-
Notifications
You must be signed in to change notification settings - Fork 464
Setup Ubuntu Shepherd Environment (Manual)
Mark Denihan edited this page Oct 23, 2015
·
2 revisions
- Install Ubuntu Server on your hardware or VM (Avoid LVM for VMs)
- If you're setting up a VM, Ensure the VM has a NAT Network Adapter (For Internets) and an Host-Only/Bridged adapter (For SSHing). You may need to update the interfaces file to have both adapters utilised by the OS
- If you're setting up a VM, Install OpenSSH and then ssh in with Putty so you don't have to deal with a VM Console
apt-get install -y openssh-server
- Run the following (Use "CowSaysMoo" for MySqlRoot pass to manual config steps);
sudo apt-get update -y
sudo apt-get install -y python-software-properties
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get update -y
sudo apt-get install -y oracle-java7-installer
sudo apt-get install -y tomcat7 tomcat7-admin mysql-server-5.5
- Transfer the ROOT.war, SQL and JS files from a Shepherd Manual Pack Download to the VM's ~ directory via Filezilla or some sFTP application
- Run the following
sudo apt-get install -y dos2unix
sudo dos2unix *.sql
sudo chmod 775 *.war
cd /var/lib/tomcat7/webapps/
sudo rm -rf *
sudo mv -v ~/ROOT.war ./
cd ~
echo "MySql Password...:"
mysql -u root -e "source coreSchema.sql" --force -p
echo "MySql Password..."
mysql -u root -e "source moduleSchemas.sql" --force -p
sudo -i
echo "JAVA_HOME=/usr/lib/jvm/java-7-oracle" >> /etc/default/tomcat7
echo "AUTHBIND=yes" >> /etc/default/tomcat7
echo "Installing MongoDB"
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install -y mongodb-org=2.6.9 mongodb-org-server=2.6.9 mongodb-org-shell=2.6.9 mongodb-org-mongos=2.6.9 mongodb-org-tools=2.6.9
sleep 10
mongo /home/*/manualPack/mongoSchema.js
For 443 (HTTPS) firstly generate the self signed certificate
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
The following is an example of filling out the details for the cert. You can choose your own.
Enter keystore password: passw0rd
Re-enter new password: password
What is your first and last name?
[Unknown]: Paul Stone
What is the name of your organizational unit?
[Unknown]: Security Shepherd
What is the name of your organization?
[Unknown]: OWASP
What is the name of your City or Locality?
[Unknown]: Baile Átha Cliath
What is the name of your State or Province?
[Unknown]: Laighin
What is the two-letter country code for this unit?
[Unknown]: IE
Is CN=Paul Stone, OU=Security Shepherd, O=OWASP, L=Baile Átha Cliath, ST=Laighin, C=IE correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password): <RETURN>
This will create a file under /home/USERNAME/.keystore
Now Update the /var/lib/tomcat7/conf/server.xml file manually. Make a note of the password to the cert you generated and enter it under the 'keystorePass'. Change the listener port to the following:
<Connector address="0.0.0.0" port="80" protocol="HTTP/1.1"
connectionTimeout="20000" URIEncoding="UTF-8" />
<Connector address="0.0.0.0" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/<username>/.keystore"
keystorePass="passw0rd" keyAlias="tomcat"/>
- Then you'll need to run these commands to make Tomcat work on port 80 & 443
sudo -i
touch /etc/authbind/byport/80
touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/443
chown tomcat7 /etc/authbind/byport/80
chown tomcat7 /etc/authbind/byport/443
If you want to redirect traffic to secure 443 (HTTPS) add the following to /var/lib/tomcat7/conf/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
- Done