OpenCVE 实战

OpenCVE 实战

01 介绍

image

OpenCVE 是一个旨在帮助您管理和监控 CVE 数据库的平台。它同步 CVE (常见漏洞和披露) 列表,并允许您根据各种标准搜索、过滤和组织它们。

用户可以订阅特定的供应商或产品,并在添加新的 CVE 或更新现有 CVE 时收到通知 。这些通知可以通过电子邮件或 Webhook 发送(其他通知方法,例如 Slack,计划在未来版本中提供)。

OpenCVE 交叉引用来自多个可靠来源(如 MITRE、Vulnrichment、NVD 和 RedHat)的信息。这可确保漏洞数据保持准确和最新,即使其中一个来源暂时不可用。

02 特点

  1. 探索 CVE 数据库并按 Vendor(供应商)、Product(产品)、CVSS 分数或 CWE 筛选结果
  2. 订阅从 CPE 中提取的供应商和产品
  3. 在您的组织和项目中组织您的订阅
  4. 邀请其他成员加入您的组织
  5. 根据订阅接收新 CVE 和 CVE 更新的通知
  6. 分析所有 CVE 详细信息(供应商、产品、CVSS 分数、CPE、CWE、参考资料……
  7. 创建自定义标签 (unread, important, devteam…) 来组织 CVE 列表
  8. 在主页上显示每个 CVE 的历史记录并查看其最近的更改
  9. 检索自定义报告中的最后更改
  10. 自定义通知设置(更改类型、按分数过滤……
  11. 结合使用 Webhook 通知或 Rest API 使用您自己的工具进行 OpenCVE

03 本地化安装部署

您可以使用 Docker 安装完整的 OpenCVE 堆栈。它将包含运行 OpenCVE 所需的所有服务(Django Web 服务器、Airflow 服务、Redis、PostgreSQL)。

3.1 要求

需要为您的服务器安装 Debian OS 或同等版本、 至少 Docker v25.0.x 和 docker-compose 插件。

该过程以 root 身份运行,并已通过 Debian 11 和 Debian 12 的测试。

主机的最低要求是 4 个内核和 4 GB RAM, 磁盘使用量约为 25GB 或 30GB。OVHcloud 的实例 d2-8 非常适合开始。

3.2 安装步骤

  1. 克隆 OpenCVE 存储库并进入 docker/ 目录

    1
    git clone https://github.com/opencve/opencve.git

  2. 运行install.sh​ 脚本

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    ./install
    🟢 The default configuration files are all set, you can update them now if you want before starting the entire docker stack:
     Docker compose  : ./.env
     Webserver       : ../web/opencve/conf/.env
     Airflow         : ../scheduler/airflow.cfg
     Django          : ../web/opencve/conf/settings.py

    See the documentation for details: https://docs.opencve.io/deployment/#configuration

     🚀 You can now run: ./install.sh start

    它将自动进行所有安装步骤。完成所有步骤后,安装将按如下方式结束:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    🟢 Everything is set up, you can now access to OpenCVE locally:

    - on port 80 for OpenCVE web instance
     You can login with your account and password set at the previous step 'Create OpenCVE admin user'.
     You can set a new one with the following command: ./install.sh create-superuser
     The installed version is: v2.0.0

    - on port 8080 for OpenCVE Airflow scheduler
     You can login with the username "xxx" and password "xxx".

     👋 Installation complete! Thank you for choosing OpenCVE!

  3. 也可以分成多次运行命令

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    ./install create-superuser

    EXAMPLES:
            add-config-files
              Add default configurations files.
            init-docker-stack
              Perform docker compose up for OpenCVE stack from its docker-compose.yaml and initialize connections.
            clone-repositories
              Clone KB repositories. It needs to be done one time, if you need to retry it, you need to delete the associated docker volume.
            create-superuser
              Create an OpenCVE super user with admin privileges.
            import-opencve-kb
              Import OpenCVE KB inside local database. It needs to be done only one time.
            start-opencve-dag
              Unpause OpenCVE Dag in Airflow to start to update local repositories and send alerts.
            docker-up
              Perform docker compose up with OpenCVE stack from its docker-compose.yaml.
            docker-build
              Build the docker images for OpenCVE stack from its docker-compose.yaml.
            init-secret-key
              Generate OpenCVE Django secret key.

04 扩展知识

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
docker login --username=需要哈气的纸飞机 registry.cn-hangzhou.aliyuncs.com

docker tag ad8ce82c64b4 registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-init:latest
docker push registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-init:latest
docker pull registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-init:latest
docker tag registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-init:latest opencve-airflow-init:latest

docker tag 440801573af1 registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-webserver:latest
docker push registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-webserver:latest
docker pull registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-webserver:latest
docker tag registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-webserver:latest opencve-airflow-webserver:latest


docker tag e021bf65ab90 registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-worker:latest
docker push registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-worker:latest
docker pull registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-worker:latest
docker tag registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-worker:latest opencve-airflow-worker:latest


docker tag da2a0ca0951a registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-scheduler:latest
docker push registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-scheduler:latest
docker pull registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-scheduler:latest
docker tag registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-airflow-scheduler:latest opencve-airflow-scheduler:latest


docker tag 1a7be430cf82 registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-webserver:latest
docker push registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-webserver:latest
docker pull registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-webserver:latest
docker tag registry.cn-hangzhou.aliyuncs.com/0vv0/opencve-webserver:latest opencve-webserver:latest

05 OpenCVE其他设置

配置邮件通知SMTP

1
2
3
4
5
# web页面修改密码smtp配置项
/data/opencve/web/opencve/conf/settings.py

# 漏洞通知smtp配置项
/data/opencve/scheduler/airflow.cfg

邮件模板路径:

1
/data/opencve/scheduler/dags/templates/email_notification.html

#日常笔记 #Linux #安全加固
OpenCVE 实战
https://hesc.info/post/opencve-practical-battle-zqdxe8.html
作者
需要哈气的纸飞机
发布于
2025年4月24日
许可协议