Getting Started

The CVE-Search project is developed for a linux environment and therefore this section describes the installation procedure for CVE-Search on Linux. Instructions and scripts of this release are written for the current release of Ubuntu LTS on the x86_64 architecture but will work on most other distributions. In this guide, we assume you are using apt as your package manager. If you are using a different one, install the requirements using your package manager of choice

Before setting up CVE-Search, you have to make sure the all the necessary code is present on your system. Your best choice is to use git to clone CVE-Search from github.

You can clone CVE-Search from

Dependencies

https://github.com/marianoguerra/feedformatter/archive/master.zip
Flask==2.0.2
Flask-Login==0.5.0
Flask-restx==0.5.1
Flask-Breadcrumbs==0.5.1
Flask-Bootstrap4==4.0.2
Flask-JWT-Extended==4.3.1
Flask-Socketio==5.1.1
Flask-WTF==1.0.0
Flask-plugins==1.6.1
gevent==21.8.0
gevent-websocket==0.10.1
WTForms==3.0.0
Jinja2==3.0.3
python-dateutil==2.8.2
pytest==6.2.5
pytest-cov==3.0.0
requests==2.26.0
beautifulsoup4==4.10.0
Whoosh==2.7.4
Werkzeug==2.0.2
tqdm==4.62.3
pymongo==3.12.1
dicttoxml==1.7.4
redis==4.0.2
ijson==3.1.4
jsonpickle==2.0.0
requirements-parser==0.2.0
ansicolors==1.1.8
nltk==3.6.5
nested-lookup==0.2.23
oauthlib==3.1.1

Standard Installation

Install system requirements:

# Install system dependencies by running
xargs sudo apt-get install -y < requirements.system

Install CVE-Search and its Python dependencies:

pip3 install -r requirements.txt

Install mongodb.

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

sudo apt-get update

sudo apt-get install -y mongodb-org

sudo systemctl daemon-reload

sudo systemctl start mongod

# Verify status of mongodb
sudo systemctl status mongod

# if all is ok, enable mongodb to start on system startup
sudo systemctl enable mongod

Please check the mongodb website for installation instructions on different Linux distributions.

This is the end of the standard installation, you may now proceed with :ref:`configuration`

Production Installation

Installing dependencies

cat requirements.system requirements.prod | sudo xargs apt-get install -y

Install mongodb.

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

sudo apt-get update

sudo apt-get install -y mongodb-org

sudo systemctl daemon-reload

sudo systemctl start mongod

# Verify status of mongodb
sudo systemctl status mongod

# if all is ok, enable mongodb to start on system startup
sudo systemctl enable mongod

Please check the mongodb website for installation instructions on different Linux distributions.

Create a dedicated, unprivileged, user to run the cve-search service

sudo adduser cve --home /opt/cve

Create and activate a python virtual environment called cve-env

sudo su - cve

virtualenv cve-env

source ./cve-env/bin/activate

Installation of cve-search in the home directory of the user cve

cd

git clone https://github.com/cve-search/cve-search.git

cd cve-search

pip3 install -r requirements.txt

exit

Configuration

By default CVE-Search takes assumptions on certain configuration aspects of the application. These defaults are noted in the <<install_dir>>/etc/configuration.ini.sample:

[Redis]
Host: localhost
Port: 6379
Password: RedisPassword
redisQ: 9
VendorsDB: 10
NotificationsDB: 11
RefDB: 12

[Database]
Host: localhost
Port: 27017
DB: cvedb
PluginName: mongodb

[dbmgt]
Tmpdir: ./tmp/

[FulltextIndex]
Indexdir: ./indexdir/

[Webserver]
Host: 127.0.0.1
Port: 5000
Debug: True
PageLength: 50
LoginRequired: False
OIDC: False
CLIENT_ID: xx
CLIENT_SECRET: xx
IDP_DISCOVERY_URL: xx
SSL_VERIFY: False
SSL: True
Certificate: ssl/cve-search.crt
Key: ssl/cve-search.key
WebInterface: Full
MountPath: /MOUNTY/MC/MOUNT

[Logging]
Logging: True
Logfile: log/cve-search.log
Updatelogfile: log/update_populate.log
MaxSize: 150MB
Backlog: 5

[Proxy]
http: 
IgnoreCerts: False

[CVE]
StartYear: 2002

If your setup requires alternate settings and configurations, then copy the etc/configuration.ini.sample to <<install_dir>>/etc/configuration.ini and adjust accordingly.

Once these steps are completed all the conditions are met for CVE-Search to function properly; continue with populating the database