National Vulnerable Database server for Ravenports
CREATE TABLE `cpe_versions` (
`cpe_id` int(11) NOT NULL AUTO_INCREMENT,
`cpe_string` tinytext NOT NULL,
`last_seen` datetime NOT NULL,
PRIMARY KEY (`cpe_id`),
UNIQUE KEY `cpe_string_UNIQUE` (`cpe_string`) USING HASH
) ENGINE=InnoDB AUTO_INCREMENT=1203 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci;
CREATE TABLE `cve` (
`cve_index` int(11) NOT NULL AUTO_INCREMENT,
`cve_id` tinytext NOT NULL,
`published` datetime NOT NULL,
`modified` datetime NOT NULL,
`description` mediumtext NOT NULL,
`csvv_version` tinyint(4) DEFAULT NULL,
`csvv_basescore` tinyint(4) DEFAULT NULL,
`csvv_exploit` tinyint(4) DEFAULT NULL,
`csvv_impact` tinyint(4) DEFAULT NULL,
`csvv_vector` tinytext DEFAULT NULL,
PRIMARY KEY (`cve_index`),
UNIQUE KEY `cve_name_UNIQUE` (`cve_id`) USING HASH
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci;
CREATE TABLE `vulnerability_map` (
`cpe_id` int(11) NOT NULL,
`cve_index` int(11) NOT NULL,
PRIMARY KEY (`cpe_id`,`cve_index`),
KEY `fk_cve` (`cve_index`),
CONSTRAINT `fk_cpe` FOREIGN KEY (`cpe_id`) REFERENCES `cpe_versions` (`cpe_id`) ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `fk_cve` FOREIGN KEY (`cve_index`) REFERENCES `cve` (`cve_index`) ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci;
/raven/etc/vuln.conf
The "nvd" section is optional. It stores the NVD API key.
schema: <name of MySQL database>
credentials:
user: <user>
password: <pass>
server:
host: <IP address or domain name>
port: <port>
nvd:
apikey: <nvd-provided key>
The first iteration of the rpcve server is written in python. To use it, python needs to be installed and the rc.conf file modified.
Add the following line to to rc.conf
ravencve_enable="YES"
The newer iteration of the rpc service requires a webserver to be installed as well as the php-fpm server.
Here's an example of how to configure it on nginx:
# ravenports vulnerability server (HTTP), port 8008
server {
listen 8008;
listen [::]:8008;
server_name ravenports.com www.ravenports.com ravenports.ironwolf.systems;
root /raven/share/ravensys-vuln/www;
index rpcve.php;
location / {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/rpcve.php;
fastcgi_param REQUEST_URI $request_uri;
}
}
Here's an example of the HTTPS version on nginx:
# ravenports vulnerability server (HTTPS), port 8009
server {
listen 8009 ssl;
listen [::]:8009 ssl;
ssl_certificate /home/marino/rpssl/ravenports_com/ravenports_com_chain.crt;
ssl_certificate_key /home/marino/rpssl/ravenports_com.key;
server_name ravenports.com www.ravenports.com ravenports.ironwolf.systems;
root /raven/share/ravensys-vuln/www;
index rpcve.php;
location / {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/rpcve.php;
fastcgi_param REQUEST_URI $request_uri;
}
}
Add one of the following versions of this line to periodic.conf
local_periodic="/usr/local/etc/periodic /raven/etc/periodic"
local_periodic="/raven/etc/periodic"
Then add this line:
daily_rp_audit_enable="YES"
Add last line to end of /var/cron/tabs/root or use "crontab -e" as root
#minute hour mday month wday command
5 21 * * * /raven/sbin/rpaudit.sh
<include> /raven/etc/newsyslog.conf.d/*
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/rpaudit.log 640 7 * @T20 ZN