Skip to content

mandeepdhiman123/mosip-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits
.github/workflows
.github/workflows
 
 
.idea
.idea
 
 
git-scanner-config
git-scanner-config
 
 
mosip-security-playbook
mosip-security-playbook
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

mosip-security

This framework is designed for mosip e2e security. this framework will cover below security testings:

  1. Basic setup of all the required tools, packages for the framework
  2. Build latest functional test rig for Mosip.
  3. OS hardening of your complete cluster
  4. Aggressive port scanning of complete cluster
  5. Port scanning of domain
  6. Network Scanning of complete cluster
  7. Docker scanning of complete cluster
  8. e2e API scanning for vulnerabilities
  9. Setup scheduled cron jobs for daily functional stability run.
  10. Git workflow to scan all your repositories for secrets.

#Requirements:

  1. Ubuntu 18.04 or above, 16 GB RAM, 2 Cores, 120 GB hard-drive.
  2. Install git to clone the repo.
  3. Install ansible for running the script.
  4. Create a sudo less user on machine.
  5. Setup java on machine.

#Prerequisite:

  1. Clone the repo.
  2. Edit variables file under group_vars/all.yml
  3. Change below parameters according to requirements:

For API security testing
play_dir
target_name: 'Mosip'
target_uri: 'https://qa.mosip.net/'
context: 'qa.mosip.net'
author: 'Mandeep Dhiman'
scan_policy: 'Default Policy'
module: 'prereg' *****for module wise run
module: 'all' *****for complete e2e run
envuser: 'qa'
testlevel: 'smoke'
host: '127.0.0.1'
port: '8090'

For running/scheduling only functional test rig
schedule_time: '1'
modules: '[ "prereg", "kernel", "admin", "regproc", "idrepository", "resident", "partner" ]' for parallel processing
modules: '["all"]' for sequencial processing

For OS hardening
oscap_profile: 'xccdf_org.ssgproject.content_profile_pci-dss'
oscap_policy: 'ssg-centos7-ds'

For nmap
scan_type: '-p- -Pn -sS -A --script banner'

For Git Hub Repo

  1. You need to add your github repository URL in batch.txt file.
  2. Reschedule your workflow by changing time in repo-scanner.yml file.

#Run

  1. Run playbook using ansible-playbook -i hosts.ini run.yml
  2. Network scanning is available through OpenVAS. You can access the url @ https://:4000/.
  3. Command line scripts for cluster scanning is in progress. Available with version 2.0.

#WorkFlow:

title      




Note: Set ansible to run for localhost as well. If you want to run the test from putty or remote location. Please enable "X11Forward true" for server and for putty or any console.

Thanks for RoboZap python library

About

This is sceurity framework for mosip e2e security

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages