Merge pull request #259 from Cingulara/develop

v1.7 Updates

README.md

@@ -1,4 +1,4 @@
-# OpenRMF<sup>&reg;</sup> Documentation (v 1.6.0)
+# OpenRMF<sup>&reg;</sup> Documentation (v 1.7.0)
 OpenRMF<sup>&reg;</sup> is an open source tool for managing, viewing, and reporting of your DoD STIG checklists, SCAP Scans and Nessus Patch Scans in one web-based interface using your browser. It also generates a compliance listing of all your checklists across a whole system based on NIST 800-53 for your Risk Management Framework (RMF) documentation and process. This tool helps you manage multiple systems going through the RMF process and allows you to structure your data in a clean interface all in one location for your group or program. 
 
 ## Get OpenRMF<sup>&reg;</sup> Core Running Locally
@@ -8,7 +8,7 @@ Next follow these [Step by Step Instructions](step-by-step.md).
 
 > Note that for Docker Desktop users, you need to have the File Sharing turned on to run OpenRMF<sup>&reg;</sup> the way it is designed in the docker-compose file. We use persistent volumes for MongoDB, Grafana, and Prometheus.
 
-> Tested with Docker Desktop 2.x onward with 6 CPUs, 6 GB RAM, 1 GB swap and 60 GB Disk Image. You will want more than the default 2 CPU and 2 GB RAM to maximize the use of OpenRMF<sup>&reg;</sup> specifically. Your machine age and hardware will make this vary some. If you see timeouts on Keycloak and OpenRMF<sup>&reg;</sup> when uploading, running reports, or web UI screens taking a long time to load you may want to check the Docker Desktop Resources of your machine.
+> Tested with Docker Desktop 4.x onward with 6 CPUs, 6 GB RAM, 1 GB swap and 60 GB Disk Image. You will want more than the default 2 CPU and 2 GB RAM to maximize the use of OpenRMF<sup>&reg;</sup> specifically. Your machine age and hardware will make this vary some. If you see timeouts on Keycloak and OpenRMF<sup>&reg;</sup> when uploading, running reports, or web UI screens taking a long time to load you may want to check the Docker Desktop Resources of your machine.
 
 ## Other OpenRMF<sup>&reg;</sup> Deployments
 If you want to run on AWS EKS, you can see the Helm Chart and Kubernetes specific information [here](./deployments/).

base-container-image/Dockerfile

@@ -1,6 +1,6 @@
 # build runtime image
-FROM alpine:3.12.0
-RUN apk update && apk upgrade && apk add ca-certificates openssh libstdc++ libintl icu && rm -rf /var/cache/apk/*
+FROM alpine:3.15.0
+RUN apk update && apk upgrade && apk add --no-cache ca-certificates openssh libstdc++ libintl icu 
 # these are only needed for REL libunwind nghttp2-libs libidn krb5-libs libuuid lttng-ust zlib 
 # copy all the DoD CA certs and PEM files to import
 COPY ./ca-root/ /usr/local/share/ca-certificates/

base-container-image/README.md

@@ -4,7 +4,7 @@ The DoD uses their own CA root certificates. We need them in the APIs since the
 ## Create the base image to use in all the APIs
 
 ```
-docker build -t openrmf-base-api:1.3 .
+docker build -t openrmf-base:1.04.00 .
 ```
 
 ## How to get the CRT files from the CER files
@@ -15,4 +15,4 @@ openssl x509 -inform PEM -in 1-DOD_ID_CA-59.cer -out 1-DOD_ID_CA-59.crt
 ```
 
 ## More Information
-Visit https://public.cyber.mil/
+Visit https://public.cyber.mil/

docs/index.md

@@ -15,6 +15,8 @@ Compare this to the manual way you have to manage STIG Checklists and SCAP scans
 
 See [What's New](./whatsnew.html) with the latest version.
 
+> This is for AMD / Intel based computers and servers to run in a Docker environment. The AMD chipsets may not run this stack correctly based on the way the containers are built.
+
 ## What it does
 OpenRMF manages your RMF documentation and removes the Cybersecurity mystery! It allows management to view the status of checklists and RMF progress on their systems. 
 

docs/whatsnew.md

@@ -8,6 +8,22 @@ nav_order: 2
 
 Please refer to the <a href="https://github.com/Cingulara?tab=projects" target="_blank">OpenRMF Projects listing on GitHub</a> for more information on feature updates and timeline.
 
+## Version 1.7
+Version 1.7 has the latest DISA templates for SCAP scan matching up to December 24, 2021 as well as the following feature updates:
+* updated base container image for vulnerability fixes
+* updated NGINX container for the web UI for vulnerability fixes
+* easier editing of vulnerabilities, all on one page w/o a popup
+* fixing a bug removing \n from Template formatting
+* fixing loading of HTML / XML characters in checklist details listings
+* adding the NGINX prometheus exporter for tracking metrics of the web UI
+* allow tagging of checklists (one at a time)
+* listing all templates, including internal ones from DISA's public site
+* better formatting of plugin description for Nessus report
+* better formatting for vulnerability detail on reports and chekclist vulnerability listings
+
+## Version 1.6
+Version 1.6 fixed the POSIX bug after updating to Docker Desktop where the .env file and APIs read the environment variables but they had a "-" in them. That was breaking it. 
+
 ## Version 1.5.4
 Version 1.5.4 added the updated DISA Templates from April 27 and April 28 2021. These allow you to match on SCAP scan uploads to automatically create checklists.
 

scripts/docker-compose.yml

@@ -3,7 +3,7 @@ version : '3.8'
 services:
 ### 1 Web Front End Container
   openrmf-web:
-    image: cingulara/openrmf-web:1.05.06
+    image: cingulara/openrmf-web:1.07.01
     container_name: openrmf-web
     restart: always
     ports:
@@ -22,7 +22,7 @@ services:
 
 ### 9 API Containers
   openrmfapi-scoring:
-    image: cingulara/openrmf-api-scoring:1.06.00
+    image: cingulara/openrmf-api-scoring:1.07.00
     container_name: openrmf-scoring-api
     restart: always
     ports:
@@ -40,7 +40,7 @@ services:
       - openrmf
 
   openrmfapi-save:
-    image: cingulara/openrmf-api-save:1.06.00
+    image: cingulara/openrmf-api-save:1.07.00
     container_name: openrmf-save-api
     restart: always
     ports:
@@ -61,7 +61,7 @@ services:
       - openrmf
 
   openrmfapi-template:
-    image: cingulara/openrmf-api-template:1.06.00
+    image: cingulara/openrmf-api-template:1.07.00
     container_name: openrmf-template-api
     restart: always
     ports:
@@ -80,7 +80,7 @@ services:
       - openrmf
 
   openrmfapi-upload:
-    image: cingulara/openrmf-api-upload:1.06.00
+    image: cingulara/openrmf-api-upload:1.07.00
     container_name: openrmf-upload-api
     restart: always
     ports:
@@ -101,7 +101,7 @@ services:
       - openrmf
 
   openrmfapi-read:
-    image: cingulara/openrmf-api-read:1.06.00
+    image: cingulara/openrmf-api-read:1.07.00
     container_name: openrmf-read-api
     restart: always
     ports:
@@ -120,7 +120,7 @@ services:
       - openrmf
 
   openrmfapi-compliance:
-    image: cingulara/openrmf-api-compliance:1.06.00
+    image: cingulara/openrmf-api-compliance:1.07.00
     container_name: openrmf-compliance-api
     restart: always
     ports:
@@ -134,7 +134,7 @@ services:
       - openrmf
 
   openrmfapi-controls:
-    image: cingulara/openrmf-api-controls:1.06.00
+    image: cingulara/openrmf-api-controls:1.07.00
     container_name: openrmf-controls-api
     restart: always
     ports:
@@ -148,7 +148,7 @@ services:
       - openrmf
 
   openrmfapi-audit:
-    image: cingulara/openrmf-api-audit:1.06.00
+    image: cingulara/openrmf-api-audit:1.07.00
     container_name: openrmf-audit-api
     restart: always
     ports:
@@ -167,7 +167,7 @@ services:
       - openrmf
 
   openrmfapi-report:
-    image: cingulara/openrmf-api-report:1.06.00
+    image: cingulara/openrmf-api-report:1.07.00
     container_name: openrmf-report-api
     restart: always
     ports:
@@ -187,7 +187,7 @@ services:
 
 ### 8 Messaging Containers
   openrmfmsg-score:
-    image: cingulara/openrmf-msg-score:1.06.00
+    image: cingulara/openrmf-msg-score:1.07.00
     container_name: openrmf-score-nats-message-client
     restart: always
     environment:
@@ -202,7 +202,7 @@ services:
       - openrmf
 
   openrmfmsg-checklist:
-    image: cingulara/openrmf-msg-checklist:1.03.00
+    image: cingulara/openrmf-msg-checklist:1.07.00
     container_name: openrmf-checklist-nats-message-client
     restart: always
     environment:
@@ -217,7 +217,7 @@ services:
       - openrmf
 
   openrmfmsg-compliance:
-    image: cingulara/openrmf-msg-compliance:1.03.00
+    image: cingulara/openrmf-msg-compliance:1.07.00
     container_name: openrmf-compliance-nats-message-client
     restart: always
     environment:
@@ -228,7 +228,7 @@ services:
       - openrmf
 
   openrmfmsg-controls:
-    image: cingulara/openrmf-msg-controls:1.04.00
+    image: cingulara/openrmf-msg-controls:1.07.00
     container_name: openrmf-controls-nats-message-client
     restart: always
     environment:
@@ -239,7 +239,7 @@ services:
       - openrmf
 
   openrmfmsg-template:
-    image: cingulara/openrmf-msg-template:1.03.00
+    image: cingulara/openrmf-msg-template:1.07.00
     container_name: openrmf-template-nats-message-client
     restart: always
     environment:
@@ -254,7 +254,7 @@ services:
       - openrmf
 
   openrmfmsg-system:
-    image: cingulara/openrmf-msg-system:1.06.00
+    image: cingulara/openrmf-msg-system:1.07.00
     container_name: openrmf-system-nats-message-client
     restart: always
     environment:
@@ -269,7 +269,7 @@ services:
       - openrmf
 
   openrmfmsg-audit:
-    image: cingulara/openrmf-msg-audit:1.03.00
+    image: cingulara/openrmf-msg-audit:1.07.00
     container_name: openrmf-audit-nats-message-client
     restart: always
     environment:
@@ -284,7 +284,7 @@ services:
       - openrmf
 
   openrmfmsg-reports:
-    image: cingulara/openrmf-msg-reports:1.06.00
+    image: cingulara/openrmf-msg-reports:1.07.00
     container_name: openrmf-report-nats-message-client
     restart: always
     environment:
@@ -385,7 +385,7 @@ services:
 
 ### NATS messaging container (internal)
   natsserver: 
-    image: nats:2.1.9
+    image: nats:2.2.6-alpine
     container_name: nats
     command: -m 8222
     restart: always
@@ -433,7 +433,7 @@ services:
       - openrmf
 
   prometheus:
-    image: prom/prometheus:v2.30.3
+    image: prom/prometheus:v2.32.1
     container_name: prometheus
     command:
       - '--config.file=/etc/prometheus/prometheus.yml'
@@ -448,7 +448,7 @@ services:
       - openrmf
 
   grafana: 
-    image: grafana/grafana:8.2.2
+    image: grafana/grafana:8.3.3
     container_name: grafana
     #command:
     environment:

scripts/keycloak/setup-realm-linux.sh

@@ -72,12 +72,13 @@ echo
 echo "Setting Require SSL to none (off)..."
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'sslRequired=none'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayName=OpenRMF OSS'
-docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayNameHtml=OpenRMF OSS'
+docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayNameHtml=OpenRMF<sup>&reg;</sup> OSS'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'loginTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'accountTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'sslRequired=none'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'accountTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'adminTheme=openrmf'
+docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'displayNameHtml=OpenRMF<sup>&reg;</sup> OSS User Administration'
 ##END Disable SSL Requirement
 
 ##BEGIN Create Password Policy

scripts/keycloak/setup-realm-mac.sh

@@ -35,11 +35,12 @@ echo "Setting OpenRMF Realm Options (SSL off, Display Name)..."
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'sslRequired=none'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'sslRequired=none'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayName=OpenRMF OSS'
-docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayNameHtml=OpenRMF OSS'
+docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'displayNameHtml=OpenRMF<sup>&reg;</sup> OSS'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'loginTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'accountTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'accountTheme=openrmf'
 docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set 'adminTheme=openrmf'
+docker exec -i $keycontainer /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set 'displayNameHtml=OpenRMF<sup>&reg;</sup> OSS User Administration'
 ##END Disable SSL Requirement
 
 ##BEGIN Create Password Policy

scripts/keycloak/setup-realm-windows.cmd

@@ -36,11 +36,12 @@ docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/mas
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "displayName=OpenRMF OSS"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "displayNameHtml=OpenRMF OSS"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "displayName=OpenRMF OSS"
-docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "displayNameHtml=OpenRMF OSS"
+docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "displayNameHtml=OpenRMF<sup>&reg;</sup> OSS"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "loginTheme=openrmf"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "accountTheme=openrmf"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set "accountTheme=openrmf"
 docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/openrmf --set "adminTheme=openrmf"
+docker exec -i %keycontainer% /opt/jboss/keycloak/bin/kcadm.sh update realms/master --set "displayNameHtml=OpenRMF<sup>&reg;</sup> OSS User Administration"
 REM END Disable SSL Requirement
 
 REM BEGIN Create Password Policy

scripts/local/docker-compose.yml

@@ -67,7 +67,7 @@ services:
     restart: always
     command:
       - -nginx.scrape-uri
-      - http://web:8080/status
+      - http://openrmf-web:8080/status
     ports:
       - 9113:9113
     networks: