Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

安全管理平台 SeMF 基础配置与部署指南

wpadmin~August 7, 2018 /InfoSec/System Management

安全管理平台 SeMF 基础配置与部署指南 | SecurityManageFramwork

SeMF 基础配置指南

代码仓库

https://gitee.com/gy071089/SecurityManageFramwork

安装基础组件

#
# install_package.sh
sudo yum install -y net-tools vim lrzsz unzip gzip tar htop mlocate
sudo yum install -y zsh git lsof
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel wget

阶段1 编译安装 Python 3

#
# install_python3.sh
cd ~/develop
wget https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz
tar -xvJf Python-3.6.5.tar.xz
cd Python-3.6.5
./configure prefix=/usr/local/python3
make
sudo make install
sudo ln -s /usr/local/python3/bin/python3 /usr/bin/python3

阶段2 安装 RabbitMQ

#
# install_rabbitmq.sh
cd ~/develop
sudo rpm -ivh http://www.rabbitmq.com/releases/erlang/erlang-19.0.4-1.el7.centos.x86_64.rpm
erl -version
wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.9/rabbitmq-server-3.6.9-1.el7.noarch.rpm
sudo yum install -y rabbitmq-server-3.6.9-1.el7.noarch.rpm
sudo service rabbitmq-server start
sudo rabbitmq-plugins enable rabbitmq_management

阶段3 配置 RabbitMQ

#
# setup_rabbitmq.sh
sudo rabbitmqctl add_user team h4rd2gu3ss
sudo rabbitmqctl add_vhost semf
sudo rabbitmqctl set_user_tags team administrator
sudo rabbitmqctl set_permissions -p semf team ".*" ".*" ".*"

阶段4 配置 MySQL

https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-centos-7

#
# setup_mysql.sh
cd ~/develop
sudo yum -y install https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
sudo yum -y install mysql-server
sudo systemctl start mysqld
sudo systemctl status mysqld
sudo grep 'temporary password' /var/log/mysqld.log

接下来需要手工介入

#
# 安全初始化配置
sudo mysql_secure_installation
#
# 测试 root 密码是否正确
mysqladmin -u root -p version

# 配置 MySQL 外部访问
which mysqld
/usr/sbin/mysqld --verbose --help | grep -A 1 'Default options'
# /etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf
sudo vim /etc/my.cnf
=====
[mysqld]
bind-address = 0.0.0.0
=====
systemctl restart mysqld
# 内部网络测试
netstat -ntlp | grep 3306
# 外部网络测试
nmap -vvv -n -Pn -sT -p3306 <target_ip>

配置 semf 数据库

# 新建数据库 与 可以远程连接的用户
mysql> CREATE DATABASE IF NOT EXISTS semf DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL ON semf.* TO 'semf_user'@'%' IDENTIFIED BY 'h4rd2gu3ss';
mysql> flush privileges;
mysql> quit

阶段5 其他配置文件

其他配置文件参考

EMAIL_HOST = 'smtp-mail.outlook.com'          # SMTP地址
EMAIL_PORT = 25                 # SMTP端口
EMAIL_HOST_USER = 'xxxx@xxx.com'    # 我自己的邮箱
EMAIL_HOST_PASSWORD = 'password'         # 我的邮箱密码
EMAIL_SUBJECT_PREFIX = u'[SeMF]'      #为邮件Subject-line前缀,默认是'[django]'
EMAIL_USE_TLS = True               #与SMTP服务器通信时,是否启动TLS链接(安全链接)。默认是false

# SMTP 地址
EMAIL_HOST = 'smtp.sina.com'
# SMTP 端口
EMAIL_PORT = 25
EMAIL_HOST_USER = 'test@sina.com'
EMAIL_HOST_PASSWORD = 'password'
# 邮件 Subject-line 前缀 默认为 [django]
EMAIL_SUBJECT_PREFIX = u'[SeMF]'
# 是否启动TLS链接(安全链接)。默认是 False
EMAIL_USE_TLS = True


SERVER_EMAIL = 'test@sina.com'
DEFAULT_FROM_EMAIL = '安全管控平台<test@sina.com>'

# BROKER_URL = 'amqp://user:psd@xx.xx.xx.xx/vhost'
BROKER_URL = 'amqp://team:h4rd2gu3ss@127.0.0.1/semf'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'SeMF',
        'USER': 'root',
        'PASSWORD': 'h4rd2gu3ss',
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS':{
                   'init_command':"SET sql_mode='STRICT_TRANS_TABLES' ",
                   'charset':'utf8',}
    }
}

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'semf',
        'USER': 'semf_user',
        'PASSWORD': 'h4rd2gu3ss',
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS':{
                   'init_command':"SET sql_mode='STRICT_TRANS_TABLES' ",
                   'charset':'utf8',}
    }
}

阶段6 SeMF 初始化

# 首先要手动建一个名为 semf 的 Mysql Schema
sudo python3 -m pip instgall -r requ
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py createsuperuser

# 初始化
python3 initdata.py
python3 cnvd_xml.py

补充资料

安全管理平台SeMF设置关联 Nessus 扫描器
https://www.jianshu.com/p/6e81dd9fa1eb

Leave a Reply

Your email address will not be published. Required fields are marked *