Fuel for OpenStack

Security scanning with Nessus

Registered by Adam Heczko

I want to perform vulnerability scanning of Mirantis OpenStack by using Nessus in a automated way.
Proposed scan scenario:
- deploy MOS cluster with 1 Fuel master, 3 HA controllers and 2 nova-compute nodes
- attach Nessus VM to all the MOS virtual networks
- download SSH private keys from Fuel master, at least 1 controller and at least 1 nova-compute to allow Nessus to connect it over the SSH
- using Nessus REST API, define IP addresses to scan
- using Nessus REST API, perform scan with policy "Network Services/HTTP"
- using Nessus REST API, perform scan with policy ""Local Security Checks", which connects over SSH and checks for security using - using Nessus REST API, download report from scans or send it to a specified email address
- download a repo

Blueprint information

Status:
Complete
Approver:
Adam Heczko
Priority:
High
Drafter:
Adam Heczko
Direction:
Approved
Assignee:
None
Definition:
Approved
Series goal:
Accepted for 7.0.x
Implementation:
Implemented
Milestone target:
milestone icon 7.0
Started by
Adam Heczko
Completed by
Adam Heczko

Related branches

Sprints

Whiteboard

I want to have this feature delivered in Q2 or Q3 of 2015.
Probably in Q2 we will have basic test, in Q3 more advanced test scenarios.

Gerrit topic: https://review.openstack.org/#q,topic:bp/security-scanning-nessus,n,z

Addressed by: https://review.openstack.org/208499
    Add system tests for security scans

Addressed by: https://review.openstack.org/209585
    Provide possibility to add nessus node to env

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.