adampielak · December 3, 2025 11:11
diff --git a/grafana-dashboard.json b/grafana-dashboard.json
 {
  "dashboard": {
    "title": "Vulnerability Scanner - Homelab",
    "panels": [
      {
        "title": "Total Vulnerabilities by Severity",
        "type": "graph",
        "targets": [
          {
            "expr": "vulns_total{severity=\"critical\"}",
            "legendFormat": "Critical"
          },
          {
            "expr": "vulns_total{severity=\"high\"}",
            "legendFormat": "High"
          },
          {
            "expr": "vulns_total{severity=\"medium\"}",
            "legendFormat": "Medium"
          },
          {
            "expr": "vulns_total{severity=\"low\"}",
            "legendFormat": "Low"
          }
        ]
      },
      {
        "title": "Vulnerabilities by Package",
        "type": "table",
        "targets": [
          {
            "expr": "vulns_by_package",
            "format": "table"
          }
        ]
      },
      {
        "title": "Scan Duration (seconds)",
        "type": "graph",
        "targets": [
          {
            "expr": "scanner_duration_seconds",
            "legendFormat": "Scan Duration"
          }
        ]
      },
      {
        "title": "Critical Vulnerabilities Alert",
        "type": "singlestat",
        "targets": [
          {
            "expr": "vulns_total{severity=\"critical\"}"
          }
        ],
        "thresholds": "1,5",
        "colors": ["green", "yellow", "red"]
      }
    ]
  }
 }
diff --git a/scanner-config.yaml b/scanner-config.yaml
 # Vulnerability Scanner Configuration

 # NVD API settings
 nvd:
  api_key: "your_nvd_api_key_here"
  base_url: "https://services.nvd.nist.gov/rest/json/cves/2.0"
  rate_limit: 50  # requests per 30 seconds
  timeout: 10     # seconds

 # Homelab hosts to scan
 hosts:
  - name: "homelab-server-01"
    ssh_user: "admin"
    ssh_key: "/home/user/.ssh/id_rsa"
  - name: "homelab-server-02"
    ssh_user: "admin"
    ssh_key: "/home/user/.ssh/id_rsa"
  - name: "docker-host"
    ssh_user: "root"
    ssh_key: "/home/user/.ssh/id_rsa"
  - name: "proxmox-node-01"
    ssh_user: "root"
    ssh_key: "/home/user/.ssh/id_rsa"

 # Severity filtering
 severity_filter:
  alert_on:
    - CRITICAL
    - HIGH
  monitor_only:
    - MEDIUM
    - LOW
    
 # Special packages (always alert regardless of severity)
 critical_packages:
  - openssh-server
  - sudo
  - linux-image
  - docker-ce
  - nginx
  
 # Alert destinations
 alerts:
  slack:
    enabled: true
    webhook_url: "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
    channel: "#security-alerts"
  email:
    enabled: true
    smtp_server: "smtp.gmail.com"
    smtp_port: 587
    from: "[email protected]"
    to:
      - "[email protected]"
  prometheus:
    enabled: true
    pushgateway: "http://prometheus-pushgateway:9091"
    job_name: "vuln_scanner"
    
 # Scan schedule
 schedule:
  enabled: true
  cron: "0 6 * * *"  # Daily at 06:00 UTC
  
 # Cache settings
 cache:
  enabled: true
  ttl: 86400  # 24 hours
  backend: "sqlite"
  path: "/var/lib/vuln-scanner/cache.db"
  
 # Reporting
 reports:
  daily_summary: true
  detailed_csv: true
  output_dir: "/var/log/vuln-scanner"
  retention_days: 30
  
 # Debian backport detection
 backports:
  check_debian_security_tracker: true
  check_ubuntu_usn: true
	{
	"dashboard": {
	"title": "Vulnerability Scanner - Homelab",
	"panels": [
	{
	"title": "Total Vulnerabilities by Severity",
	"type": "graph",
	"targets": [
	{
	"expr": "vulns_total{severity=\"critical\"}",
	"legendFormat": "Critical"
	},
	{
	"expr": "vulns_total{severity=\"high\"}",
	"legendFormat": "High"
	},
	{
	"expr": "vulns_total{severity=\"medium\"}",
	"legendFormat": "Medium"
	},
	{
	"expr": "vulns_total{severity=\"low\"}",
	"legendFormat": "Low"
	}
	]
	},
	{
	"title": "Vulnerabilities by Package",
	"type": "table",
	"targets": [
	{
	"expr": "vulns_by_package",
	"format": "table"
	}
	]
	},
	{
	"title": "Scan Duration (seconds)",
	"type": "graph",
	"targets": [
	{
	"expr": "scanner_duration_seconds",
	"legendFormat": "Scan Duration"
	}
	]
	},
	{
	"title": "Critical Vulnerabilities Alert",
	"type": "singlestat",
	"targets": [
	{
	"expr": "vulns_total{severity=\"critical\"}"
	}
	],
	"thresholds": "1,5",
	"colors": ["green", "yellow", "red"]
	}
	]
	}
	}
	# Vulnerability Scanner Configuration

	# NVD API settings
	nvd:
	api_key: "your_nvd_api_key_here"
	base_url: "https://services.nvd.nist.gov/rest/json/cves/2.0"
	rate_limit: 50 # requests per 30 seconds
	timeout: 10 # seconds

	# Homelab hosts to scan
	hosts:
	- name: "homelab-server-01"
	ssh_user: "admin"
	ssh_key: "/home/user/.ssh/id_rsa"
	- name: "homelab-server-02"
	ssh_user: "admin"
	ssh_key: "/home/user/.ssh/id_rsa"
	- name: "docker-host"
	ssh_user: "root"
	ssh_key: "/home/user/.ssh/id_rsa"
	- name: "proxmox-node-01"
	ssh_user: "root"
	ssh_key: "/home/user/.ssh/id_rsa"

	# Severity filtering
	severity_filter:
	alert_on:
	- CRITICAL
	- HIGH
	monitor_only:
	- MEDIUM
	- LOW

	# Special packages (always alert regardless of severity)
	critical_packages:
	- openssh-server
	- sudo
	- linux-image
	- docker-ce
	- nginx

	# Alert destinations
	alerts:
	slack:
	enabled: true
	webhook_url: "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
	channel: "#security-alerts"
	email:
	enabled: true
	smtp_server: "smtp.gmail.com"
	smtp_port: 587
	from: "[email protected]"
	to:
	- "[email protected]"
	prometheus:
	enabled: true
	pushgateway: "http://prometheus-pushgateway:9091"
	job_name: "vuln_scanner"

	# Scan schedule
	schedule:
	enabled: true
	cron: "0 6 * * *" # Daily at 06:00 UTC

	# Cache settings
	cache:
	enabled: true
	ttl: 86400 # 24 hours
	backend: "sqlite"
	path: "/var/lib/vuln-scanner/cache.db"

	# Reporting
	reports:
	daily_summary: true
	detailed_csv: true
	output_dir: "/var/log/vuln-scanner"
	retention_days: 30

	# Debian backport detection
	backports:
	check_debian_security_tracker: true
	check_ubuntu_usn: true