-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #669 from cisagov/improvement/configure_commander_…
…jobs-per-host Add the ability to configure the `cyhy-commander`'s `jobs-per-*-host` values
- Loading branch information
Showing
5 changed files
with
26 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,22 @@ | ||
--- | ||
# defaults file for cyhy_commander | ||
|
||
# The maximum number of jobs to assign to each nessus host (vulnscanner). | ||
# This value is used in the "production" section of the cyhy-commander | ||
# configuration file this role generates. | ||
jobs_per_nessus_host: 16 | ||
|
||
# The maximum number of jobs to assign to each nmap host (portscanner). | ||
# This value is used in the "production" section of the cyhy-commander | ||
# configuration file this role generates. | ||
jobs_per_nmap_host: 8 | ||
|
||
# The maximum number of hosts that are scheduled to have scanning restarted | ||
# whose next scan stage should be updated per cyhy-commander cycle. The checks | ||
# for hosts that were "up" or "down" are processed separately so the total | ||
# number of hosts that are transitioned is double the provided value. Hosts | ||
# that are "up" are transitioned to PORTSCAN and hosts that are "down" are | ||
# transitioned to NETSCAN1. | ||
# This value is used in the "production" section of the cyhy-commander | ||
# configuration file this role generates. | ||
next_scan_limit: 8192 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -658,7 +658,7 @@ terraform apply -var-file=<your_workspace>.tfvars | |
| bod\_lambda\_functions | A map of information for each BOD 18-01 Lambda. The keys are the scan types and the values are objects that contain the Lambda's name and the key (name) for the corresponding deployment package in the BOD Lambda S3 bucket. Example: `{ pshtt = { lambda_file = "pshtt.zip", lambda_name = "task_pshtt" }}` | `map(object({ lambda_file = string, lambda_name = string }))` | `{}` | no | | ||
| bod\_nat\_gateway\_eip | The IP corresponding to the EIP to be used for the BOD 18-01 NAT gateway in production. In a non-production workspace an EIP will be created. | `string` | `""` | no | | ||
| cloudwatch\_alarm\_emails | A list of the emails to which alerts should be sent if any CloudWatch Alarm is triggered. | `list(string)` | ```[ "[email protected]" ]``` | no | | ||
| commander\_config | Configuration options for the CyHy commander's configuration file. | `object({ next_scan_limit = number })` | ```{ "next_scan_limit": 8192 }``` | no | | ||
| commander\_config | Configuration options for the CyHy commander's configuration file. | `object({ jobs_per_nessus_host = number, jobs_per_nmap_host = number, next_scan_limit = number })` | ```{ "jobs_per_nessus_host": 16, "jobs_per_nmap_host": 8, "next_scan_limit": 8192 }``` | no | | ||
| create\_bod\_flow\_logs | Whether or not to create flow logs for the BOD 18-01 VPC. | `bool` | `false` | no | | ||
| create\_cyhy\_flow\_logs | Whether or not to create flow logs for the CyHy VPC. | `bool` | `false` | no | | ||
| create\_mgmt\_flow\_logs | Whether or not to create flow logs for the Management VPC. | `bool` | `false` | no | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters