Manual Installation
OpenCVE can simply be installed using pip
:
$ pip install opencve
Configuration file
OpenCVE uses an opencve.cfg
file to handle its configuration (database access, mail config, pagination...).
So the first step is to create this configuration file. You can do it with the init
command :
$ opencve init
[*] Configuration created in /Users/ncrocfer/opencve/opencve.cfg
Tip
A custom path can be specified in the OPENCVE_CONFIG
environment variable. Check the init documentation for more details.
Initialize the database
The database is configured with the database_uri
variable of the opencve.cfg
file :
$ vim ~/opencve/opencve.cfg
...
database_uri = postgresql://john:mysupersecret@servername:5432/opencve
...
Once done the upgrade-db
command will create all the tables :
$ opencve upgrade-db
Because it uses the JSONB feature for performance, OpenCVE only supports PostgreSQL.
The pg_trgm module of PostgreSQL is required to let you search in the CVEs list. The upgrade-db command will enable it for you, but you can also do it yourself if you prefer (CREATE EXTENSION pg_trgm
).
Info
From PostgreSQL 13 this module is considered as trusted, meaning it can be installed by non-superusers with the CREATE privilege.
Import the data
The tables are created, you can now populate them using the import-data
command :
$ opencve import-data
This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.
Warning
The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the import-data
command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.
If you launch opencve import-data
without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.
We wrote a documentation to handle this problem using a SWAP file.
Start the workers
The synchronization between the OpenCVE database and the CVE list is done using a periodic Celery task.
The configuration of Celery is done through the celery_broker_url
and the celery_result_backend
configurations :
$ vim ~/opencve/opencve.cfg
...
celery_broker_url = redis://127.0.0.1:6379/0
celery_result_backend = redis://127.0.0.1:6379/1
...
Info
Celery supports several transports, like Redis and RabbitMQ. You can find more information on the official documentation.
The worker and the scheduler can then be started with the following commands :
$ opencve celery worker -l INFO
$ opencve celery beat -l INFO
Create an admin
You can now create the admin :
$ opencve create-user john john.doe@example.com --admin
Password:
Repeat for confirmation:
[*] User john created.
Tip
This command is required for the first admin, then you will be able to manage the users with the admin pages.
Start the webserver
You can finally launch the webserver and visit OpenCVE at http://127.0.0.1:8000
:
$ opencve webserver
[2020-07-14 20:38:06 +0200] [16032] [INFO] Starting gunicorn 20.0.4
[2020-07-14 20:38:06 +0200] [16032] [INFO] Listening at: http://127.0.0.1:8000 (16032)
[2020-07-14 20:38:06 +0200] [16032] [INFO] Using worker: sync
[2020-07-14 20:38:06 +0200] [16040] [INFO] Booting worker with pid: 16040
Tip
The server name can be configured in the opencve.cfg
file with the server_name
variable. See the documentation for that.