Skip to content

Setup Ubuntu Shepherd Environment (Manual)

Jump to bottom
Mark Denihan edited this page Oct 23, 2015 · 2 revisions
  • Install Ubuntu Server on your hardware or VM (Avoid LVM for VMs)
  • If you're setting up a VM, Ensure the VM has a NAT Network Adapter (For Internets) and an Host-Only/Bridged adapter (For SSHing). You may need to update the interfaces file to have both adapters utilised by the OS
  • If you're setting up a VM, Install OpenSSH and then ssh in with Putty so you don't have to deal with a VM Console
apt-get install -y openssh-server
  • Run the following (Use "CowSaysMoo" for MySqlRoot pass to manual config steps);
sudo apt-get update -y
sudo apt-get install -y python-software-properties 
sudo add-apt-repository -y ppa:webupd8team/java  
sudo apt-get update -y  
sudo apt-get install -y oracle-java7-installer  
sudo apt-get install -y tomcat7 tomcat7-admin mysql-server-5.5
  • Transfer the ROOT.war, SQL and JS files from a Shepherd Manual Pack Download to the VM's ~ directory via Filezilla or some sFTP application
  • Run the following
sudo apt-get install -y dos2unix  
sudo dos2unix *.sql  
sudo chmod 775 *.war  
cd /var/lib/tomcat7/webapps/  
sudo rm -rf *  
sudo mv -v ~/ROOT.war ./  
cd ~  
echo "MySql Password...:"  
mysql -u root -e "source coreSchema.sql" --force -p  
echo "MySql Password..."  
mysql -u root -e "source moduleSchemas.sql" --force -p  
sudo -i  
echo "JAVA_HOME=/usr/lib/jvm/java-7-oracle" >> /etc/default/tomcat7  
echo "AUTHBIND=yes" >> /etc/default/tomcat7
echo "Installing MongoDB"
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install -y mongodb-org=2.6.9 mongodb-org-server=2.6.9 mongodb-org-shell=2.6.9 mongodb-org-mongos=2.6.9 mongodb-org-tools=2.6.9
sleep 10
mongo /home/*/manualPack/mongoSchema.js

To run Tomcat on both port 80 & 443

For 443 (HTTPS) firstly generate the self signed certificate

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

The following is an example of filling out the details for the cert. You can choose your own.

Enter keystore password:  passw0rd
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Paul Stone
What is the name of your organizational unit?
  [Unknown]:  Security Shepherd
What is the name of your organization?
  [Unknown]:  OWASP
What is the name of your City or Locality?
  [Unknown]:  Baile Átha Cliath
What is the name of your State or Province?
  [Unknown]:  Laighin
What is the two-letter country code for this unit?
  [Unknown]:  IE
Is CN=Paul Stone, OU=Security Shepherd, O=OWASP, L=Baile Átha Cliath, ST=Laighin, C=IE correct?
  [no]:  yes
 
Enter key password for
    (RETURN if same as keystore password):  <RETURN>

This will create a file under /home/USERNAME/.keystore

Now Update the /var/lib/tomcat7/conf/server.xml file manually. Make a note of the password to the cert you generated and enter it under the 'keystorePass'. Change the listener port to the following:

<Connector address="0.0.0.0" port="80" protocol="HTTP/1.1" 
               connectionTimeout="20000" URIEncoding="UTF-8" />

<Connector address="0.0.0.0" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
               SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/home/<username>/.keystore" 
               keystorePass="passw0rd" keyAlias="tomcat"/>
  • Then you'll need to run these commands to make Tomcat work on port 80 & 443
sudo -i  
touch /etc/authbind/byport/80
touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/80 
chmod 500 /etc/authbind/byport/443  
chown tomcat7 /etc/authbind/byport/80
chown tomcat7 /etc/authbind/byport/443

Redirect traffic to 443 (HTTPS)

If you want to redirect traffic to secure 443 (HTTPS) add the following to /var/lib/tomcat7/conf/web.xml

<security-constraint>
        <web-resource-collection>
                <web-resource-name>Entire Application</web-resource-name>
                <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>
  • Done
Clone this wiki locally