vulncheck
6969d0c62e
VulnCheck - Open Source Vulnerability Management for Wazuh Features: - Vulnerability management with Wazuh integration - AI-powered CVE analysis (OpenAI, Anthropic, Google, DeepSeek, Ollama, Infomaniak) - SLA policy enforcement with automated email alerts - Automated patch verification via Wazuh Syscollector - Role-based access control (Admin, Editor, Readonly) - PDF/CSV reporting for compliance workflows - Full audit trail https://gitea.isuit.ch/vulncheck/vulncheck
111 lines
3.5 KiB
Bash
Executable File
111 lines
3.5 KiB
Bash
Executable File
#!/bin/bash
|
||
set -e
|
||
|
||
echo "╔══════════════════════════════════════════════════════╗"
|
||
echo "║ VulnManager Setup ║"
|
||
echo "║ Vulnerability Management Dashboard ║"
|
||
echo "╚══════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
|
||
# Prüfe Docker Installation
|
||
if ! command -v docker &> /dev/null; then
|
||
echo "❌ Docker ist nicht installiert. Bitte installieren: https://docs.docker.com/get-docker/"
|
||
exit 1
|
||
fi
|
||
|
||
if ! command -v docker-compose &> /dev/null; then
|
||
echo "❌ Docker Compose ist nicht installiert."
|
||
exit 1
|
||
fi
|
||
|
||
echo "✅ Docker und Docker Compose gefunden"
|
||
echo ""
|
||
|
||
# Erstelle .env falls nicht vorhanden
|
||
if [ ! -f .env ]; then
|
||
echo "📝 Erstelle .env aus Vorlage..."
|
||
cp .env.example .env
|
||
|
||
# Generiere sicheren JWT Secret
|
||
JWT_SECRET=$(openssl rand -hex 32)
|
||
sed -i.bak "s/your-super-secret-256-bit-key-change-me-in-production/${JWT_SECRET}/" .env
|
||
rm .env.bak
|
||
|
||
echo "✅ .env erstellt mit generiertem JWT_SECRET_KEY"
|
||
echo ""
|
||
echo "⚠️ WICHTIG: Bitte bearbeite .env und setze folgende Werte:"
|
||
echo " - WAZUH_API_URL"
|
||
echo " - WAZUH_API_USERNAME"
|
||
echo " - WAZUH_API_PASSWORD"
|
||
echo " - INFOMANIAK_AI_API_KEY"
|
||
echo ""
|
||
read -p "Drücke Enter um fortzufahren..."
|
||
else
|
||
echo "✅ .env bereits vorhanden"
|
||
fi
|
||
|
||
# Starte Docker Compose
|
||
echo ""
|
||
echo "🐳 Starte Docker Container..."
|
||
docker-compose up -d
|
||
|
||
# Warte auf PostgreSQL
|
||
echo ""
|
||
echo "⏳ Warte auf PostgreSQL..."
|
||
sleep 10
|
||
|
||
# Führe Alembic Migrationen aus
|
||
echo ""
|
||
echo "📦 Führe Datenbank-Migrationen aus..."
|
||
docker-compose exec -T backend alembic upgrade head
|
||
|
||
# Erstelle Admin-User
|
||
echo ""
|
||
echo "👤 Erstelle Admin-User..."
|
||
docker-compose exec -T backend python << 'EOF'
|
||
from app.database import SessionLocal
|
||
from app.models.user import User, UserRole
|
||
from app.auth.jwt_handler import hash_password
|
||
|
||
db = SessionLocal()
|
||
|
||
# Prüfe ob Admin bereits existiert
|
||
existing_admin = db.query(User).filter(User.username == "admin").first()
|
||
|
||
if not existing_admin:
|
||
admin = User(
|
||
username="admin",
|
||
email="admin@vulnmanager.local",
|
||
password_hash=hash_password("changeme"),
|
||
role=UserRole.ADMIN,
|
||
is_active=True,
|
||
is_verified=True
|
||
)
|
||
db.add(admin)
|
||
db.commit()
|
||
print("✅ Admin-User erstellt:")
|
||
print(" Username: admin")
|
||
print(" Password: changeme")
|
||
print(" ⚠️ BITTE PASSWORT ÄNDERN!")
|
||
else:
|
||
print("ℹ️ Admin-User existiert bereits")
|
||
EOF
|
||
|
||
echo ""
|
||
echo "╔══════════════════════════════════════════════════════╗"
|
||
echo "║ Setup abgeschlossen! 🎉 ║"
|
||
echo "╚══════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "📡 API läuft auf: http://localhost:8000"
|
||
echo "📚 API Docs: http://localhost:8000/docs"
|
||
echo "🔐 Login: admin / changeme"
|
||
echo ""
|
||
echo "Nächste Schritte:"
|
||
echo "1. Login mit admin-Credentials"
|
||
echo "2. Passwort ändern: POST /auth/change-password"
|
||
echo "3. Wazuh-Sync starten: POST /api/v1/vulnerabilities/sync/wazuh"
|
||
echo ""
|
||
echo "Logs anzeigen: docker-compose logs -f backend"
|
||
echo "Stoppen: docker-compose down"
|
||
echo ""
|