Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installer cve search database #67

Merged
merged 12 commits into from
Mar 12, 2021
Merged

Installer cve search database #67

Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
acc1780
Merge pull request #4 from e-m-b-a/master
Anemosx Mar 2, 2021
ade1d44
fact extractor
Anemosx Mar 2, 2021
796d624
install deps for docker
Anemosx Mar 2, 2021
c370826
cwe checker support in docker
Anemosx Mar 2, 2021
8c5f789
populate cve-search database within the installer
Anemosx Mar 8, 2021
af2fc94
fix FACT and cve-search installation
Anemosx Mar 8, 2021
0e74757
update database cve-search
Anemosx Mar 9, 2021
6f0220f
Update installer.sh
Anemosx Mar 9, 2021
d38646b
Update installer.sh
Anemosx Mar 9, 2021
8d1e7e4
Update emba.sh
Anemosx Mar 9, 2021
690d721
Update docker-compose.yml
Anemosx Mar 9, 2021
1c75957
fix for docker
Anemosx Mar 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 37 additions & 6 deletions installer.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ case ${ANSWER:0:1} in
docker pull fkiecad/fact_extractor:latest
fi
if ! [[ -f "./external/extract.py" ]]; then
download_file "FACT-extract" "https://raw.githubusercontent.com/fkie-cad/fact_extractor/master/extract.py" "external/extract.py"
Copy link
Member

@m-1-k-3 m-1-k-3 Mar 11, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering why the download_file should not work in this situation. I will try another fresh installation to check on this

wget https://raw.githubusercontent.com/fkie-cad/fact_extractor/master/extract.py -O ./external/extract.py
chmod +x ./external/extract.py
fi
;;
Expand Down Expand Up @@ -369,6 +369,8 @@ print_file_info "$BINUTIL_VERSION_NAME" "The GNU Binutils are a collection of bi
print_tool_info "texinfo" 1
print_tool_info "gcc" 1
print_tool_info "build-essential" 1
print_tool_info "gawk" 1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should start commenting from which other tool/module this is needed. Could you please add this here.
We are going to start with the other tools

print_tool_info "bison" 1

if [[ "$FORCE" -eq 0 ]] ; then
echo -e "\\n""$MAGENTA""$BOLD""Do you want to download ""$BINUTIL_VERSION_NAME"" (if not already on the system) and compile objdump?""$NC"
Expand Down Expand Up @@ -460,10 +462,10 @@ print_tool_info "net-tools" 1
print_tool_info "git" 1

if [[ "$FORCE" -eq 0 ]] ; then
echo -e "\\n""$MAGENTA""$BOLD""Do you want to download and install the net-tools, pip3, cve-search and cve_searchsploit (if not already on the system)?""$NC"
echo -e "\\n""$MAGENTA""$BOLD""Do you want to download and install the net-tools, pip3, mongodb, cve-search and cve_searchsploit (if not already on the system)?""$NC"
read -p "(y/N)" -r ANSWER
else
echo -e "\\n""$MAGENTA""$BOLD""net-tools, pip3, cve-search and cve_searchsploit (if not already on the system) will be downloaded and be installed!""$NC"
echo -e "\\n""$MAGENTA""$BOLD""net-tools, pip3, mongodb, cve-search and cve_searchsploit (if not already on the system) will be downloaded and be installed!""$NC"
ANSWER=("y")
fi
case ${ANSWER:0:1} in
Expand All @@ -479,9 +481,38 @@ case ${ANSWER:0:1} in
cd ./external/cve-search/ || exit 1
pip3 install -r requirements.txt
xargs sudo apt-get install -y < requirements.system
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt-get update -y
apt-get install mongodb-org -y
sudo systemctl daemon-reload
sudo systemctl start mongod
sudo systemctl enable mongod

if [[ "$FORCE" -eq 0 ]] ; then
echo -e "\\n""$MAGENTA""$BOLD""Do you want to download and update the cve-search database?""$NC"
read -p "(y/N)" -r ANSWER
else
echo -e "\\n""$MAGENTA""$BOLD""The cve-search database will be downloaded and updated (if not already on the system)!""$NC"
ANSWER=("y")
fi
case ${ANSWER:0:1} in
y|Y )
/etc/init.d/redis-server start
sudo ./sbin/db_mgmt_cpe_dictionary.py -p
sudo ./sbin/db_mgmt_json.py -p
sudo ./sbin/db_updater.py -c
;;
esac
cd ../.. || exit 1
fi

if [[ "$IN_DOCKER" -eq 1 ]] ; then
pip3 install cve_searchsploit
git clone https://github.com/cve-search/cve-search.git external/cve-search
cd ./external/cve-search/ || exit 1
pip3 install -r requirements.txt
xargs sudo apt-get install -y < requirements.system
if [[ "$FORCE" -eq 0 ]] ; then
echo -e "\\n""$MAGENTA""$BOLD""Do you want to update the cve-search database on docker emba?""$NC"
read -p "(y/N)" -r ANSWER
Expand All @@ -493,10 +524,10 @@ case ${ANSWER:0:1} in
y|Y )
sudo cve_searchsploit -u
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we really need this sudo here?
Should we run such an update also outside of the docker environment. Otherwise the first run will do it and it will take a while during the first emba run.

;;
esac
esac
fi
echo -e "\\n""$MAGENTA""$BOLD""For using CVE-search you have to install all the requirements and the needed database.""$NC"
echo -e "$MAGENTA""$BOLD""Installation instructions can be found on github.io: https://cve-search.github.io/cve-search/getting_started/installation.html#installation""$NC"
# echo -e "\\n""$MAGENTA""$BOLD""For using CVE-search you have to install all the requirements and the needed database.""$NC"
# echo -e "$MAGENTA""$BOLD""Installation instructions can be found on github.io: https://cve-search.github.io/cve-search/getting_started/installation.html#installation""$NC"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Please remove these lines completely.

;;
esac

Expand Down