Installing the Fuzzbuzz CLI
Find your first bug in C or C++
Find your first bug in Go
Find your first bug in Rust
Seeding your fuzzer
Integrating with libFuzzer
Find Heartbleed in 5 Minutes
Protocol Generator Reference
Fuzzbuzz can be self-hosted on user-owned, fully on-premises, airgapped machines. This can be useful in situations where your software is too sensitive to be tested outside of your own network, or when the hosted Fuzzbuzz platform doesn't meet your requirements. We always recommend considering the hosted platform before deciding on hosting your own installation of Fuzzbuzz.
On-Premises Installation Overview
The Fuzzbuzz Platform consists of Platform Machines, a single Database, and Worker Machines.
A Platform Machine contains the frontend and backend services necessary to run the platform. It must conform to the Fuzzbuzz system requirements. It is the machine you will run the Fuzzbuzz Installer on, and is the machine that a user (or API client) will access when interacting with the platform. A deployment may consist of a single Platform Machine, or multiple load-balanced Platform Machines. For example, if you have installed Fuzzbuzz on a Platform Machine with the IP address
100.200.300.400, a developer would login to the platform by accessing
http(s)://100.200.300.400/login on your web browser.
All Platform Machines must connect to a single PostgreSQL database. In an ideal installation this database resides on one of the Platform Machines (the Primary Platform Machine), and is managed by the Fuzzbuzz tooling.
A Worker Machine is a machine that executes Fuzz Jobs and other fuzzing-related workloads. Worker machines are only needed for In-Process Fuzzing. Setup of worker machines can be skipped for Protocol Fuzzing. In a minimal Fuzzbuzz install, the primary Platform Machine can be used as a worker machine.
Operating system requirements
Fuzzbuzz can be provided in the form of a fully set-up Virtual Machine Image (such as a VMDK, QCOW2, etc), or in the form of an installer that must be run on an existing operating system. In the event that you wish to provide a base operating system for Platform and Worker machines rather than using a Virtual Machine Image, the OS must satisfy the following system requirements:
- Operating System: Debian Testing (https://wiki.debian.org/DebianTesting). You can find relevant images at the following link: http://cdimage.debian.org/cdimage/weekly-builds/
We suggest that you refrain from making significant modifications to the operating system or kernel. Modified versions of this operating system are not officially supported, and we will not be able to assist with problems that arise from custom changes or patches made to this operating system.
In addition to requiring a recent Debian/Testing OS, we recommend the following CPU and RAM configurations for a base installation:
Platform Machine: 4 CPUs, 16GB RAM
Platform Machine & Worker Machine all-in-one: 8 CPUs, 32GB RAM
These numbers are minimum requirements. You may find more powerful configurations useful if you have unusually high usage, or a large number of concurrent users. It is especially difficult to estimate the system requirements of worker machines, since required capacity depends on your specific needs. If you have questions, we recommend reaching out to us directly.
In most situations, your Primary Platform Machine will also host your database. It's important that you provide all of your Platform Machines with sufficient hard drive space for database backups and replicas. Specific numbers depend on usage, but we recommend 100GB as a starting point.
Setting up the first Platform Machine
The Fuzzbuzz Installer will be provided in the form of a tarball, with a filename that looks like
Your Fuzzbuzz contact will provide the installer to you directly. If you are interested in using Fuzzbuzz on-premises, get in touch at firstname.lastname@example.org
Install Fuzzbuzz by copying this tarball to the first Platform Machine you wish to set up, and unpack it by running
tar -xvzf <filename>.
You will see an
install-fuzzbuzz script in the current working directory. To begin the installation process, run
The installer will run, and potentially ask for information it needs to complete the install process. If you aren't sure what to provide, quit the installer by pressing
CTRL-c, and ask either your System Administrator, or someone on the Fuzzbuzz team for help. The installer will allow you to pick up from where you left off.
Once the install process is finished, you should be able to log into the Fuzzbuzz platform by heading to the IP address or Hostname of the machine you just ran the installer on in a web browser. Type in the email address and password you set up in the install process, and you should be able to login to your organization.
Setting up additional Platform Machines
This feature is currently unavailable.
Updates will be provided by Fuzzbuzz. When provided, they should be unpacked and installed on each Platform Machine and Worker Machine in the same manner as the installation script.
Instead of running
./install-fuzzbuzz, you should run
The script will automatically detect the existing Fuzzbuzz installation, and only ask for configuration if any new information is needed.
Ideal Fuzzbuzz Installation
The Ideal Fuzzbuzz Installation consists of a single Platform Machine, which hosts both the frontend and backend software, as well as the database. To set up an ideal Fuzzbuzz installation, run the installer script as specified above, accepting all configuration defaults (except those that pertain to your specific setup, such as network options or setting up your machine's network name).
Accepting all of the defaults in the installer will result in an optimal installation that Fuzzbuzz can manage with minimal intervention from you and your team.
Below you will find playbooks for specific situations, such as how to run backups and set up load balancing. If you have a specific situation that is not covered by this documentation, please reach out to us for specific help.
If you have more than one Platform Machine and you wish to load-balance between all of these machines so that a user can access them all via a single URL, follow the steps below:
We recommend DNS load balancing, specifically A-record load balancing. To achieve this, you should set your DNS server up so that the domain name you wish to access has multiple A records, one for each IP address that points to a Platform Machine.
If you are using a Fuzzbuzz-hosted Database (the default option), Fuzzbuzz will create periodic backups and place them in the
/opt/fuzzbuzz/backup/db directory on the Platform Machine. If you wish to back these up on external storage, you may set up periodic copies of this data to your own storage media.
If you wish to backup the Platform Machines that Fuzzbuzz is running on, you may do so by creating full Virtual Machine Snapshots of the VMs that Fuzzbuzz is running on. In the event of a machine failure, you could restore these snapshots to bring Fuzzbuzz back online without needing to reinstall the platform on fresh machines. Note that in this situation, you may need to reconfigure these machines after restoring if their IP addreesses or DNS names have changed.