RHEL 7

To use SSL you should ensure that you have mod_ssl installed. If not, run the following command:

yum install mod_ssl

AND

Rename the /etc/httpd/conf.d/ssl.conf file that was created during installation of mod_ssl to /etc/httpd/conf.d/ssl.conf.bak 

Note:This is a sample reference implementation that you can use to help guide your setup. You need to modify the ServerName with the name of the Server given in the Software Vulnerability Manager Configuration. You should also ensure that the names of the certificates are correct and that all hosts support TLS (if they do not, use the less strict alternative or consolidate apache documentation on mod_ssl).

Create the /etc/httpd/conf.d/secunia_ssl.conf file as follows:

LoadModule ssl_module modules/mod_ssl.so

Listen 8443

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

SSLRandomSeed startup file:/dev/urandom 256

SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost *:8443>

<Location “/”>

Order allow,deny

Allow from all

<LimitExcept POST GET HEAD>

Deny from all

</LimitExcept>

</Location>

DocumentRoot "/var/www/Secunia"

DirectoryIndex index.php index.html index.html.var

ServerName Secunia

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLHonorCipherOrder On

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!RC4:!DES

SSLCertificateFile /etc/pki/tls/certs/csi.crt

SSLCertificateKeyFile /etc/pki/tls/private/csi.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</Files>

BrowserMatch ".*MSIE [2-5]\..*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\" %b"

 

 

Header always set X-Content-Type-Options: "nosniff"

Header always set X-Frame-Options: "sameorigin"

Header always set X-Content-Security-Policy: "script-src 'self'"

Header always set X-XSS-Protection: "1;mode=block"

Header always set X-permitted-cross-domain-policies: "none"

Header always set Strict-Transport-Security: "max-age=31536000;includeSubDomains"

ErrorDocument 403 "<h1 style='color:red'>Error 403: Permission Denied!</h1>"

ErrorDocument 404 "<h1 style='color:red'>Error 404: Not found!</h1>"

</VirtualHost>

 

Ensure the ports used to access the application are allowed through the firewall:

firewall-cmd --zone=public --add-port=443/tcp --permanent

firewall-cmd --reload

You should then run the installation script sh /usr/local/Secunia/csi/install/installationProcess.sh again.

Important:You must answer the installation routine questions as follows:

“Will you use SSL?”: Y

“Do you want CSI Agents to use a different port?”: Y

“What port do you want use?”: 443

“Ready to perform the database schema upgrade?”: Y

SC2012 plugin “Would you like to go through the configuration process?”

“Will you use SSL?”: Y