technical_guide - YacineKhamis/packer_experiments GitHub Wiki

Diagnostic Technical guide

Diagnostic is an open source web-browser based application designed to help organizations assessing their level of security regarding to information security most common threats and vulnerabilities.

The purpose of this document is to describe each step you have to go through in order to get an operational Diagnostic application running.

Components

PHP

Install php7.0 and following extensions :

sudo apt-get install libapache2-mod-php7.0 php7.0-mcrypt php7.0-mysql php7.0-zip php-xml

APACHE

Install apache2 and enable following modules :

sudo apt-get insall apache2
sudo a2enmod rewrite

COMPOSER

Install composer and use it in the root directory to download all dependencies listed in the composer.json file:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"

And use the command in the root directory:

php composer.phar install

MYSQL

Install mysql-server and execute db_initialization.sql script on database, which can be found in ROOT_DIRECTORY/scripts folder.

sudo apt-get install mysql-server

Duplicate ROOT_DIRECTORY/config/autoload/global.php.dist as global.php and fill in DB_NAME & DB_HOST fields :

'dsn'  => 'mysql:dbname=%%DB_NAME%%;host=%%DB_HOST%%'

Duplicate ROOT_DIRECTORY/config/autoload/local.php.dist as local.php and fill in DB_USER & DB_PASSWORD fields :

'username' => '%%DB_USER%%',
'password' => '%%DB_PASSWORD%%'

_

Setting up

Set up a virtual host that will point to the public/index.php application document root.

Your configuration file should look like this :

<VirtualHost *:80>
    ServerName %SERVER_NAME%
    DocumentRoot %ROOT_DIRECTORY%
    <Directory %ROOT_DIRECTORY%>
        DirectoryIndex index.php
        AllowOverride All
        Order allow,deny
        Allow from all
        <IfModule mod_authz_core.c>
        Require all granted
        </IfModule>
    </Directory>
</VirtualHost>

In addition to that, you may need to edit your hosts file. You will find further informations about virtual hosts here

Accessing the application

You can access the application by opening your favorite web browser (we recommend using Chrome though) and type http://%SERVER_NAME%

Default credentials are :

`Login : "[email protected]"`

`Password : "Diagnostic1!"`

Change language

#TODO not right placeholder Diagnostic application is available in both french and english. Find the %%LANG%% field in

/ROOT_DIRECTORY/module/Diagnostic/config/module.config.php

and replace by either "en_EN" or "fr_FR"

_

Troubleshoot

403 Forbidden

You may have cloned the repository outside the casual /var/www/ directory and/or changed group owner of the directory. Set up adequate access rights by using :

sudo chgrp -R www-data ../ROOT_DIRECTORY
sudo chmod 2750 ../ROOT_DIRECTORY
sudo chmod 2770 ../ROOT_DIRECTORY/data

Accessing the application from host

If you try to access the application over the network, just set up your virtual host accordingly and don’t forget to disable default web application by using :

sudo a2dissite 000-default.conf
⚠️ **GitHub.com Fallback** ⚠️