nuwcdivnpt/stig-manager-test

Sponsored OSS

By nuwcdivnpt

Updated over 4 years ago

An API and Web client for managing STIG assessments.

Image
Languages & Frameworks
Integration & Delivery
Security
0

3.1K

STIG Manager OSS

This is pre-release software and the Docker image is made available for pilot testing only

STIG Manager is an API and Web client for managing the assessment of Information Systems for compliance with security checklists published by the United States (U.S.) Defense Information Systems Agency (DISA). STIG Manager supports DISA checklists distributed as either a Security Technical Implementation Guide (STIG) or a Security Requirements Guide (SRG).

Source code: https://github.com/NUWCDIVNPT/stig-manager

Quick Start

The Quick Start steps require the official MySQL 8 image and a custom Keycloak 11 image.

docker-compose.yml
# STIG Manager docker-compose orchestration

version: '3.7'

services:
  auth:
    image: nuwcdivnpt/stig-manager-auth
    ports:
      - "8080:8080"
  db:
    image: mysql:8.0
    ports:
      - "50001:3306"
    environment:
      - MYSQL_ROOT_PASSWORD=rootpw
      - MYSQL_USER=stigman
      - MYSQL_PASSWORD=stigman
      - MYSQL_DATABASE=stigman
    cap_add:
      - SYS_NICE  # workaround MySQL logging bug => mbind: Operation not permitted 
  api:
    image: nuwcdivnpt/stig-manager
    environment:
      - STIGMAN_API_AUTHORITY=http://auth:8080/auth/realms/stigman
      - STIGMAN_CLASSIFICATION=U
      - STIGMAN_DB_HOST=db
      - STIGMAN_DB_PASSWORD=stigman
      - STIGMAN_INIT_IMPORT_STIGS=true
      - STIGMAN_INIT_IMPORT_SCAP=true
    init: true
    ports:
      - "54000:54000"
Steps
  • Create a docker-compose.yml file with the content above.
  • From the directory containing docker-compose.yml, run:
$ docker-compose up -d && docker-compose logs -f
  • On initial container startup, STIG Manager will connect to DoD Cyber Exchange and import the latest STIG Library Compilation and any available SCAP content.
  • When all the services have started, STIG Manager will output:
Server is listening on port 54000
API is available at /api
Client is available at /
  • Navigate to http://localhost:54000
  • Login using credentials "admin/password", as documented for the demonstration Keycloak image
  • Refer to the documentation to create your first Collection

STIG Manager OSS Environment Variables

Refer to our documentation for the environment variables consumed by STIG Manager

Running as individual containers

Keycloak
docker run --name stig-manager-auth \
  -p 8080:8080 \
  -p 8443:8443 \
  nuwcdivnpt/stig-manager-auth
Mysql
docker run --name stig-manager-db \
  -p 50001:3306 \
  -e MYSQL_ROOT_PASSWORD=rootpw \
  -e MYSQL_DATABASE=stigman \
  -e MYSQL_USER=stigman \
  -e MYSQL_PASSWORD=stigman \
  mysql:8
API
docker run --name stig-manager-api \
  -p 54000:54000 \
  -e STIGMAN_DB_HOST=<DATABASE_IP> \
  -e STIGMAN_DB_PORT=<DATABASE_PORT> \
  -e STIGMAN_API_AUTHORITY=http://<KEYCLOAK_IP>:<KEYCLOAK_PORT>/auth/realms/stigman \
  nuwcdivnpt/stig-manager

Docker Pull Command

docker pull nuwcdivnpt/stig-manager-test