Docker Installation
The Docker installation is the method to choose if you want to quickly deploy OpenCVE without managing the dependencies (like PostgreSQL, Redis or Celery).
Please keep in mind that project is designed to be installed with our fork of opencve-docker.
Requirements
The current documentation has been tested on Debian 10 and Ubuntu LTS 20.04 with the following requirements :
- Docker-compose 1.21.0+
- Docker 20.10.1+
- 8 GB RAM
If you want to know more about docker, you can read here.
Clone the app and docker environnement
Get the OpenCVE docker repository:
$ git clone https://github.com/Gael-Lejeune/opencve-docker
mv
command) and run the following command to copy our fork of opencve:
$ git clone https://github.com/Gael-Lejeune/opencve opencve
Info
If you want to use the cpe branch of the fork, you can run the following command instead:
$ git clone https://github.com/Gael-Lejeune/opencve --branch cpe-version opencve
Installation steps
Configuration
Create a copy of the opencve.cfg.example file which is in the conf folder
cp ./conf/opencve.cfg.example ./conf/opencve.cfg
Edit the opencve.cfg file (remove the <> when you replace)
server_name = <your_listening_ip>:8000
secret_key = "<your_secret_key>"
Secret_key should be between quotes and be a randomly generated key containing at least 32 characters (see flask recommandations).
Update the SMTP Configuration
For the moment, the outlook smtp server is unused, please keep in mind that the email functions are not working for the moment, you are not forced to configure it.
[mail]
; Choices are 'smtp' or 'sendmail'
email_adapter = smtp
; The 'From' field of the sent emails
email_from = examplemail@outlook.com
; Configuration to set up SMTP mails.
smtp_server = smtp.office365.com
smtp_port = 587
smtp_use_tls = True
smtp_username = examplemail@outlook.com
smtp_password = examplepassword
Check files & Line endings
Make sure that ./conf/opencve.cfg
and ./run.sh
are LF line terminated (and not CRLF, it could cause errors while building or running the container)
If you want to learn more about LF and CRLF you can click here. If you want to know how to change this using Visual Studio Code, or Notepad++.
Tip
If you want to change the default postgresql password (strongly advised), you can add it in the .env
file before the docker-compose build:
POSTGRES_PASSWORD=MyStrongPassword42
Then don't forget to change it in the opencve.cfg file.
Info
You will need a SMTP server to send the notification emails. Its configuration is out of scope of this procedure.
Initialize the stack
All the following commands need to be used in a terminal, in the root folder of the project (you should be able to see files like "Dockerfile")
You can now build the OpenCVE image.
$ docker-compose build
Then start everything except the beat:
$ docker-compose up -d postgres redis webserver celery_worker
Initialize the database
The database can be initialized with the following command:
$ docker exec -it webserver opencve upgrade-db
Import the data
The tables are created, you can now populate them using the import-data
command :
$ docker exec -it webserver opencve import-data
This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.
Note
Alternatively, you can use the following command to import less CVEs, making it a bit faster and more suitable for testing.
docker exec -it webserver opencve import-data-light
Warning
The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the import-data
command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.
If you launch opencve import-data
without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.
We wrote a documentation to handle this problem using a SWAP file.
Create an admin
You can now create the admin :
$ docker exec -it webserver opencve create-user john john.doe@example.com --admin
Password:
Repeat for confirmation:
[*] User john created.
Tip
This command is required for the first admin, then you will be able to manage the users with the admin pages.
Start the beat
The last step is to start the scheduler :
$ docker-compose up -d postgres redis webserver celery_worker celery_beat
Check that everything is working fine
You can execute
docker ps
>> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
>> 97e3ef4af44f opencve:1.2.3 "./run.sh celery-beat" 20 seconds ago Up 58 minutes celery_beat
>> faf7f59fff38 opencve:1.2.3 "./run.sh celery-wor…" 16 hours ago Up 58 minutes celery_worker
>> df0faac8526d opencve:1.2.3 "./run.sh webserver …" 16 hours ago Up 58 minutes 0.0.0.0:8000->8000/tcp webserver
>> 63b7e90d2cd7 redis:buster "docker-entrypoint.s…" 46 hours ago Up 58 minutes 127.0.0.1:6379->6379/tcp redis
>> 38af0f416957 postgres:11 "docker-entrypoint.s…" 46 hours ago Up 58 minutes 127.0.0.1:5432->5432/tcp postgres
You can now use OpenCVE with your own dockerized instance of it.