# CRITs Installation on Red Hat Enterprise Linux
# Notes: This is written for users with some Linux experience. Certain details (like when to "cd" or instructions for where to place files when using "wget") are left out to keep the guide concise.
# Prerequisites (out of scope of this guide).
Install RHEL (I used 6.4 x64 minimal build)
Configure networking
Subscribe the system to Red Hat
# Configure repositories.
yum install wget.x86_64
rpm -ivh epel-release-6-8.noarch.rpm
yum install yum-utils.noarch
yum-config-manager --enable rhel-6-server-optional-rpms
yum clean all
yum makecache
# Install some helpful packages ("Development tools" is probably required).
yum install man.x86_64 mlocate.x86_64
yum groupinstall "Development tools"
# Configure iptables as desired (out of scope of this guide, but note that connections to port 443 and possibly 80 are required).
# RHEL comes with Python 2.6, but CRITs requires Python 2.7. It is ill-advised to upgrade the system's version of Python, so we need to setup a Python 2.7 virtual environment for CRITs to run in.
# Helpful references for this:
# Install dependencies for Python/pip/virtualenv.
yum install zlib-dev openssl-devel sqlite-devel bzip2-devel ncurses.x86_64 ncurses-devel.x86_64 gdbm.x86_64 gdbm-devel.x86_64 readline.x86_64 readline-devel.x86_64
# Install Python 2.7. IMPORTANT: Use "make altinstall" instead of "make install" to avoid replacing the existing Python 2.6 binary.
tar -zxf Python-2.7.8.tgz
./configure --enable-shared LDFLAGS="-Wl,-rpath=/usr/local/lib"
make
make altinstall
# Install pip.
tar -zxf setuptools-5.7.tar.gz
python2.7 setup.py install
# Install the virtualenv module and create/activate the Python 2.7 virtual environment for CRITs to use.
pip install virtualenv
virtualenv /usr/CRITsVirtualEnv
source /usr/CRITsVirtualEnv/bin/activate
# Setup the CRITs directory and clone the git repositories.
mkdir /data
mkdir /data/db
cd /data
# Install the dependencies of the CRITs dependencies.
yum install libyaml.x86_64 libyaml-devel.x86_64 ucl.x86_64 ucl-devel.x86_64 libxml2.x86_64 libxml2-devel.x86_64 libxslt.x86_64 libxslt-devel.x86_64
# Fix errors in the CRITs dependency installer script and then run the script.
cd /data/crits_dependencies
sed -ie 's/p7zip-9\.20\.1-2\.el6\.rf\.x86_64\.rpm/p7zip-9\.20\.1-2\.el6\.x86_64\.rpm/' install_dependencies.sh
sed -ie 's/\smatplotlib/ python-matplotlib.x86_64/' install_dependencies.sh
./install_dependencies.sh
# Install other CRITs dependencies that have manual installation procedures.
# M2Crypto.
./fedora_setup.sh build
./fedora_setup.sh install
# PIL.
yum install libjpeg.x86_64 libjpeg-devel.x86_64 zlib.x86_64 zlib-devel.x86_64 freetype.x86_64 freetype-devel.x86_64 lcms2-devel.x86_64
pip install PIL --allow-external PIL --allow-unverified PIL
# mod_wsgi
yum install httpd-devel.x86_64
tar -zxf mod_wsgi-3.4.tar.gz
./configure --with-python=/usr/CRITsVirtualEnv/bin/python
make
make install
# Adjust TCP server parameters.
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo "echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle" >> /etc/rc.local
# Setup the MongoDB database.
cd /data/crits/contrib/mongo/UMA/
./mongod_start.sh
# [Optional] Verify MongoDB started successfully.
mongo
quit()
# Configure and start CRITs
adduser crits
usermod -G crits apache
touch /data/crits/logs/crits.log
chmod 664 /data/crits/logs/crits.log
chgrp -R crits /data/crits/logs
cp /data/crits/crits/config/database_example.py /data/crits/crits/config/database.py
# Edit /data/crits/crits/config/database.py as necessary. In particular, set the SECRET_KEY value to the output of the following or manage.py will not work correctly.
python
from django.utils.crypto import get_random_string as grs
print grs(50, 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)')
cd /data/crits
python manage.py create_default_collections
# Make note of the temporary password created in the following step.
python manage.py users -a -u <userid> -f <fname> -l <lname> -e <email>
python manage.py setconfig allowed_hosts "<ip>,<hostname>,<fqdn>,<etc>"
# Configure Apache.
service httpd stop
cd /data/crits/extras
cp rhel_httpd.conf /etc/httpd/conf/httpd.conf
cp rhel_ssl.conf /etc/httpd/conf.d/ssl.conf
# Fix errors in the CRITs Apache configuration files.
sed -ie 's/^WSGIPythonPath\s\/data\/crits$//' /etc/httpd/conf.d/ssl.conf
echo -e WSGIPythonPath /data/crits:/usr/CRITsVirtualEnv/lib/python2.7/site-packages | sudo tee -a /etc/httpd/conf/httpd.conf
# Creating a self-signed certificate is bad, m'kay.
openssl req -new > new.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 3650
cp new.cert.cert /etc/pki/tls/certs/crits.crt
cp new.cert.key /etc/pki/tls/private/crits.plain.key
# Disabling SELinux is bad, m'kay.
setenforce 0
service httpd start
# That should be it. Access CRITs by browsing to https://<IP/hostname>/crits