Vulnerability management for Opentack
Project description
Varroa
Varroa is a security related openstack service. It is named after the varroa mite which could be considered a vulnerability to bees. It has several functions:
- Track IP ownership over time in openstack
- Store and manage discovered security risks from openstack resources.
It's main/initial purpose is to ingest security scan data, link these IP addresses to openstack resources and provide the ability for the owners of those resources to see these security risks.
Client
To install the client: pip install varroaclient
Source: https://github.com/NeCTAR-RC/python-varroaclient
Concepts
IP Usage
Varroa will keep track of what openstack resource owned an IP address for what period. It does this by consuming port create/update/delete events from neutron.
Security Risk Type
A security risk type is an admin defined type of security risk. An example could be "Password SSH allowed"
A security risk type has a name and a description. The description should describe what the security risk is and ideally the steps taken to fix this risk.
Security Risk
A security risk is the linkage of a security risk type to an openstack resource. eg. Compute instance with id XYZ has a "Password SSH allowed" security risk.
Only the IP address of the affected resource needs to be entered when creating a new security risk. Varroa will then process this entry and attempt to link that IP address to an Openstack resource.
Security Risk workflow/states
When you create a new security risk it will have the initial state of NEW. Varroa will attempt to link all NEW security risks with an openstack resource. If varroa finds a matching resource then it will add these details to the security risk Once varroa has attempted to link the IP to a resource it will change the status of the security risk to PROCESSED. If project_id/resource_id is null and status = PROCESSED it means varroa couldn't find a matching resource.
Installation
You can install varroa using helm onto a k8s cluster see https://github.com/NeCTAR-RC/varroa-helm
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file varroa-0.11.1.tar.gz.
File metadata
- Download URL: varroa-0.11.1.tar.gz
- Upload date:
- Size: 33.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4f39a78f9bc8ae73d906dff280c3fba767cef9703a1e8e3d64bd8193e16d0238 |
|
| MD5 | bde0fb6d8e39489a482a317003e47224 |
|
| BLAKE2b-256 | cf6283b95f33b21b22f4be0868ad4104a7135f0a0e74189c36f25bbd880d592b |
File details
Details for the file varroa-0.11.1-py3-none-any.whl.
File metadata
- Download URL: varroa-0.11.1-py3-none-any.whl
- Upload date:
- Size: 58.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 341a7154b3004dc54c42c0d60e0355219e1294f1ee1936f6c78880affb4d0c55 |
|
| MD5 | d2fc56deabeca816701d2e271ec78eab |
|
| BLAKE2b-256 | 174e53a951830707d9691f30a7bb229bcebbae19827597c7fa2fa69fb5bd802f |
