/heimdall_webserver

It's a tool to manage vulnerables packages in your *nix server, in a centralized way

Primary LanguageHTML

ATTENTION, this project is on a beta version, there's a lot of bugs and problem, if you want to help the project use this on a lab not in yout real environment.

NO, there's not https implemented yet, it will come on the next upgrade

Heimdall

It's a tool to manage vulnerables packages in your *nix servers, in a centralized way

Before all

You need to have pyhton pip installed, so check using the command
which pip
If you have pip installed just run
pip install -U pip

If you do not have pip installed, install it using the follow link
https://pip.pypa.io/en/stable/installing/

How to install

git clone https://github.com/mthbernardes/heimdall_webserver.git
cd heimdall_webserver
chmod +x install.sh
./install.sh
python manage.py runserver 0.0.0.0:1337
The default credentials are 
heimdall:heimdall (CHANGE THAT)
url to access
http://ip:port/login

How it works

1. Install and configure the Heimdall web platform(heimdall_webserver) on a server where you will manage all your other clients(servers)
2. Install and configure the Heimdall agent on your clients(heimdall_agent)
3. The client get all packages installed and consult on vulners.com, to find wich package is vulnerable.
4. The client report the vulnerables packages to heimdall_webserver
5. Now you can upgrade the packages in all your server using just the Heimdall Web Platform

Groups privilegies

admin - Can do everything
infra - Just can't create users
security,dev - Can only see informations about the servers

How to register a client

got to http://localhost:1337/cliente/cadastrar
First insert the client name (just to know what server is, this information is not used in anyway)
Set the server ip addres and the client port, the defaul port is 5000
Select the distro
Click in register
It's done

How upgrade the packages

After you have installed the packages on your client, it start to communicate with the server, and send the vulnerable packages, so when a vulnerable package appear, just click in update.
after the upgrade finish, you can see the upgrade response, clicking on view.
It's done

Project prints

https://github.com/mthbernardes/heimdall_webserver/tree/master/prints

Project installation and configuration video

https://player.vimeo.com/video/220639459

ToDo

Package upgrade with schedule
E-mail notifications
Activity Log
Vulnerability chat

Thanks

Thanks to @Brobin for create the bootstrap template used.
Thanks to vulners for create the API used on project.