Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HOLD] Migrate portscan and vulnscan Instances to Debian Buster #292

Merged
merged 9 commits into from
Dec 2, 2020
Merged

[HOLD] Migrate portscan and vulnscan Instances to Debian Buster #292

merged 9 commits into from
Dec 2, 2020

Conversation

mcdonnnj
Copy link
Member

@mcdonnnj mcdonnnj commented Nov 10, 2020
edited
Loading

🗣 Description

This PR updates the Packer configurations to build the portscan and vulnscan AMIs (nessus.json and nmap.json) on Debian Buster.

This PR should only be merged along with the following PRs:
cisagov/cyhy-runner#2
https://github.com/jsf9k/cyhy-commander/pull/17

💭 Motivation and Context

Migrating cisagov/cyhy-runner to Python 3 requires the instances it runs on to update to using Debian Buster.

🧪 Testing

I have used these updates to create AMIs that were deployed as part of testing the linked PRs.

✅ Checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Update scanner instances to build on Debian Buster
4375b6a 
Update the Packer configurations for nessus and nmap to build from Debian
Buster base AMIs.
@mcdonnnj
Add nessus and nmap hosts to the list for Python 2 removal
2d81a62
@mcdonnnj mcdonnnj self-assigned this Nov 10, 2020
@mcdonnnj mcdonnnj mentioned this pull request Nov 11, 2020
Merged
6 tasks
@mcdonnnj mcdonnnj marked this pull request as ready for review November 12, 2020 18:34
@mcdonnnj mcdonnnj requested review from dav3r, felddy, hillaryj, jsf9k and a team as code owners November 12, 2020 18:34
@mcdonnnj
Update OS_Version tags for nmap and nessus instances
f6c0718 
Missed updating these from Debian Stretch to Debian Buster to reflect the rest
of this PR's changes.
@mcdonnnj
Merge branch 'scanners_on_buster' of github.com:cisagov/cyhy_amis int…
d3d501e 
…o scanners_on_buster
dav3r
dav3r approved these changes Nov 12, 2020
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moar Buster! Sayonara Stretch! 🛥️

jsf9k
jsf9k approved these changes Nov 13, 2020
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a stretch in Chino.

Seriously, it feels good to move away from Debian Stretch.

@mcdonnnj
Update script that installs the Nessus base policy
c435d58 
With the vulnscanner instances moving to Python 3 only, the script that
installs the Nessus base policy needs to be updated for Python 3.
@mcdonnnj mcdonnnj requested review from jsf9k and dav3r November 16, 2020 15:22
dav3r
dav3r approved these changes Nov 16, 2020
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still 👍 from me!

jsf9k
jsf9k reviewed Nov 16, 2020
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a few suggestions to use f-strings instead of the less fashionable "".format() style.

ansible/roles/nessus/files/nessus_base.py Outdated Show resolved Hide resolved
ansible/roles/nessus/files/nessus_base.py Outdated Show resolved Hide resolved
ansible/roles/nessus/files/nessus_base.py Outdated Show resolved Hide resolved
ansible/roles/nessus/files/nessus_base.py Outdated Show resolved Hide resolved
mcdonnnj and others added 3 commits November 16, 2020 10:32
@mcdonnnj @jsf9k
Apply suggestions from code review
2990546 
Switch .format() calls for f-strings since this script will run on systems with Python 3.6+.

Co-authored-by: Shane Frasier <jeremy.frasier@trio.dhs.gov>
@mcdonnnj
Switch to f-strings in nessus_base.py
1ec8b88 
Change two other str.format() uses to f-strings to mirror the changes suggested
in the PR review by @jsf9k.
@mcdonnnj
Fix Nessus provisioner setting up the base policy
88419a3 
Call the correct Python binary and update nessus_base.py to mirror how it is
used.
@hillaryj hillaryj changed the title Migrate portscan and vulnscan Instances to Debian Buster [HOLD] Migrate portscan and vulnscan Instances to Debian Buster Nov 23, 2020
@mcdonnnj mcdonnnj mentioned this pull request Nov 27, 2020
Closed
11 tasks
@mcdonnnj mcdonnnj merged commit afce82b into develop Dec 2, 2020
@mcdonnnj mcdonnnj deleted the scanners_on_buster branch December 2, 2020 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@hillaryj hillaryj Awaiting requested review from hillaryj

Assignees

@mcdonnnj mcdonnnj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mcdonnnj @jsf9k @dav3r