DSScan 規劃 - HackMD

# DSScan 規劃 ###### tags: `DSScan` `Jobs` `Plan` ## 權限規劃 | 權限 | Admin | Manager | User | | -------------------------- |:-----:|:-------:|:----:| | system.auth.login | V | V | | | system.auth.logout | V | V | | | system.auth.account_policy | V | V | | | system.licenses.v | V | V | V | | system.update.v | V | V | V | | system.update.op | V | V | | | system.diversion.v | V | V | V | | system.diversion.op | V | V | | | system.pure.op | V | | | | auth.user.v | V | V | V | | auth.user.e | V | V | | | auth.priv.v | V | V | V | | auth.priv.e | V | V | | | auth.priv.op | V | V | | | auth.op_log.v | V | | V | | dash.asset.v | V | V | V | | dash.gcb.v | V | V | V | | dash.vans.v | V | V | V | | asset.asset.v | V | V | V | | asset.asset.e | V | V | | | asset.soft.v | V | V | V | | asset.hotfix.v | V | V | V | | asset.arch.v | V | V | V | | asset.arch.e | V | | | | gcb.policy.v | V | V | V | | gcb.policy.e | V | V | | | gcb.schle.v | V | V | V | | gcb.schle.c | V | V | | | gcb.schle.d | V | V | | | gcb.report.v | V | V | V | | gcb.report.d | V | V | | | gcb.report.c | V | V | | | gcb.rep_his.v | V | V | V | | vans.config.op | V | | | | vans.asset.v | V | V | V | | vans.asset.c | V | V | | | vans.asset.his | V | V | | ## 人員規劃 Judy * Manual Doc Moomin * UI/UX * Test Plan Yu * Frontend of DSScan * Frontend of DSAuth Fox * Master * GCB Collector Wayne * Auditor * Agent * Asset Collector Kevin * Manager * Backend of DSAuth * Authentication * Update * Customer * SCAP Collector ## 系統規劃 ```sequence Title: Agent 報到 Agent->DSMaster: register DSMaster->>DSCore: check token of agent DSCore-->>DSMaster: agent exist? token : create token DSMaster-->>Agent: token <string> ``` ```sequence Title: Agent 任務 Note over Agent,DSMaster: Agent 報到 Agent->DSMaster: check status DSMaster->>DSCore: check tasks of agent DSCore-->>DSMaster: tasks of agent? false <json> DSMaster-->>Agent: tasks? false <json> Note right of Agent: Wait next polling DSManager->DSCore: check schedule DSCore-->>DSManager: time to schedule? false <json> DSManager->DSCore: check schedule DSCore-->>DSManager: time to schedule? true <json> DSManager->DSManager: generate tasks DSManager->DSCore: assign tasks Agent->DSMaster: check status DSMaster->>DSCore: check tasks of agent DSCore-->>DSMaster: tasks of agent? true <json> DSMaster-->>Agent: tasks? true <json> Agent->Agent: do task Agent->DSMaster: submit task result DSMaster->>DSCore: update task result of asset DSMaster-->>Agent: ok <string> ``` ```sequence Title: User 登入 User->DSDashUI: Login DSDashUI->>DSMaster: username and password DSMaster->>DSCore: authcation user DSCore-->>DSMaster: vaild user? false <json> DSMaster-->>DSDashUI: vaild user? false <json> DSDashUI->User: denied user User->DSDashUI: Login DSDashUI->>DSMaster: username and password DSMaster->>DSCore: authcation user DSCore-->>DSMaster: vaild user? true <json> DSMaster-->>DSDashUI: vaild user? true <json> DSDashUI->User: allow user ``` ```sequence Title: User 建立排程 Note over User,DSDashUI: User 登入 User->DSDashUI: create schedule plan DSDashUI->>DSMaster: create schedule plan DSMaster->>DSCore: create schedule plan DSCore-->>DSMaster: creat? true <json> DSMaster-->>DSDashUI: creat? true <json> DSDashUI->User: show schedule info ``` Agent (Engine Module) DSDashUI (Web UI) DSMaster DSManager * DSTReport * DSTSchedule * DSTEvent * DSTUpdate DSAuditor * DSAGCB * DSACPE * DSAScap * DSAHSC DSCore ## Master 工作職責 * Backend API * Real deal in real time * Download files * Upload files * Register Agent、User * Login * Logout * Timeout * Create Plan * Deploy Tasks * rbac controll * Group of asset * ... 實現套件 * Nodejs * express * express-rbac * express-session ## Auditor 工作職責 * Compliance Check * SCAP * Translate CPE * Translate CVE * Vulnerability Audit * Security Health Check * Deal with raw data 實現套件 * Python * Golang ## Manager 工作職責 * Generate Report * Deal with Schedule * Send data to syslog * Sync of DSAuth * ... 實現套件 * Python * Golang ## Core 工作職責 * Cache DB * Manager DB * Connect * Insert * Select * Delete * Update 實現套件 * Parse SDK * Mongoose (Nodejs) * MongoEngine (Python) * mgo (golang) ## 尚須計畫 1. 定義 DB Schema 2. 定義 Sequence fragment (Agent、UI、Master、Core、Manager、Auditor) 3. 定義整合測試方法 4. 定義 Release 方法 * 只有 master、release 兩條分支 * 有 bug 在 master 建立 hotfix 分支 * 有新增功能在 msater 建立 futer 分支 * 統一 merge 到 master 分支 * 發布 release，將 master merge to release 5. 定義通知發布流程