安全管理平台 SeMF 基础配置与部署指南 | SecurityManageFramwork
Contents
SeMF 基础配置指南
代码仓库
https://gitee.com/gy071089/SecurityManageFramwork
安装基础组件
#
# install_package.sh
sudo yum install -y net-tools vim lrzsz unzip gzip tar htop mlocate
sudo yum install -y zsh git lsof
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel wget
阶段1 编译安装 Python 3
#
# install_python3.sh
cd ~/develop
wget https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz
tar -xvJf Python-3.6.5.tar.xz
cd Python-3.6.5
./configure prefix=/usr/local/python3
make
sudo make install
sudo ln -s /usr/local/python3/bin/python3 /usr/bin/python3
阶段2 安装 RabbitMQ
#
# install_rabbitmq.sh
cd ~/develop
sudo rpm -ivh http://www.rabbitmq.com/releases/erlang/erlang-19.0.4-1.el7.centos.x86_64.rpm
erl -version
wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.9/rabbitmq-server-3.6.9-1.el7.noarch.rpm
sudo yum install -y rabbitmq-server-3.6.9-1.el7.noarch.rpm
sudo service rabbitmq-server start
sudo rabbitmq-plugins enable rabbitmq_management
阶段3 配置 RabbitMQ
#
# setup_rabbitmq.sh
sudo rabbitmqctl add_user team h4rd2gu3ss
sudo rabbitmqctl add_vhost semf
sudo rabbitmqctl set_user_tags team administrator
sudo rabbitmqctl set_permissions -p semf team ".*" ".*" ".*"
阶段4 配置 MySQL
https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-centos-7
#
# setup_mysql.sh
cd ~/develop
sudo yum -y install https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
sudo yum -y install mysql-server
sudo systemctl start mysqld
sudo systemctl status mysqld
sudo grep 'temporary password' /var/log/mysqld.log
接下来需要手工介入
#
# 安全初始化配置
sudo mysql_secure_installation
#
# 测试 root 密码是否正确
mysqladmin -u root -p version
# 配置 MySQL 外部访问
which mysqld
/usr/sbin/mysqld --verbose --help | grep -A 1 'Default options'
# /etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf
sudo vim /etc/my.cnf
=====
[mysqld]
bind-address = 0.0.0.0
=====
systemctl restart mysqld
# 内部网络测试
netstat -ntlp | grep 3306
# 外部网络测试
nmap -vvv -n -Pn -sT -p3306 <target_ip>
配置 semf 数据库
# 新建数据库 与 可以远程连接的用户
mysql> CREATE DATABASE IF NOT EXISTS semf DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL ON semf.* TO 'semf_user'@'%' IDENTIFIED BY 'h4rd2gu3ss';
mysql> flush privileges;
mysql> quit
阶段5 其他配置文件
其他配置文件参考
EMAIL_HOST = 'smtp-mail.outlook.com' # SMTP地址
EMAIL_PORT = 25 # SMTP端口
EMAIL_HOST_USER = 'xxxx@xxx.com' # 我自己的邮箱
EMAIL_HOST_PASSWORD = 'password' # 我的邮箱密码
EMAIL_SUBJECT_PREFIX = u'[SeMF]' #为邮件Subject-line前缀,默认是'[django]'
EMAIL_USE_TLS = True #与SMTP服务器通信时,是否启动TLS链接(安全链接)。默认是false
# SMTP 地址
EMAIL_HOST = 'smtp.sina.com'
# SMTP 端口
EMAIL_PORT = 25
EMAIL_HOST_USER = 'test@sina.com'
EMAIL_HOST_PASSWORD = 'password'
# 邮件 Subject-line 前缀 默认为 [django]
EMAIL_SUBJECT_PREFIX = u'[SeMF]'
# 是否启动TLS链接(安全链接)。默认是 False
EMAIL_USE_TLS = True
SERVER_EMAIL = 'test@sina.com'
DEFAULT_FROM_EMAIL = '安全管控平台<test@sina.com>'
# BROKER_URL = 'amqp://user:psd@xx.xx.xx.xx/vhost'
BROKER_URL = 'amqp://team:h4rd2gu3ss@127.0.0.1/semf'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'SeMF',
'USER': 'root',
'PASSWORD': 'h4rd2gu3ss',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS':{
'init_command':"SET sql_mode='STRICT_TRANS_TABLES' ",
'charset':'utf8',}
}
}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'semf',
'USER': 'semf_user',
'PASSWORD': 'h4rd2gu3ss',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS':{
'init_command':"SET sql_mode='STRICT_TRANS_TABLES' ",
'charset':'utf8',}
}
}
阶段6 SeMF 初始化
# 首先要手动建一个名为 semf 的 Mysql Schema
sudo python3 -m pip instgall -r requ
python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py createsuperuser
# 初始化
python3 initdata.py
python3 cnvd_xml.py
补充资料
安全管理平台SeMF设置关联 Nessus 扫描器
https://www.jianshu.com/p/6e81dd9fa1eb
Leave a Reply