{"_id":"553aa3070074c80d00621c39","__v":39,"category":{"_id":"553aa3060074c80d00621c37","__v":8,"project":"553aa3050074c80d00621c33","pages":["553aa3070074c80d00621c39","554dd7680f31e40d0028e79f","554dd7882432590d00bd5106","554dd79fbe34a70d00037873","554dd7d02432590d00bd5108","554dd7e2be34a70d00037876","554dd8b6be34a70d0003787a","554e5ea00f31e40d0028e814"],"version":"553aa3050074c80d00621c36","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-24T20:09:42.471Z","from_sync":false,"order":0,"slug":"setup","title":"Setup"},"project":"553aa3050074c80d00621c33","version":{"_id":"553aa3050074c80d00621c36","__v":5,"project":"553aa3050074c80d00621c33","createdAt":"2015-04-24T20:09:41.956Z","releaseDate":"2015-04-24T20:09:41.955Z","categories":["553aa3060074c80d00621c37","554dd8d10f31e40d0028e7a2","554ddd802432590d00bd511a","569784c469393517000c8315","569784ce3503e40d0061f40e"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"user":"553aa28b9a32920d0086714a","updates":["556f64a6fc3aa80d00e1abf6","58aca04f5303921b007a5c8f"],"next":{"pages":[],"description":""},"createdAt":"2015-04-24T20:09:43.203Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"[block:api-header]\n{\n  \"title\": \"Docker\"\n}\n[/block]\nWhen Docker is available, the fastest way to start using the SKF project is using the pre-built container hosted at Docker hub.\n\ndocker run -ti -p 127.0.0.1:443:5443 blabla1337/skf-flask\nThe application will greet you on: https://127.0.0.1\n\nThis container always has the very latest version from the repository.\n\nDocker is the best way to go for now since we are planning an major new release the 1st of june!\nThis release has a new way of installation so it is recommended to keep it simple with Docker for now!\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n##Automated installation with Chef\n\nThe easiest way to use the SKF project is using the Chef cookbook that we created OR using the AWS setup (scroll down a bit more).\n\nWhat is Chef?\n\n*Chef is a configuration management and automation platform from Opscode. Chef helps you describe your infrastructure with code. Because your infrastructure is managed with code, it can be automated, tested and reproduced with ease. Check out [https://www.chef.io](https://www.chef.io) for more information about Chef*  \n\nFor using the SKF chef cookbook you will need to install the 3 software products on your machine/laptop. Those are all free to use.\n\n**VirtualBox**\n* VirtualBox is a free to use Virtual Machine that can load images.\n* [https://www.virtualbox.org/wiki/Downloads ](https://www.virtualbox.org/wiki/Downloads )\n\n**Chef Development Kit**\n* Chef Development Kit is a free to use tooling for testing and running cookbooks created with chef.\n* [https://downloads.chef.io/chef-dk/](https://downloads.chef.io/chef-dk/)\n\n**Vagrant**\n* Vagrant is has pre-build images ready to use for stable and fast development\n* [https://www.vagrantup.com/downloads.html](https://www.vagrantup.com/downloads.html) \n\nWhen you have installed the above software you are now able to create a VirtualBox image with Vagrant configuration and using Chef to configure the SKF application. The SKF chef cookbook will do this all for you and you only need to follow the steps below on your machine/laptop.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"cd ~/\\nwget https://github.com/blabla1337/owasp-skf-chef/archive/master.zip\\nunzup master.zip\\ncd owasp-skf-chef-master\\nkitchen converge default \\n\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow you have to wait a few minutes and watch the magic happen! ^^\nWhen the Chef run has completed (-----> Kitchen is finished!) the application is ready to use. When you will start the VirtualBox GUI you can see the cookbook created a new VB image that is running and holding the SKF application.\n[block:callout]\n{\n  \"type\": \"success\",\n  \"title\": \"The application will greet you on:\",\n  \"body\": \"https://192.168.33.118\"\n}\n[/block]\nBelow are some useful Kitchen 101 commands.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"# All the below commands should be run in the SKF chef directory\\n\\n# Command for creating the VM with the SKF project\\nkitchen converge default \\n\\n# Command for login to the VM with the SKF project\\nkitchen login default \\n\\n# Command for detroying the VM with the SKF project\\nkitchen destroy\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n#### AWS installation\n\nA CloudFormation template is provided to make it easy to set up the\nSecurity Knowledge Framework in AWS. For more information consult\n[the README in the `cloudformation` directory on Github](https://github.com/blabla1337/skf-flask/tree/master/cloudformation).\n\n\n##Ubuntu Manual installation\n\nTo run SKF you need Python pip and sqlite3 database support.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"On 64-bit plaftorm:\\nsudo apt-get install python-pip sqlite3 lib32z1-dev python-dev libxml2-dev libxslt-dev libffi-dev libssl-dev\\n\\nOn 32-bit platform:\\nsudo apt-get install python-pip sqlite3 zlib1g-dev python-dev libxml2-dev libxslt-dev libffi-dev libssl-dev\\n\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nAfter the prerequisites you can install the Python packages.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"sudo pip install https://github.com/mitsuhiko/flask/tarball/master\\nsudo pip install owasp-skf\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow you can start the program by opening the folder (e.g. /opt/owasp-skf/) and run:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"python skf.py\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n##Ubuntu Apache WSGI Setup \n\nTo run the OWASP-SKF as a service (SaaS) you can hook it up to your existing webservers using the WSGI module.\n\nFirst do the normal owasp-skf installation.\nUser that is installing this software is foobar, change foobar for your own user\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"apt-get install git apache2 libapache2-mod-wsgi\\nsudo a2enmod wsgi\\ncd /home/foobar\\ngit clone https://github.com/blabla1337/skf-flask.git\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow disable SSL settings, we want Apache to do this\n\nEdit the file file:\n/home/foobar/skf-flask/skf/skf.py\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"Change line:\\n       app.run(host=bindaddr, port=5443, ssl_context='adhoc')\\nto:\\n       app.run(host=bindaddr, port=5443)\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow we can edit the configuration file of Apache\n\nEdit the following file and add this below the virtualHost config for port 80\n/etc/apache2/sites-enabled/000-default.conf\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"WSGIRestrictStdout Off\\nListen 5443\\n<VirtualHost *:5443>\\n\\n    WSGIDaemonProcess skf user=www-data group=www-data threads=5\\n    WSGIScriptAlias / /home/foobar/skf-flask/skf/skf.wsgi\\n\\n    <Directory /home/foobar/skf-flask/skf>\\n        WSGIProcessGroup skf\\n        WSGIApplicationGroup %{GLOBAL}\\n        Order deny,allow\\n        Allow from all\\n        Require all granted\\n    </Directory>\\n\\n</VirtualHost>\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow edit the configuration file of WSGI\n\nEdit the following file:\n/etc/apache2/mods-enabled/wsgi.conf\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"Add below inside the if_module of mod_wsgi:\\n\\n  <FilesMatch \\\".+\\\\.py$\\\">\\n    SetHandler wsgi-script\\n  </FilesMatch>\\n\\n  # Deny access to compiled binaries\\n  # You should not serve these to anyone\\n  <FilesMatch \\\".+\\\\.py(c|o)$\\\">\\n    Order Deny,Allow\\n    Deny from all\\n  </FilesMatch>\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nCreate the WSGI file so it can be loaded by Apache\n\nCreate new skf.py file:\n/home/foobar/skf-flask/skf/skf.wsgi \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"import sys, os\\nsys.path.insert (0,'/home/foobar/skf-flask/skf')\\nos.chdir(\\\"/home/foobar/skf-flask/skf\\\")\\nfrom skf import app as application\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nThe final step:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"chmod +x /home/foobar/skf-flask/skf/skf.py\\nchown -R www-data:www-data /home/foobar/skf-flask\\n\\nsudo service apache2 restart\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nThe application can be visited at port http://the_ip_/:5443\nAlso now you can apply your favourite SSL/TLS settings to harden your encryption.\n\n##Windows\n\nDownload and install [Python 2.7.9](https://www.python.org/downloads/release/python-279/)\n\nRun below commands in cmd (As Administrator):\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"C:\\\\Python27\\\\Scripts\\\\pip.exe install https://github.com/mitsuhiko/flask/tarball/master\\nC:\\\\Python27\\\\Scripts\\\\pip.exe install owasp-skf\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow you can start the program by opening the folder and run the skf.py file:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"cd C:\\\\Python27\\\\Lib\\\\site-packages\\\\skf\\nC:\\\\Python27\\\\python.exe skf.py\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n##Mac OSX Manual\n\nThe first step is to install brew:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \" ruby -e \\\"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)\\\"\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nAfter installing brew you can now install sqllite3:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"brew install sqlite3\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n\nNow we install python pip:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"sudo easy_install pip\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nAfter the prerequisites you can install the Python packages:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"  sudo pip install https://github.com/mitsuhiko/flask/tarball/master\\n  sudo pip install owasp-skf\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nShould the install of owasp-skf contain error messages about openssl try the following and run the pip install owaps-skf again:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"brew unlink openssl && brew link openssl --force\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n\nNow you can start the program by opening the folder (e.g. /opt/owasp-skf/) and run:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \" python skf.py\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n\n##Usage for manual installation\n\nThe application will greet you on https://127.0.0.1:5443/\n\nDefault the application will generate a certificate on the fly but what you really want to do is placing your own server.key and server.crt in the skf dir. Then the skf-flask application will use these instead.\n\nDefault username: admin The password has to be set to use the application, please see the [First Run](https://skf.readme.io/docs/first-run) page for instructions.","excerpt":"How to install the Security Knowledge Framework (SKF)","slug":"installation","type":"basic","title":"Installation"}

Installation

How to install the Security Knowledge Framework (SKF)

[block:api-header] { "title": "Docker" } [/block] When Docker is available, the fastest way to start using the SKF project is using the pre-built container hosted at Docker hub. docker run -ti -p 127.0.0.1:443:5443 blabla1337/skf-flask The application will greet you on: https://127.0.0.1 This container always has the very latest version from the repository. Docker is the best way to go for now since we are planning an major new release the 1st of june! This release has a new way of installation so it is recommended to keep it simple with Docker for now! [block:code] { "codes": [ { "code": "", "language": "text" } ] } [/block] ##Automated installation with Chef The easiest way to use the SKF project is using the Chef cookbook that we created OR using the AWS setup (scroll down a bit more). What is Chef? *Chef is a configuration management and automation platform from Opscode. Chef helps you describe your infrastructure with code. Because your infrastructure is managed with code, it can be automated, tested and reproduced with ease. Check out [https://www.chef.io](https://www.chef.io) for more information about Chef* For using the SKF chef cookbook you will need to install the 3 software products on your machine/laptop. Those are all free to use. **VirtualBox** * VirtualBox is a free to use Virtual Machine that can load images. * [https://www.virtualbox.org/wiki/Downloads ](https://www.virtualbox.org/wiki/Downloads ) **Chef Development Kit** * Chef Development Kit is a free to use tooling for testing and running cookbooks created with chef. * [https://downloads.chef.io/chef-dk/](https://downloads.chef.io/chef-dk/) **Vagrant** * Vagrant is has pre-build images ready to use for stable and fast development * [https://www.vagrantup.com/downloads.html](https://www.vagrantup.com/downloads.html) When you have installed the above software you are now able to create a VirtualBox image with Vagrant configuration and using Chef to configure the SKF application. The SKF chef cookbook will do this all for you and you only need to follow the steps below on your machine/laptop. [block:code] { "codes": [ { "code": "cd ~/\nwget https://github.com/blabla1337/owasp-skf-chef/archive/master.zip\nunzup master.zip\ncd owasp-skf-chef-master\nkitchen converge default \n", "language": "text" } ] } [/block] Now you have to wait a few minutes and watch the magic happen! ^^ When the Chef run has completed (-----> Kitchen is finished!) the application is ready to use. When you will start the VirtualBox GUI you can see the cookbook created a new VB image that is running and holding the SKF application. [block:callout] { "type": "success", "title": "The application will greet you on:", "body": "https://192.168.33.118" } [/block] Below are some useful Kitchen 101 commands. [block:code] { "codes": [ { "code": "# All the below commands should be run in the SKF chef directory\n\n# Command for creating the VM with the SKF project\nkitchen converge default \n\n# Command for login to the VM with the SKF project\nkitchen login default \n\n# Command for detroying the VM with the SKF project\nkitchen destroy", "language": "text" } ] } [/block] #### AWS installation A CloudFormation template is provided to make it easy to set up the Security Knowledge Framework in AWS. For more information consult [the README in the `cloudformation` directory on Github](https://github.com/blabla1337/skf-flask/tree/master/cloudformation). ##Ubuntu Manual installation To run SKF you need Python pip and sqlite3 database support. [block:code] { "codes": [ { "code": "On 64-bit plaftorm:\nsudo apt-get install python-pip sqlite3 lib32z1-dev python-dev libxml2-dev libxslt-dev libffi-dev libssl-dev\n\nOn 32-bit platform:\nsudo apt-get install python-pip sqlite3 zlib1g-dev python-dev libxml2-dev libxslt-dev libffi-dev libssl-dev\n", "language": "text" } ] } [/block] After the prerequisites you can install the Python packages. [block:code] { "codes": [ { "code": "sudo pip install https://github.com/mitsuhiko/flask/tarball/master\nsudo pip install owasp-skf", "language": "text" } ] } [/block] Now you can start the program by opening the folder (e.g. /opt/owasp-skf/) and run: [block:code] { "codes": [ { "code": "python skf.py", "language": "text" } ] } [/block] ##Ubuntu Apache WSGI Setup To run the OWASP-SKF as a service (SaaS) you can hook it up to your existing webservers using the WSGI module. First do the normal owasp-skf installation. User that is installing this software is foobar, change foobar for your own user [block:code] { "codes": [ { "code": "apt-get install git apache2 libapache2-mod-wsgi\nsudo a2enmod wsgi\ncd /home/foobar\ngit clone https://github.com/blabla1337/skf-flask.git", "language": "text" } ] } [/block] Now disable SSL settings, we want Apache to do this Edit the file file: /home/foobar/skf-flask/skf/skf.py [block:code] { "codes": [ { "code": "Change line:\n app.run(host=bindaddr, port=5443, ssl_context='adhoc')\nto:\n app.run(host=bindaddr, port=5443)", "language": "text" } ] } [/block] Now we can edit the configuration file of Apache Edit the following file and add this below the virtualHost config for port 80 /etc/apache2/sites-enabled/000-default.conf [block:code] { "codes": [ { "code": "WSGIRestrictStdout Off\nListen 5443\n<VirtualHost *:5443>\n\n WSGIDaemonProcess skf user=www-data group=www-data threads=5\n WSGIScriptAlias / /home/foobar/skf-flask/skf/skf.wsgi\n\n <Directory /home/foobar/skf-flask/skf>\n WSGIProcessGroup skf\n WSGIApplicationGroup %{GLOBAL}\n Order deny,allow\n Allow from all\n Require all granted\n </Directory>\n\n</VirtualHost>", "language": "text" } ] } [/block] Now edit the configuration file of WSGI Edit the following file: /etc/apache2/mods-enabled/wsgi.conf [block:code] { "codes": [ { "code": "Add below inside the if_module of mod_wsgi:\n\n <FilesMatch \".+\\.py$\">\n SetHandler wsgi-script\n </FilesMatch>\n\n # Deny access to compiled binaries\n # You should not serve these to anyone\n <FilesMatch \".+\\.py(c|o)$\">\n Order Deny,Allow\n Deny from all\n </FilesMatch>", "language": "text" } ] } [/block] Create the WSGI file so it can be loaded by Apache Create new skf.py file: /home/foobar/skf-flask/skf/skf.wsgi [block:code] { "codes": [ { "code": "import sys, os\nsys.path.insert (0,'/home/foobar/skf-flask/skf')\nos.chdir(\"/home/foobar/skf-flask/skf\")\nfrom skf import app as application", "language": "text" } ] } [/block] The final step: [block:code] { "codes": [ { "code": "chmod +x /home/foobar/skf-flask/skf/skf.py\nchown -R www-data:www-data /home/foobar/skf-flask\n\nsudo service apache2 restart", "language": "text" } ] } [/block] The application can be visited at port http://the_ip_/:5443 Also now you can apply your favourite SSL/TLS settings to harden your encryption. ##Windows Download and install [Python 2.7.9](https://www.python.org/downloads/release/python-279/) Run below commands in cmd (As Administrator): [block:code] { "codes": [ { "code": "C:\\Python27\\Scripts\\pip.exe install https://github.com/mitsuhiko/flask/tarball/master\nC:\\Python27\\Scripts\\pip.exe install owasp-skf", "language": "text" } ] } [/block] Now you can start the program by opening the folder and run the skf.py file: [block:code] { "codes": [ { "code": "cd C:\\Python27\\Lib\\site-packages\\skf\nC:\\Python27\\python.exe skf.py", "language": "text" } ] } [/block] ##Mac OSX Manual The first step is to install brew: [block:code] { "codes": [ { "code": " ruby -e \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)\"", "language": "text" } ] } [/block] After installing brew you can now install sqllite3: [block:code] { "codes": [ { "code": "brew install sqlite3", "language": "text" } ] } [/block] Now we install python pip: [block:code] { "codes": [ { "code": "sudo easy_install pip", "language": "text" } ] } [/block] After the prerequisites you can install the Python packages: [block:code] { "codes": [ { "code": " sudo pip install https://github.com/mitsuhiko/flask/tarball/master\n sudo pip install owasp-skf", "language": "text" } ] } [/block] Should the install of owasp-skf contain error messages about openssl try the following and run the pip install owaps-skf again: [block:code] { "codes": [ { "code": "brew unlink openssl && brew link openssl --force", "language": "text" } ] } [/block] Now you can start the program by opening the folder (e.g. /opt/owasp-skf/) and run: [block:code] { "codes": [ { "code": " python skf.py", "language": "text" } ] } [/block] ##Usage for manual installation The application will greet you on https://127.0.0.1:5443/ Default the application will generate a certificate on the fly but what you really want to do is placing your own server.key and server.crt in the skf dir. Then the skf-flask application will use these instead. Default username: admin The password has to be set to use the application, please see the [First Run](https://skf.readme.io/docs/first-run) page for instructions.