OpenRASP管理后台安装记录

OpenRASP项目地址https://rasp.baidu.com/

一、安装java

在CentOS中安装ElasticSearch需要Java1.8.0，可执行命令java -version查看当前系统所安装Java版本是否为1.8.0版本。

openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

如未安装java或者版本不符，可通过以下命令安装：

yum install java-1.8.0-openjdk* -y
或者
yum -y install java

二、安装MongoDB 3.6

官方文档要求MongoDB 版本大于等于 3.6，所以我们安装个3.6版本

1.创建仓库

vi /etc/yum.repos.d/mongodb-org-3.6.repo

2.把下面的内容复制到上述文件中，保存退出

[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc

3.yum命令安装mongodb

yum install -y mongodb-org

mkdir -p /data/mongodb/data /data/mongodb/logs
chown mongod.mongod /data/mongodb/data /data/mongodb/logs -R 
#默认是使用mongod执行的，所以需要修改一下目录权限

5.修改配置文件

vi /etc/mongod.conf

# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /data/mongodb/logs/mongod.log #修改到刚才创建的目录
# Where and how to store data.
storage:
dbPath: /data/mongodb/data #修改到刚才创建的目录
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /data/mongodb/logs/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
#security:
# authorization: enabled #这里是开启验证功能，暂时先关闭，等创建完root用户再开起来进行验证
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:

6.启动MongoDB

mongod -f /etc/mongod.conf

三、安装ElasticSearch6.7

1.下载elasticsearch
官方网站下载：https://www.elastic.co/cn/downloads/past-releases#elasticsearch选择6.7版本的tar.gz压缩包。（官方文档要求elasticsearch版本需要大于等于 5.6，小于 7）

image.png
2.上传到服务器
下载完成后用rz命令这个压缩包上传到 /opt 路径下。
3.解压

tar -zvxf elasticsearch-6.7.0.tar.gz

4.创建用户

useradd  es 
chown  -R  es:es /opt/elasticsearch-6.7.0/

因为elasticsearch不能以root账户启动，用root账户启动会产生以下报错信息，所以需新建一个用户启动。

[WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root

5.启动elasticsearch
elasticsearch 不需要其他额外配置，只需要启动即可。切换到es用户，切换到/opt/elasticsearch-6.7.0的目录下进行启动：

su es
cd  elasticsearch-6.7.0/
bin/elasticsearch

6.验证服务是否启动成功

curl http://127.0.0.1:9200

执行以上命令，返回出现类似这段文字，说明服务开启成功。

curl http://127.0.0.1:9200
{
  "name" : "fb4g6X_",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "Xp4GK80NRa6aikptBRTe0Q",
  "version" : {
    "number" : "6.7.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "8453f77",
    "build_date" : "2019-03-21T15:32:29.844721Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

四、启动OpenRASP服务

1. 下载 rasp-cloud.tar.gz 1.2.0-beta版本并解压到data目录。
1. 编辑/conf/app.conf 文件，修正 ElasticSearch 和 MongoDB 两个服务器的地址。如果这两个服务器都安装在了本机，且使用默认端口，请跳过此步骤:

[prod]
EsAddr = http://127.0.0.1:9200
EsUser =
EsPwd =
MongoDBAddr = 127.0.0.1:27017
MongoDBUser =
MongoDBPwd =

1. 在终端里执行如下命令，启动后台服务器:

[root@test rasp-cloud-2019-07-18]# ./rasp-cloud -d
/data/rasp-cloud-2019-07-18/
2019/07/18 23:44:48 args: []
2019/07/18 23:44:48 start successfully, for details please check the log in 'logs/api/agent-cloud.log'

4.在浏览器里打开 http://your-ip:8086，但是web界面不能访问。根据提示查看logs/api/agent-cloud.log日志，日志显示服务正常。

[root@test rasp-cloud-2019-07-18]# cat logs/api/agent-cloud.log
2019/07/18 23:25:55.387 [I] [environment.go:67]  ===== start type: default ===== 
2019/07/18 23:25:55.390 [E] [mongo.go:51]  [30002] failed to find MongoDB server: : no reachable servers
2019/07/18 23:44:48.844 [I] [environment.go:67]  ===== start type: default ===== 
2019/07/18 23:44:48.846 [I] [mongo.go:57]  MongoDB version: 3.6.13 
2019/07/18 23:44:48.872 [I] [es.go:56]  ES version: 6.7.0 
2019/07/18 23:44:49.014 [I] [es.go:126]  put es template: report-data-template 
2019/07/18 23:44:49.045 [I] [es.go:126]  put es template: error-alarm-template 
2019/07/18 23:44:49.108 [I] [es.go:126]  put es template: attack-alarm-template 
2019/07/18 23:44:49.139 [I] [es.go:126]  put es template: policy-alarm-template 
2019/07/18 23:44:49.584 [I] [log_handle.go:370]  create es index: openrasp-policy-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182
2019/07/18 23:44:49.794 [I] [log_handle.go:370]  create es index: openrasp-attack-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182
2019/07/18 23:44:49.984 [I] [log_handle.go:370]  create es index: openrasp-error-alarm-89ab2b1315cde191414ff3f0aa77bb4ac2b47182
2019/07/18 23:44:50.149 [I] [report.go:42]  create es index: openrasp-report-data-89ab2b1315cde191414ff3f0aa77bb4ac2b47182
2019/07/18 23:44:50.150 [I] [app.go:325]  Succeed to create app, name: PHP 示例应用 
2019/07/18 23:44:50.170 [I] [app.go:357]  Succeed to set up default plugin for app, version: 2019-0708-1800

测试查看本机访问，显示正常。

[root@test rasp-cloud-2019-07-18]# curl http://127.0.0.1:8086

<!doctype html><html><head><meta charset=UTF-8><meta name=description content="OpenRASP 管理后台"><meta name=author content=c0debreak><meta name=robots content=noindex><meta name=viewport content="width=device-width,user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1"><meta http-equiv=X-UA-Compatible content="ie=edge"><link rel=icon href=./favicon.ico type=image/x-icon><link rel="shortcut icon" type=image/x-icon href=/static/favicon.ico><title>管理后台 - OpenRASP - 开源自适应安全防护</title><link href=/static/plugins/font-awesome-4.7.0/css/font-awesome.min.css rel=stylesheet><link href=/static/gfonts/main.css rel=stylesheet><link href=/static/plugins/charts-c3/plugin.css rel=stylesheet><link href=/static/css/app.55611cc7abe6d4911c43a8ec5550dfdd.css rel=stylesheet></head><body class=""><div id=app></div><script type=text/javascript src=/static/js/manifest.2ae2e69a05c33dfc65f8.js></script><script type=text/javascript src=/static/js/vendor.51cbec5bbc7181337bf4.js></script><script type=text/javascript src=/static/js/app.122d023e2cca64b89e23.js></script></body></html>

可能是防火墙问题，检查防火墙设置，开放8086端口

iptables -I INPUT -p tcp --dport 8086 -j ACCEPT

再次访问，web界面正常了。其中用户名固定为 openrasp，初始密码为 admin@123。

image.png

登录成功后，请根据管理后台 - 添加主机文档，了解如何添加第一台主机。

image.png

OpenRASP项目地址https://rasp.baidu.com/