Sichere Webserver(konfiguration)

From
Jump to navigation Jump to search

Lokale Installation

  • how to install observatory (tested on Ubuntu 16.04 LTS)

sudo apt-get install -y git libpq-dev postgresql redis-server python3 python3-pip

cd /opt/

sudo git clone https://github.com/mozilla/http-observatory.git

sudo su - postgres

createdb http_observatory

psql http_observatory < /opt/http-observatory/httpobs/database/schema.sql

psql http_observatory

\password httpobsapi #passwort festlegen z.B. its

\password httpobsscanner #passwort festlegen z.B. its

  • exit db (\q)
  • exit psql user (exit)

sudo vi /etc/postgresql/9.5/main/postgresql.conf #set max_connections = 512, shared_buffers = 256MB

sudo service postgresql restart

sudo useradd -m httpobs

sudo su - httpobs

cd /opt/http-observatory

pip3 install .

pip3 install -r requirements.txt --upgrade

exit


  • everything from here has to be done for every start - Starting from normal user
  • start scanner

sudo install -m 750 -o httpobs -g httpobs -d /var/run/httpobs /var/log/httpobs

sudo su - httpobs

echo export HTTPOBS_API_URL="http://localhost:57001/api/v1" >> ~/.profile

cd /opt/http-observatory/

HTTPOBS_DATABASE_USER="httpobsscanner" HTTPOBS_DATABASE_PASS="its" /opt/http-observatory/httpobs/scripts/httpobs-scan-worker


  • open new Terminal to start api

sudo su - httpobs

cd /opt/http-observatory/

HTTPOBS_DATABASE_USER="httpobsapi" HTTPOBS_DATABASE_PASS="its" uwsgi --http :57001 --wsgi-file /opt/http-observatory/httpobs/website/main.py --processes 8 --callable app --master

Verwendung der API

{

 "A+": 3,
 "A": 6,
 "A-": 2,
 "B+": 8,
 "B": 76,
 "B-": 79,
 "C+": 80,
 "C": 88,
 "C-": 86,
 "D+": 60,
 "D": 110,
 "D-": 215,
 "E": 298,
 "F": 46770

}