RHEL 7
To use SSL you should ensure that you have mod_ssl installed. If not, run the following command:
yum install mod_ssl
AND
Rename the /etc/httpd/conf.d/ssl.conf file that was created during installation of mod_ssl to /etc/httpd/conf.d/ssl.conf.bak
Note:This is a sample reference implementation that you can use to help guide your setup. You need to modify the ServerName with the name of the Server given in the Software Vulnerability Manager Configuration. You should also ensure that the names of the certificates are correct and that all hosts support TLS (if they do not, use the less strict alternative or consolidate apache documentation on mod_ssl).
Create the /etc/httpd/conf.d/secunia_ssl.conf file as follows:
LoadModule ssl_module modules/mod_ssl.so
Listen 8443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:8443>
<Location “/”>
Order allow,deny
Allow from all
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Location>
DocumentRoot "/var/www/Secunia"
DirectoryIndex index.php index.html index.html.var
ServerName Secunia
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!MD5:!RC4:!DES
SSLCertificateFile /etc/pki/tls/certs/csi.crt
SSLCertificateKeyFile /etc/pki/tls/private/csi.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
BrowserMatch ".*MSIE [2-5]\..*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\" %b"
Header always set X-Content-Type-Options: "nosniff"
Header always set X-Frame-Options: "sameorigin"
Header always set X-Content-Security-Policy: "script-src 'self'"
Header always set X-XSS-Protection: "1;mode=block"
Header always set X-permitted-cross-domain-policies: "none"
Header always set Strict-Transport-Security: "max-age=31536000;includeSubDomains"
ErrorDocument 403 "<h1 style='color:red'>Error 403: Permission Denied!</h1>"
ErrorDocument 404 "<h1 style='color:red'>Error 404: Not found!</h1>"
</VirtualHost>
Ensure the ports used to access the application are allowed through the firewall:
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
You should then run the installation script sh /usr/local/Secunia/csi/install/installationProcess.sh again.
Important:You must answer the installation routine questions as follows:
“Will you use SSL?”: Y
“Do you want CSI Agents to use a different port?”: Y
“What port do you want use?”: 443
“Ready to perform the database schema upgrade?”: Y
SC2012 plugin “Would you like to go through the configuration process?”
“Will you use SSL?”: Y