-
Notifications
You must be signed in to change notification settings - Fork 464
Upgrading Shepherd 3.0 to 3.1
In order to upgrade your Security Shepherd 3.0 VM to 3.1 follow the steps below.
- Update the base image
- Install Java 8
- Uninstall Tomcat 7
- Install Tomcat 8
- Configure environment
- Install Security Shepherd WAR file
- Complete Setup
- Start Hacking
In order to update the base image connect to the VM (console or SS) Once connected run the following commands:
sudo apt-get update
sudo apt-get upgrade
Security Shepherd v3.1 requires Java 8 to run. First, check if you have Java 8 installed
java -version
If you see java version "1.7.X_xxx"
you will need to update to 1.8.
Follow these steps:
- Add the Java 8 repository
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
- Install Java 8 and set it as your default Java
sudo apt-get install oracle-java8-set-default
- Double check that Java 8 is now set as your default Java version by running
java -version
again. Your output should resemble the one below
securityshepherd@shepherdVm:~$ java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
THIS WILL DELETE ALL WEB APPLICATIONS IN THE PROCESS - IF YOU HAVE OTHER WEBSERVICES RUNNING ON THIS VM - THEY WILL BE DELETED ALSO - YOU HAVE BEEN WARNED
- Run the following command to remove Tomcat7 and all associated Configurations/Data
sudo apt-get purge tomcat7
Tomcat 8 can be install in any directory as the user (you) see fit. For this example we will install Tomcat 8 to /opt/
.
- Get the link to Tomcat 8 (*.tar.gz) from the Apache site (https://tomcat.apache.org/download-80.cgi) - Right click on the core > tar.gz link and select
Copy Link
- Download Tomcat 8 with wget
cd /opt/
sudo wget http://apache.mirrors.tds.net/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
- Extract Tomcat 8 and delete the original .tar.gz archive
sudo tar xvzf apache-tomcat-8.5.34.tar.gz && sudo rm apache-tomcat-8.5.34.tar.gz
- Create a tomcat group and assign the securityshepherd user as a member
sudo groupadd tomcat
sudo usermod -a -G tomcat securityshepherd
- Relogin to apply these changes and check that
tomcat
is know in our user's groups by runninggroups
su securityshepherd
groups
Ensure that tomcat
is found within the returned list
- Assign ownership of the /opt/apache-tomcat-8.5.34 directory (and its contents) to the tomcat user and group
sudo chown -R tomcat:tomcat /opt/apache-tomcat-8.5.34
- Check if
$JAVA_HOME
and$CATALINA_OUT
are set by running the following commands.
echo $JAVA_HOME
echo $CATALINA_OUT
If either return with an error or blank line they must be configured. $CATALINA_OUT
will need to be set to the location of Tomcat 8 (From step 3 we know this is /opt/apache-tomcat-8.5.34
).
Run the following command to find out where java is running from.
securityshepherd@shepherdVm:~$ readlink -f $(which java)
/usr/lib/jvm/java-8-oracle/jre/bin/java
- Open your a text editor to
~/.profile
and append the following two lines to the end of the file
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export CATALINA_HOME=/opt/apache-tomcat-8.5.34
Observe that JAVA_HOME is not set to the full path returned from the readlink
command
- Reload
~/.profile
by running
source ~/.profile
- Start Tomcat 8 by running the following command
$CATALINA_HOME/bin/startup.sh
If everything was successful when you navigate to < MachineIP >:8080 you should now see the Tomcat 8 landing page
Once Tomcat 8 has been installed it must be configured to use HTTPS (this is a security application after all).
- Download the Server Config Example from here
- Edit this example on line 87 and update the
keystoreFile
andkeystorePass
values to the path of thekeystore file
andshepherd
(or your original keystore passphrase) - Replace
server.xml
in/opt/apache-tomcat-8.5.34/conf/
with configuration from step 2. - Ensure the server.xml permissions are correct.
chmod 644 /opt/apache-tomcat-8.5.34/conf/server.xml
- Delete the data within the Tomcat 8 webapps folder
sudo rm -R /opt/apache-tomcat-8.5.34/webapps/*
- Download the Security Shepherd WAR file from the manual pack and extract it
wget https://github.com/OWASP/SecurityShepherd/releases/download/v3.1/owaspSecurityShepherd_v3.1_ManualPack.zip
unzip owaspSecurityShepherd_v3.1_ManualPack.zip
- Ensure that ROOT.war file is owned by tomcat
cd owaspSecurityShepherd_v3.1_ManualPack/
sudo chown tomcat:tomat ROOT.war
- Place ROOT.war in the
webapps
directory of Tomcat 8
sudo mv ROOT.war /opt/apache-tomcat-8.5.34/webapps/
- Restart Tomcat 8
$CATALINA_HOME/bin/shutdown.sh
$CATALINA_HOME/bin/startup.sh
- Navigate to
https://<MACHINE IP>
and observe the Owasp Security Shepherd Setup page
Nearly there.
In your browser after navigating to https://<MACHINE IP>
you should see the Security Shepherd setup page
- Configure this page with the following settings
Hostname: localhost
Port: 3306
DB Username: root
DB Password: CowSaysMoo
Override Databases: Upgrade from v3.0
Authentication token:
- The last step is to
cat
the file outlined inConfiguration Authentication Token
and paste it into theAuthentication token
box and then press submit
Good luck