Versions Compared

Old Version 10

changes.mady.by.user Guixiang Miao

Saved on

compared with

New Version 11

changes.mady.by.user Colin Peters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel3

Introduction

This document describes the blueprint test environment for the Smart Data Transaction for CPS blueprint. The test results and logs are posted in the Akraino Nexus at the link below:

https://nexus

Table of Contents
maxLevel3

Introduction

This document describes the blueprint test environment for the Smart Data Transaction for CPS blueprint. The test results and logs are posted in the Akraino Nexus at the link below:

https://nexus.akraino.org/content/sites/logs/fujitsu/job/

...

  1. Create ~/validation/bluval/bluval-sdtfc.yaml to customize the Test

    blueprint:
    name: sdtfc
    layers:
        - os
        - k8s

    os: &os
        -
            name: lynis
            what: lynis
            optional: "False"
    k8s: &k8s
        -
            name: kube-hunter
            what: kube-hunter
            optional: "False"


  2. Update ~/validation/bluval/volumes.yaml file

    volumes:
    # location of the ssh key to access the cluster
    ssh_key_dir:
        local: '/home/ubuntu/.ssh'
        target: '/root/.ssh'
    # location of the k8s access files (config file, certificates, keys)
    kube_config_dir:
        local: '/home/ubuntu/kube'
        target: '/root/.kube/'
    # location of the customized variables.yaml
    custom_variables_file:
        local: '/home/ubuntu/validation/tests/variables.yaml'
        target: '/opt/akraino/validation/tests/variables.yaml'
    # location of the bluval-<blueprint>.yaml file
    blueprint_dir:
        local: '/home/ubuntu/validation/bluval'
        target: '/opt/akraino/validation/bluval'
    # location on where to store the results on the local jumpserver
    results_dir:
        local: '/home/ubuntu/results'
        target: '/opt/akraino/results'
    # location on where to store openrc file
    openrc:
        local: ''
        target: '/root/openrc'

# parameters that will be passed to the container at each layer
layers:
    # volumes mounted at all layers; volumes specific for a different layer are below
    common:
        - custom_variables_file
        - blueprint_dir
        - results_dir
    hardware:
        - ssh_key_dir
    os:
        - ssh_key_dir
    networking:
        - ssh_key_dir
    docker:
        - ssh_key_dir
    k8s:
        - ssh_key_dir
        - kube_config_dir
    k8s_networking:
        - ssh_key_dir
        - kube_config_dir
    openstack:
        - openrc
    sds:
    sdn:
    vim:

    Update ~/validation/tests/variables.yaml file

    ### Input variables cluster's master host
host: <IP Address>:


  3. Update ~/validation/tests/variables.yaml file

    ### Input variables cluster's master host
host: <IP Address>             # cluster's master host address
username: <username>            # login name to connect to cluster
password: <password>         # login password to connect #to cluster's master host address
username: <username>
ssh_keyfile: /root/.ssh/id_rsa        # Identity file for authentication


  4. Run Blucon

    $  # login name to connect to cluster
password: <password>         # login password to connect to cluster
ssh_keyfile: /root/.ssh/id_rsa        # Identity file for authentication

    Run Blucon

    $ bash validation/bluval/blucon.sh sdtfc

Expected output

BluVal tests should report success for all test cases.

Test Results

Vuls results (manual) Nexus URL: 

Lynis results (manual) Nexus URL: 

Kube-Hunter results Nexus URL: 

Vuls

Nexus URL: 

There are 8 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

Release 5: Akraino CVE Vulnerability Exception Request

...

  1. bash validation/bluval/blucon.sh sdtfc


Expected output

BluVal tests should report success for all test cases.

Test Results

Vuls results (manual) Nexus URL: 

Lynis results (manual) Nexus URL: 

Kube-Hunter results Nexus URL: 

Vuls

Nexus URL: 

There are 8 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

Release 7: Akraino CVE and KHV Vulnerability Exception Request

15861586
CVE-IDCVSSNVDFix/Notes
CVE-2016-15859.8https://nvd.nist.gov/vuln/detail/CVE-2016-1585

No fix available

Ubuntu CVE record

TODO: File exception request

CVE-2021-202239.8https://nvd.nist.gov/vuln/detail/CVE-2021-20223

Fix released in libsqlite 3.31.1-4ubuntu0.4

Ubuntu CVE record

TODO: Check libsqlite3-0 version, update if possible and re-run.

CVE-2022-03189.8https://nvd.nist.gov/vuln/detail/CVE-2022-0318

Fix not yet available

Ubuntu CVE record

TODO: Check for recent updates to vim, update if possible and re-run. If no updates available, file exception request.

CVE-2022-19279.8https://nvd.nist.gov/vuln/detail/CVE-2016-1585CVE-2021-202239.8https://nvd.nist.gov/vuln/detail/CVE-2021-202232022-1927

Fix not yet available

Ubuntu CVE record

TODO: Same as CVE-2022-0318

CVE-2022-0318374349.8https://nvd.nist.gov/vuln/detail/CVE-2022-0318CVE-2022-37434

No fix available (for zlib1g, zlib1g-dev)

Ubuntu CVE record

TODO: File exception request

CVE-2022-192710129.81https://nvd.nist.gov/vuln/detail/CVE-2022-1927CVE-2022-374349.8https://nvd.nist.gov/vuln/detail/CVE-2022-374341012

Fix released in linux-image 5.4.0-126.142

Ubuntu CVE record

TODO: Check kernel version (linux-image-5.4.0-109-generic?) and check for updates. Update if possible and re-run.

CVE-2022-101215869.1https://nvd.nist.gov/vuln/detail/CVE-2022-1012-1586

Fix released in libpcre 10.34-7ubuntu0.1

Ubuntu CVE record

TODO: Check for updates to libpcre. Update if possible and re-run.

CVE-2022-15879.1https://nvd.nist.gov/vuln/detail/CVE-2022-CVE-2022-158791587

Fix released in libpcre 10.34-7ubuntu0.1

https://nvd.nist.gov/vuln/detail/

Ubuntu CVE record

TODO: Same as CVE-2022-

1587

1586

Lynis

Nexus URL (run via Bluval, without fixes): 

...