Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pakiti.

Published byJames Chandler Modified over 10 years ago

Similar presentations

Presentation on theme: "Pakiti."— Presentation transcript:

1 Pakiti

2 Pakiti Client Setup Install one small client rpm on the clients and a configuration file. pakiti-client noarch.rpm edit /etc/pakiti/pakiti-client.conf to point to the web server, select yum/apt/up2date, and insert sys admins name

3 Extract from the README for more details:
tmp]# more /usr/share/doc/pakiti-server-1/README.SERVER INTRODUCTION The Pakiti Client is a small Perl script, which will check what packages are available to install on the system and report them to the central Pakiti Server. WHAT DOES IT DO? It simply gather packages provided by your vendor and send the list to the server. Pakiti DOES NOT INSTALL ANY UPDATED PACKAGE. HOW AVAILABLE PACKAGES ARE GATHERED? Pakiti can currently use 3 tools to gather information about available packages: - yum - up2date - apt-get Of course, the tool you choose MUST be first properly configured to be able to install updated packages relevant to your distri bution. For instance, if you decide to go for yum, it MUST point to a relevant yum repository.

4 HOW ARE THEY REPORTED TO THE SERVER?
The Pakiti client send an HTTP message to the server containing the list of available packages. It is recommended to use HTTPS to authenticate the remote server and to send information through a secure channel. To use HTTPS , your Pakiti configuration file MUST contains the full path of the certificate of the CA who issued the Pakiti server's certif icate. In this way, the Pakiti client will be able to check the Pakiti server's certificate. Of course, to use HTTPS, your Paki ti server MUST be HTTPS enabled. WHERE CAN I CONFIGURE Pakiti CLIENT? There is only on configuration file to setup the Pakiti client. It is located here: /etc/pakiti/pakiti-client.conf It contains the following information: # Configuration file for Pakiti. # URL of your local Pakiti server. HTTPS is strongly recommended! server_url = # CA Path for HTTPS connection to your local Pakiti server. # This is mandatory for HTTPS. ca_certificate = /etc/grid-security/certificates/ # Curl binary, with the options you like curl_path = /usr/bin/curl -s # Delay (minutes) delay = 0 # Package handling tool: 'up2date' or 'yum' or 'apt-get' method = apt-get # section: the contact for the system. # Put something small that can identify your site. admin = My_Organization Production # Log file location. log = /var/log/pakiti/pakiti.log

5 Pakiti Server Setup Need to install it on a web server
Install the server rpm Configure MySQL Configure httpd

6 HOW CAN I CONFIGURE A PAKITI SERVER?
On a RHEL/SL system, the following steps should be sufficient: 1. Install Apache, PHP, mysql-server, mod_ssl, php-mysql and pakiti-client # apt-get install httpd php mysql-server php-mysql mod_ssl pakiti-client If some other dependency are needed, the packages should be available through your vendor. For more information about installing the client, please see the previous section. 2. Install Pakiti-server Download the latest RPM and run: # rpm -i pakiti-server-*.rpm 3. Configure the MySQL server Configure MySQL to start at boot # chkconfig --level 235 mysqld on Start the mysqld service # /etc/init.d/mysqld start Change the MySQL root password # /usr/bin/mysql mysql ~ update mysql.user set Password=PASSWORD('strong_root_password') where User='root' and Host='localhost'; ~ flush privileges; ~ quit; Create the pakiti database # mysqladmin -u root -p create pakiti Fill the tables # /usr/bin/mysql -u root -p pakiti < /usr/share/doc/pakiti-server-*/pakiti.sql Create a Pakiti user # /usr/bin/mysql -u root -p mysql ~ GRANT SELECT,INSERT,UPDATE,DELETE ON pakiti.* TO IDENTIFIED BY 'mysql_password'; Of course, 'mysql_user'and 'mysql_password' are up to you.

7 4. Configure Apache It is *strongly* recommended to use HTTPS and client authentication. One way of doing this is to create a /etc/httpd/conf.d/pakiti.conf containing: <VirtualHost :443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateKeyFile <YOUR_HOST_KEY_PATH> SSLCertificateFile <YOUR_HOST_CERTIFICATE_PATH> SSLCACertificatePath /etc/grid-security/certificates DocumentRoot /var/lib/pakiti/www/ ErrorLog logs/pakiti-error CustomLog logs/pakiti-access common Alias /feed "/var/lib/pakiti/feed" <Directory "/var/lib/pakiti/feed"> SSLRequireSSL Options -All AllowOverride None DirectoryIndex index.php </Directory> <Directory "/var/lib/pakiti/www/"> SSLVerifyClient require SSLVerifyDepth SSLCACertificatePath /etc/grid-security/certificates/ SSLOptions FakeBasicAuth AuthName "Pakiti: YOUR CERTIFICATE MUST BE REGISTERED" AuthType Basic require valid-user AuthUserFile /var/lib/pakiti/users </VirtualHost>

8 Then people can be authenticated by putting their DN in /var/lib/pakiti/users such as:
/C=CH/O=CERN/OU=GRID/CN=Romain Wartel 7120:xxj31ZMTZzkVA Note that FakeBasicAuth must have ":xxj31ZMTZzkVA" as a suffix of every DN. The format is the following: <DN of user 1>:xxj31ZMTZzkVA <DN of user 2>:xxj31ZMTZzkVA <DN of user 3>:xxj31ZMTZzkVA ... For more details refer to Apache's FakeBasicAuth documentation.

9 5. Configure the Pakiti Server
The configuration of the Pakiti server can be changed in /etc/pakiti/pakiti-server.conf # Configuration file for the Pakiti webinterface. # Set the parameters for connecting to # the Pakiti database. [mysql] hostname = localhost dbname = pakiti username = mysql_user password = mysql_password [webinterface] # URL of your local Pakiti server url = title = My_Organization # Reference URL to download the list of security RPMs. # This setting should normally *not* be changed. [security_module] security_rpms = [reporting] # This section contains details about statistics and full reports # that can be exported from this local Pakiti server to central Pakiti servers. # URLs of trusted *central* Pakiti servers, separated by ';' # that would receive statistics from this local Pakiti server #send_stats_to = # that would receive detailed reports from this local Pakiti server #send_detailed_report_to = # CA Path for HTTPS reporting to the central servers. This is mandatory for HTTPS ca_certificate = /etc/grid-security/certificates/ # Curl binary to connect to the central Pakiti servers, with the options you like curl_path = /usr/bin/curl -s

10 Known Bugs RHEL 2.1 is using curl 7.8.1, which does not support SSL. This version of curl has also limited buffers. As a result, if the sy stem tries to report a large number of packages to be installed (>50), the reporting process might be broken. There are two workarounds: 1. Apply a few patches to reduce the number of outstanding updates. your system should not have a large number of fixes to appl y! 2. Update the curl package to curl The installation might not be nice, you might need to install it with "--no-deps" and you might need to create the following synlink: ln -s /usr/lib/libcurl.so.2 /usr/lib/libcurl.so.1 Note that curl handles SSL. Contact Please contact Romain Wartel for any information.

11 pakiti Shows all nodes grouped by OS version

12 pakiti 2 Shows Unpatched nodes

13 pakiti 3 Shows only vulnerable nodes Shows Nodes not responding

Download ppt "Pakiti."

Similar presentations

How to Deploy a Cloud Based Webserver in 5 minutes.

How to Deploy a Cloud Based Webserver in 5 minutes.
WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.
Shining A Light on Open Source Software: Going Beyond LAMPP Serving Web Content Using Open Source Software.

Shining A Light on Open Source Software: Going Beyond LAMPP Serving Web Content Using Open Source Software.
Installation of MySQL Objectives –Install MySQL Contents –Getting the enviroment for building MySQL server –Rebuilding SRPMS –Removing existing –Installing.

Installation of MySQL Objectives –Install MySQL Contents –Getting the enviroment for building MySQL server –Rebuilding SRPMS –Removing existing –Installing.
FIRST SESSION - XAMPP Jeongmin Lee.  Jeongmin Lee  CS  PHD  Machine Learning, AI  Web System Development.

FIRST SESSION - XAMPP Jeongmin Lee.  Jeongmin Lee  CS  PHD  Machine Learning, AI  Web System Development.
What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.

What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.

Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Access control and user management in Apache 1WUCM1.

Access control and user management in Apache 1WUCM1.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
SYST 28043 Web Technologies SYST 28043 Web Technologies Installing a Web Server (XAMPP)

SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
Smart Card Single Sign On with Access Gateway Enterprise Edition

Smart Card Single Sign On with Access Gateway Enterprise Edition
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.

Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
Linux Operations and Administration

Linux Operations and Administration
1Computer Sciences Department Princess Nourah bint Abdulrahman University.

1Computer Sciences Department Princess Nourah bint Abdulrahman University.

Similar presentations

Ads by Google