: '~/mosip-security/mosip-security-playbook/'
roles_dir: '{{play_dir}}/roles'
utils_dir: '{{play_dir}}/utils'
lib_dir: '{{utils_dir}}/python-lib/'
python_lib_dir: '/usr/local/lib/python2.7/dist-packages/'
maven_dir: '~/.m2/'
root_dir: '/home/mosipuser/mosip/'
root_dir: '~/mosip/'
tools_dir: '{{root_dir}}/securitytools/'
report_dir: '{{root_dir}}/reports/'



#Robo framework variables
zap_dir: '{{tools_dir}}/zap/'
zap_report_dir: '{{report_dir}}/zap'
Expand All @@ -24,17 +23,19 @@ target_uri: 'https://qa.mosip.net/'
context: 'qa.mosip.net'
author: 'Mandeep Dhiman'
scan_policy: 'Default Policy'

#functional testrig variables
#testrig_version: '1.1'
testrig_dir: '{{tools_dir}}/mosip-functional-tests-{{ testrig_version }}/'
functional_test_report_dir: '{{report_dir}}/functional-test/'
module: 'prereg'
envuser: 'qa'
testlevel: 'smoke'
host: '127.0.0.1'
port: '8090'

#functional testrig variables
#testrig_version: '1.1'
testrig_dir: '{{tools_dir}}/mosip-functional-tests-{{ testrig_version }}/'
functional_test_report_dir: '{{report_dir}}/functional-test/'
schedule_time: '1'
modules: '[ "prereg", "kernel", "admin", "regproc", "idrepository", "resident", "partner" ]'
#modules: '["all"]'

#OpenScap Variables
oscap_report_dir: '{{report_dir}}/oscap/'
Expand Down
26 changes: 16 additions & 10 deletions mosip-security-playbook/roles/functional-test-setup/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,14 @@

- name: Sceduling upgraded Cronjob for test-rig
cron:
name: "functional-test"
minute: "00"
hour: "02"
job: "cd {{ testrig_dir }}/automationtests/target/ && java -jar -Dmodules=all -Denv.user=qa -Denv.endpoint=https://qa.mosip.net -Denv.testLevel=smokeAndRegression automationtests.jar"
when: check_for_rebuild == 'yes'
name: "{{ item }}"
minute: "{{ (((30|int + ansible_loop.index|int) % 2|int) * 30|int)|int }}"
hour: "{{((((ansible_loop.index|int)+((ansible_loop.index|int) % 2)) / 2|int)+(schedule_time|int - 1|int))| int }}"
job: "cd {{ testrig_dir }}/automationtests/target/ && java -jar -Dmodules={{ item }} -Denv.user=qa -Denv.endpoint=https://qa.mosip.net -Denv.testLevel=smokeAndRegression automationtests.jar"
loop: "{{ modules }}"
loop_control:
extended: yes
when: check_for_rebuild == 'yes

- name: Download new version of Functional Test
unarchive:
Expand All @@ -71,10 +74,13 @@
shell: "mv {{ testrig_dir }}/automationtests/target/*dependencies.jar {{ testrig_dir }}/automationtests/target/automationtests.jar"
when: testrig_folder.stat.exists == false

- name: Sceduling Cronjob for test-rig
- name: I m new Sceduling upgraded Cronjob for test-rig
cron:
name: "functional-test"
minute: "00"
hour: "02"
job: "cd {{ testrig_dir }}/automationtests/target/ && java -jar -Dmodules=all -Denv.user=qa -Denv.endpoint=https://qa.mosip.net -Denv.testLevel=smokeAndRegression automationtests.jar"
name: "{{ item }}"
minute: "{{ (((30|int + ansible_loop.index|int) % 2|int) * 30|int)|int }}"
hour: "{{((((ansible_loop.index|int)+((ansible_loop.index|int) % 2)) / 2|int)+(schedule_time|int - 1|int))| int }}"
job: "cd {{ testrig_dir }}/automationtests/target/ && java -jar -Dmodules={{ item }} -Denv.user=qa -Denv.endpoint=https://qa.mosip.net -Denv.testLevel=smokeAndRegression automationtests.jar"
loop: "{{ modules }}"
loop_control:
extended: yes
when: testrig_folder.stat.exists == false

0 comments on commit 0b2589c

Please sign in to comment.