Cyber-Guardian Setup Complete
Date: 2026-03-06
Status: β
Operational
Setup Script: scripts/setup-cyber-guardian.sh
Installation Summary
What Was Configured
- Python Virtual Environment
- Location:
/opt/claude-workspace/projects/cyber-guardian/venv - Dependencies: aiohttp, pyyaml, psycopg2-binary
-
Isolated from system Python
-
CVE Data Sources
- β KEV (CISA Known Exploited Vulnerabilities)
- β ExploitDB (Exploit Database)
-
β³ CVEListV5 (Pending first nightly sync - large dataset)
-
Cron Jobs
- Daily 1:00 AM: CVE data sync
-
Daily 2:00 AM: Full nightly scan (CVE + Malware)
-
Directory Structure
cyber-guardian/ βββ venv/ # Python virtual environment βββ data/cve/ # CVE data cache βββ logs/ # Scan logs βββ reports/nightly/ # JSON reports (30-day retention) βββ scripts/ βββ setup-cyber-guardian.sh # Keystone setup script βββ run-cve-scan.sh # CVE sync wrapper (uses venv) βββ run-nightly-scan.sh # Nightly scan wrapper (uses venv) βββ quick-cve-check.py # Manual CVE lookup tool
Usage
Activate Virtual Environment
cd /opt/claude-workspace/projects/cyber-guardian
source venv/bin/activate
CVE Commands
# Check CVE data status
python3 -m redteam.cve status
# Sync all CVE sources (runs automatically at 1 AM)
python3 -m redteam.cve sync
# Sync specific source
python3 -m redteam.cve sync --source kev
python3 -m redteam.cve sync --source exploitdb
python3 -m redteam.cve sync --source cvelistv5
# Look up CVEs
python3 -m redteam.cve lookup "wordpress 6.4"
python3 -m redteam.cve lookup "nginx 1.24.0"
python3 -m redteam.cve lookup "php 8.2" --min-cvss 7.0
# Get JSON output
python3 -m redteam.cve lookup "wordpress 6.4" --json
# WordPress-specific
python3 -m redteam.cve lookup "wordpress 6.4.1" --ecosystem wordpress-core
Manual Scan
# Run nightly scan manually
bash scripts/nightly-scan.sh
# Or use the wrapper (uses venv automatically)
bash scripts/run-nightly-scan.sh
Test Results
CVE Scanner Test (2026-03-06)
Nginx 1.24: - Found: 25 CVEs - Includes: CVE-2019-11043 (PHP-FPM RCE), CVE-2013-2028 (DoS), etc. - Sources: KEV + ExploitDB
WordPress 6.4: - Found: 3 CVEs - Sources: KEV + ExploitDB
Data Source Status
| Source | Status | Last Sync | Max Age |
|---|---|---|---|
| KEV | β OK | 2026-03-07 03:55:13 UTC | 168h |
| ExploitDB | β OK | 2026-03-07 03:58:51 UTC | 168h |
| cvelistv5 | β οΈ STALE | Never (will sync on first nightly) | 24h |
Known Issues
~~Bug: CVE Display Formatting Error~~ (FIXED 2026-03-06)
Issue: ~~When using table output (non-JSON), some CVE lookups encountered AttributeError.~~
Fix Applied: Updated cache serialization to properly handle CVERecord dataclasses:
- Added custom JSON encoder/decoder in redteam/cve/cache.py
- Cache now stores structured data instead of string repr()
- Fixed defensive attribute access in redteam/cve/__main__.py
Status: β Fixed - table output now works correctly for all queries.
Cron Schedule
# Cyber-Guardian Security Scans
# Daily at 1:00 AM - CVE data sync
0 1 * * * ublirnevire /opt/claude-workspace/projects/cyber-guardian/scripts/run-cve-scan.sh
# Daily at 2:00 AM - Full nightly scan
0 2 * * * ublirnevire /opt/claude-workspace/projects/cyber-guardian/scripts/run-nightly-scan.sh
Email Alerts: Configured to send to admin@quigs.com
Log Files
| Type | Location | Description |
|---|---|---|
| CVE Sync | logs/cve-sync.log |
Daily CVE data synchronization |
| Nightly Scan | logs/nightly-YYYY-MM-DD.log |
Full scan logs (CVE + Malware) |
Reports
Location: reports/nightly/
Format: JSON
Retention: 30 days (automatic cleanup)
Filename Pattern: redteam-report-YYYYMMDD_HHMMSS-*.json
Next Steps
- β Setup Complete - Scanner is operational
- β³ First Nightly Scan - Will run automatically at 2 AM
- β³ CVEListV5 Sync - Will download on first nightly scan (~30 min)
- π Monitor Logs - Check
logs/nightly-*.logafter first run
Quick Reference
Re-run Setup
sudo bash scripts/setup-cyber-guardian.sh admin@quigs.com
Check Cron Jobs
cat /etc/cron.d/cyber-guardian
View Recent Reports
ls -lth reports/nightly/ | head -10
View Latest Log
tail -f logs/nightly-$(date +%Y-%m-%d).log
Setup Completed By: Claude Sonnet 4.5 Repository: https://github.com/Quig-Enterprises/cyber-guardian Latest Commit: 9a112f2 (Add cyber-guardian keystone setup script with venv support)