Sichere Webserver(konfiguration): Difference between revisions

From
Jump to navigation Jump to search
No edit summary
Line 72: Line 72:
== Verwendung der API ==
== Verwendung der API ==


* Aufruf zum Scannen einer neuene Seite starten
lala
** POST-Request <br />
** http://localhost:57001/api/v1/analyze?host=www.testseite.de <br />
*** hidden=true&rescan=true <br />

* Status eines Scans anzeigen
** GET-Request <br />
** http://localhost:57001/api/v1/analyze?host=www.testseite.de <br />

* Resultate eines bestimmten Scans anzeigen (Scan-Nr.) <br />
** GET-Request <br />
** http://localhost:57001/api/v1/getScanResults?scan=1 <br />

* Liste Letzter Scans anzeigen- <br />
** GET-Request <br />
** http://localhost:57001/api/v1/getRecentScans?max=20 <br />
*** mit Option von bestimmten "Noten" in diesem Fall alle F, also 20 Punkte und darunte <br />

Revision as of 11:59, 17 October 2016

Lokale Installation

  • how to install observatory (tested on Ubuntu 16.04 LTS)

sudo apt-get install -y git libpq-dev postgresql redis-server python3 python3-pip

cd /opt/

sudo git clone https://github.com/mozilla/http-observatory.git

sudo su - postgres

createdb http_observatory

psql http_observatory < /opt/http-observatory/httpobs/database/schema.sql

psql http_observatory

\password httpobsapi #passwort festlegen z.B. its

\password httpobsscanner #passwort festlegen z.B. its

  • exit db (\q)
  • exit psql user (exit)

sudo vi /etc/postgresql/9.5/main/postgresql.conf #set max_connections = 512, shared_buffers = 256MB

sudo service postgresql restart

sudo useradd -m httpobs

sudo su - httpobs

cd /opt/http-observatory

pip3 install .

pip3 install -r requirements.txt --upgrade

exit


  • everything from here has to be done for every start - Starting from normal user
  • start scanner

sudo install -m 750 -o httpobs -g httpobs -d /var/run/httpobs /var/log/httpobs

sudo su - httpobs

echo export HTTPOBS_API_URL="http://localhost:57001/api/v1" >> ~/.profile

cd /opt/http-observatory/

HTTPOBS_DATABASE_USER="httpobsscanner" HTTPOBS_DATABASE_PASS="its" /opt/http-observatory/httpobs/scripts/httpobs-scan-worker


  • open new Terminal to start api

sudo su - httpobs

cd /opt/http-observatory/

HTTPOBS_DATABASE_USER="httpobsapi" HTTPOBS_DATABASE_PASS="its" uwsgi --http :57001 --wsgi-file /opt/http-observatory/httpobs/website/main.py --processes 8 --callable app --master

Verwendung der API