OpenRASP项目地址https://rasp.baidu.com/
一、安装java
在CentOS中安装ElasticSearch需要Java1.8.0,可执行命令java -version
查看当前系统所安装Java版本是否为1.8.0版本。
openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
如未安装java或者版本不符,可通过以下命令安装:
yum install java-1.8.0-openjdk* -y 或者 yum -y install java
二、安装MongoDB 3.6
官方文档要求MongoDB 版本大于等于 3.6,所以我们安装个3.6版本
- 1.创建仓库
vi /etc/yum.repos.d/mongodb-org-3.6.repo
- 2.把下面的内容复制到上述文件中,保存退出
[mongodb-org-3.6] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
- 3.yum命令安装mongodb
yum install -y mongodb-org
- 4.创建数据目录
mkdir -p /data/mongodb/data /data/mongodb/logs chown mongod.mongod /data/mongodb/data /data/mongodb/logs -R #默认是使用mongod执行的,所以需要修改一下目录权限
- 5.修改配置文件
vi /etc/mongod.conf
# for documentation of all options, see: # http://docs.mongodb.org/manual/reference/configuration-options/ # where to write logging data. systemLog: destination: file logAppend: true path: /data/mongodb/logs/mongod.log #修改到刚才创建的目录 # Where and how to store data. storage: dbPath: /data/mongodb/data #修改到刚才创建的目录 journal: enabled: true # engine: # mmapv1: # wiredTiger: # how the process runs processManagement: fork: true # fork and run in background pidFilePath: /data/mongodb/logs/mongod.pid # location of pidfile timeZoneInfo: /usr/share/zoneinfo # network interfaces net: port: 27017 bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces. #security: # authorization: enabled #这里是开启验证功能,暂时先关闭,等创建完root用户再开起来进行验证 #operationProfiling: #replication: #sharding: ## Enterprise-Only Options #auditLog: #snmp:
- 6.启动MongoDB
mongod -f /etc/mongod.conf
三、安装ElasticSearch6.7
-
1.下载elasticsearch
官方网站下载:https://www.elastic.co/cn/downloads/past-releases#elasticsearch选择6.7版本的tar.gz压缩包。(官方文档要求elasticsearch版本需要大于等于 5.6,小于 7)
-
2.上传到服务器
下载完成后用rz
命令这个压缩包上传到/opt
路径下。 -
3.解压
tar -zvxf elasticsearch-6.7.0.tar.gz
- 4.创建用户
useradd es chown -R es:es /opt/elasticsearch-6.7.0/
因为elasticsearch不能以root账户启动,用root账户启动会产生以下报错信息,所以需新建一个用户启动。
[WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
- 5.启动elasticsearch
elasticsearch 不需要其他额外配置,只需要启动即可。切换到es用户,切换到/opt/elasticsearch-6.7.0的目录下进行启动:
su es cd elasticsearch-6.7.0/ bin/elasticsearch -d
- 6.验证服务是否启动成功
curl http://127.0.0.1:9200
执行以上命令,返回出现类似这段文字,说明服务开启成功。
curl http://127.0.0.1:9200 { "name" : "fb4g6X_", "cluster_name" : "elasticsearch", "cluster_uuid" : "Xp4GK80NRa6aikptBRTe0Q", "version" : { "number" : "6.7.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "8453f77", "build_date" : "2019-03-21T15:32:29.844721Z", "build_snapshot" : false, "lucene_version" : "7.7.0", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search" }
四、启动OpenRASP服务
- 下载 rasp-cloud.tar.gz 1.2.0-beta版本并解压到data目录。
- 编辑/conf/app.conf 文件,修正 ElasticSearch 和 MongoDB 两个服务器的地址。如果这两个服务器都安装在了本机,且使用默认端口,请跳过此步骤:
[prod] EsAddr = http://127.0.0.1:9200 EsUser = EsPwd = MongoDBAddr = 127.0.0.1:27017 MongoDBUser = MongoDBPwd =
- 在终端里执行如下命令,启动后台服务器:
[root@test rasp-cloud-2019-07-18]# ./rasp-cloud -d /data/rasp-cloud-2019-07-18/ 2019/07/18 23:44:48 args: [] 2019/07/18 23:44:48 start successfully, for details please check the log in 'logs/api/agent-cloud.log'
- 4.在浏览器里打开 http://your-ip:8086,但是web界面不能访问。根据提示查看
logs/api/agent-cloud.log
日志,日志显示服务正常。
[root@test rasp-cloud-2019-07-18]# cat logs/api/agent-cloud.log 2019/07/18 23:25:55.387 [I] [environment.go:67] ===== start type: default ===== 2019/07/18 23:25:55.390 [E] [mongo.go:51] [30002] failed to find MongoDB server: : no reachable servers 2019/07/18 23:44:48.844 [I] [environment.go:67] ===== start type: default ===== 2019/07/18 23:44:48.846 [I] [mongo.go:57] MongoDB version: 3.6.13 2019/07/18 23:44:48.872 [I] [es.go:56] ES version: 6.7.0 2019/07/18 23:44:49.014 [I] [es.go:126] put es template: report-data-template 2019/07/18 23:44:49.045 [I] [es.go:126] put es template: error-alarm-template 2019/07/18 23:44:49.108 [I] [es.go:126] put es template: attack-alarm-template 2019/07/18 23:44:49.139 [I] [es.go:126] put es template: policy-alarm-template 2019/07/18 23:44:49.584 [I] [log_handle.go:370] create es index: openrasp-policy-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182 2019/07/18 23:44:49.794 [I] [log_handle.go:370] create es index: openrasp-attack-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182 2019/07/18 23:44:49.984 [I] [log_handle.go:370] create es index: openrasp-error-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182 2019/07/18 23:44:50.149 [I] [report.go:42] create es index: openrasp-report-data-89ab2b1315cde191414ff3f0aa77bb4ac2b47182 2019/07/18 23:44:50.150 [I] [app.go:325] Succeed to create app, name: PHP 示例应用 2019/07/18 23:44:50.170 [I] [app.go:357] Succeed to set up default plugin for app, version: 2019-0708-1800
测试查看本机访问,显示正常。
[root@test rasp-cloud-2019-07-18]# curl http://127.0.0.1:8086
<!doctype html><html><head><meta charset=UTF-8><meta name=description content="OpenRASP 管理后台"><meta name=author content=c0debreak><meta name=robots content=noindex><meta name=viewport content="width=device-width,user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1"><meta http-equiv=X-UA-Compatible content="ie=edge"><link rel=icon href=./favicon.ico type=image/x-icon><link rel="shortcut icon" type=image/x-icon href=/static/favicon.ico><title>管理后台 - OpenRASP - 开源自适应安全防护</title><link href=/static/plugins/font-awesome-4.7.0/css/font-awesome.min.css rel=stylesheet><link href=/static/gfonts/main.css rel=stylesheet><link href=/static/plugins/charts-c3/plugin.css rel=stylesheet><link href=/static/css/app.55611cc7abe6d4911c43a8ec5550dfdd.css rel=stylesheet></head><body class=""><div id=app></div><script type=text/javascript src=/static/js/manifest.2ae2e69a05c33dfc65f8.js></script><script type=text/javascript src=/static/js/vendor.51cbec5bbc7181337bf4.js></script><script type=text/javascript src=/static/js/app.122d023e2cca64b89e23.js></script></body></html>
可能是防火墙问题,检查防火墙设置,开放8086端口
iptables -I INPUT -p tcp --dport 8086 -j ACCEPT
再次访问,web界面正常了。其中用户名固定为 openrasp,初始密码为 admin@123。
登录成功后,请根据 管理后台 - 添加主机 文档,了解如何添加第一台主机。
OpenRASP项目地址https://rasp.baidu.com/
作者:白帽札记
链接:https://www.jianshu.com/p/f04eb0895e80
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
来源:https://www.cnblogs.com/xiami2046/p/12596227.html