From 6e5c072feb4e5e98e926e5d6c28ec133ad12abec Mon Sep 17 00:00:00 2001 From: acammies <acammies@redhat.com> Date: Wed, 18 Apr 2018 00:15:34 +0200 Subject: [PATCH] added instructions of how to create arachni and zap slave pods but missing screenshots and needs looking over --- 4-an-enslaved-hope/README.md | 64 +++++++++++++++++++++++++++++++- 1 files changed, 62 insertions(+), 2 deletions(-) diff --git a/4-an-enslaved-hope/README.md b/4-an-enslaved-hope/README.md index 75fe5cf..f0c3ca0 100644 --- a/4-an-enslaved-hope/README.md +++ b/4-an-enslaved-hope/README.md @@ -147,12 +147,72 @@ 2. Set the trigger to scan every minute as done previously. Save the configuration and we should see the collection of Jobs as shown below. ![todolist-fe-multi](../images/exercise4/todolist-fe-multi.png) -3. Run the jobs and validate the app is working as expected in the `test` environment! +2. Run the jobs and validate the app is working as expected in the `test` environment! ### Part 2 - Security Scanning Slaves > _This exercise focuses on updating the `enablement-ci-cd` repo with some new jenkins-slave pods for use in future exercise_ -3. TODO! +#### Part 2a - OWASP ZAP +> _OWASP ZAP (Zed Attack Proxy) is a free open source security tool used for finding security vulnerabilities in web applications._ + + +3. _Remove jenkins bit if this is already in somewhere, also check syntax, actually only do one git checkout_ First we're going to take the generic jenkins slave template from our exercise4/zap branch and the params. +```bash +$ git checkout exercise4/zap-and-arachni templates/jenkins-slave-generic-template.yml params/ +``` + +3. This should have created the following files: +- `templates/jenkins-slave-generic-template.yml` +- `params/ zap-bulid-pod arachni-build-pod` + +3. Create an object in `insert donal's new layout here` called `zap-build-pod` and the following content: +```yml + - name: "zap-build-pod" + namespace: "<YOUR_NAME>-ci-cd" + template: "{{ inventory_dir }}/../templates/jenkins-slave-generic-template.yml" + params: "{{ inventory_dir }}/../params/zap-build-pod" + tags: + - zap +``` + +3. Install ansible-y stuff (only if not run before???) +```bash +ansible-galaxy install -r requirements.yml --roles-path=roles +``` + +3. Remember to login to the cluster! +```bash +oc login https://console.s8.core.rht-labs.com --token=<INSERT_LOGIN_TOKEN_HERE> +``` + +3. Run the ansible playbook filtering with tag `zap` so only the zap build pods are run. +```bash +ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ -i inventory/ \ -e "filter_tags=zap" +``` + +3. Head to (https://console.s8.core.rht-labs.com/console/project/<YOUR_NAME>-ci-cd/browse/builds) on Openshift and you should see `zap-build-pod`. +include screenshot here. + +#### Part 2b - Arachni Scan +> _Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications._ + +3. Create an object in `insert donal's new layout here` called `arachni-build-pod` and the following content: +```yml + - name: "arachni-build-pod" + namespace: "<YOUR_NAME>-ci-cd" + template: "{{ inventory_dir }}/../templates/jenkins-slave-generic-template.yml" + params: "{{ inventory_dir }}/../params/arachni-build-pod" + tags: + - arachni +``` + +3. Run the ansible playbook filtering with tag `arachni` so only the zap build pods are run. +```bash +ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ -i inventory/ \ -e "filter_tags=arachni" +``` + +3. Head to (https://console.s8.core.rht-labs.com/console/project/<YOUR_NAME>-ci-cd/browse/builds) on Openshift and you should see `zap-build-pod`. +include screenshot here. _____ -- Gitblit v1.9.3