Configuring the lab’s Clusterfuzz service
Clusterfuzz is highly configurable. You can change the amount of VM instances used to fuzz, the OS of the fuzzing bots, physical location of the servers, the fuzzing alert system and more. You might find that the software you’d like to fuzz would benefit from altering these configurations. In order to configure the service you’ll need to use the Ubuntu machine in the lab which has everything already set up - or set up the environment on your local machine. This will also allow you to turn the service on and off.
Setting up local environment for configuring Clusterfuzz
These instructions are based off the Clusterfuzz documentation for creating a new project. In this case we only want to setup a new machine to connect to our existing project so we skip a few of their steps. This guide is for Linux.
Prerequisites
Before you start setting up your local environment you’ll need to make sure you have accomplished these tasks:
- Have a Google account that has been granted access to NSE’s Clusterfuzz project
- Followed the prerequisite tutorial from the Clusterfuzz documentation
- Downloaded the lab’s configuration files
Setting environment variables
Once you’ve installed all the necessary files and are authenticated with the lab’s GCP project you’ll need to set the variables to be used in your local environment.
First go to the lab’s GCP API page and make note of the key titled Browser key (auto created by Firebase)
and download the JSON file called Clusterfuzz
. These two keys will authenticate your local machine to Google. You’ll also need to go to the GCP dashboard and make note of the Project ID.
We will now export these values and a couple others to your terminal environment to be used by the Clusterfuzz application.
First in your terminal navigate to the Clusterfuzz repository and run source ENV/bin/activate
to start the Clusterfuzz environment. Then run these commands:
- Set the API key variable
export FIREBASE_API_KEY=<browser key you saw before>
- Set the JSON file you downloaded
export CLIENT_SECRETS_PATH=/path/to/your/client_secrets.json
- Set the project id
export CLOUD_PROJECT_ID=<your project id>
- Set the path to the lab’s configuration folder (that you downloaded from Github)
export CONFIG_DIR=/path/to/Clusterfuzz-configuration
Authenticating to GCP
You need to authenticate your local machine to GCP using your Google account. Run this command.
gcloud auth application-default login
Deploying your changes
Now that the environment is set up you should be able to make some changes to the configuration files and deploy them.
To deploy changes run this command (make sure you are still in the environment from the previous step)
python butler.py deploy --config-dir=$CONFIG_DIR --prod --force
Be aware that it can take a few minutes after you’ve deployed until your changes are reflected in the Google Cloud Platform.