2016-04-12 14:39:18 +02:00
|
|
|
Skeleton Monarc Project
|
|
|
|
=======================
|
|
|
|
|
2017-02-06 08:47:37 +01:00
|
|
|
*Disclaimer: This is a work in progress and software is still in alpha stage.*
|
|
|
|
|
2016-04-12 14:39:18 +02:00
|
|
|
Introduction
|
|
|
|
------------
|
2017-06-21 22:39:25 +02:00
|
|
|
CASES promotes information security through the use of behavioral,
|
|
|
|
organizational and technical measures. Depending on its size and its security
|
|
|
|
needs, organizations must react in the most appropriate manner.
|
|
|
|
Adopting good practices, taking the necessary measures and adjusting them
|
|
|
|
proportionally: all this is part of the process to ensure information security.
|
|
|
|
Most of all, it depends on performing a risk analysis on a regular basis.
|
|
|
|
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
|
|
investment represented by this approach in terms of the required cost and
|
|
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
|
|
|
|
To remedy this situation and allow all organizations, both large and small, to
|
|
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
|
|
|
optimised risk analysis method: MONARC (Method for an Optimised aNAlysis of
|
|
|
|
Risks by CASES), allowing precise and repeatable risk management.
|
|
|
|
|
|
|
|
The advantage of MONARC lies in the capitalization of risk analyses already
|
|
|
|
performed in similar business contexts: the same vulnerabilities
|
|
|
|
regularly appear in many businesses, as they face the same threats and generate
|
|
|
|
similar risks. Most companies have servers, printers, a fleet of smartphones,
|
|
|
|
Wi-Fi antennas, etc. therefore the vulnerabilities and threats are the same.
|
|
|
|
It is therefore sufficient to generalize risk scenarios for these assets (also
|
|
|
|
called objects) by context and/or business.
|
2016-04-12 14:39:18 +02:00
|
|
|
|
2017-02-13 15:39:06 +01:00
|
|
|
More information: [Optimised risk analysis Method] (https://www.cases.lu/index-quick.php?dims_op=doc_file_download&docfile_md5id=56ee6ff569a40a5b52bed0e526a6a77f) (pdf)
|
|
|
|
|
2016-04-12 14:39:18 +02:00
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
2017-01-31 10:45:04 +01:00
|
|
|
PHP & MySQL
|
|
|
|
-----------
|
2017-06-21 22:39:25 +02:00
|
|
|
Install PHP (version 7.0 recommended) with extensions : xml, mbstring, mysql,
|
|
|
|
zip, unzip, mcrypt, intl, gettext, imagick (extension php)
|
|
|
|
|
|
|
|
In php.ini, set *upload_max_filesize* to 200Mo
|
|
|
|
|
2017-03-09 08:27:30 +01:00
|
|
|
Install Apache (or Nginx) and enable mods : rewrite, ssl (a2enmod)
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
Install MySQL (version 5.7 recommended) or MariaDb.
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
|
2016-04-12 14:39:18 +02:00
|
|
|
Using Composer (recommended)
|
|
|
|
----------------------------
|
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
Alternately, clone the repository and invoke `composer` using the
|
|
|
|
shipped `composer.phar`:
|
2016-04-12 14:39:18 +02:00
|
|
|
|
|
|
|
cd my/project/dir
|
2017-03-09 08:27:30 +01:00
|
|
|
git clone https://github.com/CASES-LU/MonarcAppFO.git ./monarc
|
2017-06-21 22:14:51 +02:00
|
|
|
cd monarc/
|
|
|
|
chown -R www-data data
|
|
|
|
chmod -R g+w data
|
2016-04-12 14:39:18 +02:00
|
|
|
php composer.phar self-update
|
2017-05-26 10:36:54 +02:00
|
|
|
php composer.phar install -o
|
2016-04-12 14:39:18 +02:00
|
|
|
|
|
|
|
(The `self-update` directive is to ensure you have an up-to-date `composer.phar`
|
|
|
|
available.)
|
|
|
|
|
2017-02-03 16:11:38 +01:00
|
|
|
![Arbo](public/img/arbo1.png "Arbo")
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
|
2017-01-31 10:45:04 +01:00
|
|
|
Databases
|
|
|
|
---------
|
2017-05-26 10:36:54 +02:00
|
|
|
Create 2 databases:
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-03-01 10:58:23 +01:00
|
|
|
CREATE DATABASE monarc_cli DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
|
|
|
|
CREATE DATABASE monarc_common DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
Change SQL Mode in my.cnf:
|
2017-02-01 11:09:55 +01:00
|
|
|
|
2017-03-09 08:27:30 +01:00
|
|
|
[mysqld]
|
2017-02-01 16:40:23 +01:00
|
|
|
sql-mode = MYSQL40
|
2017-02-03 16:27:52 +01:00
|
|
|
|
2017-05-26 10:55:39 +02:00
|
|
|
There are 2 databases:
|
2017-06-21 22:39:25 +02:00
|
|
|
* monarc_common contains models and data created by CASES;
|
|
|
|
* monarc_cli contains all client risk analyses. Each analysis is based on CASES
|
|
|
|
model of monarc_common.
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
API
|
|
|
|
---
|
2017-02-03 16:27:52 +01:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
The project is composed of 2 parts:
|
|
|
|
* an API in charge of retrieving data;
|
|
|
|
* an interface which displays data.
|
2017-02-03 16:27:52 +01:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
The API is not directly modules of the project but libraries.
|
|
|
|
You must create modules with symbolic links to libraries.
|
|
|
|
Create 2 symbolic links in the root of project directory:
|
2017-01-31 10:45:04 +01:00
|
|
|
|
|
|
|
mkdir module
|
2017-06-21 22:39:25 +02:00
|
|
|
cd module/
|
|
|
|
ln -s ./../vendor/monarc/core MonarcCore
|
|
|
|
ln -s ./../vendor/monarc/frontoffice MonarcFO
|
2017-06-21 22:14:51 +02:00
|
|
|
|
2017-05-26 10:36:54 +02:00
|
|
|
There are 2 parts:
|
2017-06-21 22:14:51 +02:00
|
|
|
* one only for front office;
|
|
|
|
* one common for front office and back office (private project).
|
2017-02-03 16:27:52 +01:00
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
It is developed with Zend framework 2.
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-02-03 16:11:38 +01:00
|
|
|
![Arbo](public/img/arbo2.png "Arbo")
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-02-03 16:11:38 +01:00
|
|
|
Interfaces
|
|
|
|
----------
|
2017-06-21 22:39:25 +02:00
|
|
|
Repository for Angular at the root of the project:
|
2017-02-03 16:11:38 +01:00
|
|
|
|
|
|
|
mkdir node_modules
|
|
|
|
cd node_modules
|
|
|
|
git clone https://github.com/CASES-LU/ng-client.git ng_client
|
|
|
|
git clone https://github.com/CASES-LU/ng-anr.git ng_anr
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-05-26 10:55:39 +02:00
|
|
|
There are 2 parts:
|
2017-06-21 22:39:25 +02:00
|
|
|
* one only for front office: ng_client;
|
|
|
|
* one common for front office and back office: ng_anr.
|
2017-02-03 16:27:52 +01:00
|
|
|
|
2017-06-21 22:14:51 +02:00
|
|
|
It is developed with Angular framework version 1
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
![Arbo](public/img/arbo3.png "Arbo")
|
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
|
2016-04-12 14:39:18 +02:00
|
|
|
Web Server Setup
|
|
|
|
----------------
|
|
|
|
|
|
|
|
### PHP CLI Server
|
|
|
|
|
2017-06-21 22:39:25 +02:00
|
|
|
The simplest way to get started if you are using PHP 5.4 or above is to start
|
|
|
|
the internal PHP cli-server in the root directory:
|
2016-04-12 14:39:18 +02:00
|
|
|
|
|
|
|
php -S 0.0.0.0:8080 -t public/ public/index.php
|
|
|
|
|
|
|
|
This will start the cli-server on port 8080, and bind it to all network
|
|
|
|
interfaces.
|
|
|
|
|
2017-06-21 22:14:51 +02:00
|
|
|
Note: The built-in CLI server is **for development only**.
|
2016-04-12 14:39:18 +02:00
|
|
|
|
|
|
|
### Apache Setup
|
|
|
|
|
2017-06-21 22:14:51 +02:00
|
|
|
To setup Apache, setup a virtual host to point to the public/ directory of the
|
2016-04-12 14:39:18 +02:00
|
|
|
project and you should be ready to go! It should look something like below:
|
|
|
|
|
|
|
|
<VirtualHost *:80>
|
|
|
|
ServerName monarc.localhost
|
|
|
|
DocumentRoot /path/to/monarc/public
|
|
|
|
SetEnv APPLICATION_ENV "development"
|
|
|
|
<Directory /path/to/monarc/public>
|
|
|
|
DirectoryIndex index.php
|
|
|
|
AllowOverride All
|
2017-03-10 14:58:53 +01:00
|
|
|
Require all granted
|
2016-04-12 14:39:18 +02:00
|
|
|
</Directory>
|
|
|
|
</VirtualHost>
|
2016-04-12 17:40:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
Database connection
|
|
|
|
-------------------
|
|
|
|
|
2017-01-31 10:45:04 +01:00
|
|
|
Create file `config/autoload/local.php`:
|
2016-04-12 17:40:50 +02:00
|
|
|
|
|
|
|
return array(
|
|
|
|
'doctrine' => array(
|
|
|
|
'connection' => array(
|
|
|
|
'orm_default' => array(
|
|
|
|
'params' => array(
|
|
|
|
'host' => 'host',
|
|
|
|
'user' => 'user',
|
|
|
|
'password' => 'password',
|
2017-01-31 10:45:04 +01:00
|
|
|
'dbname' => 'monarc_common',
|
|
|
|
),
|
|
|
|
),
|
|
|
|
'orm_cli' => array(
|
|
|
|
'params' => array(
|
|
|
|
'host' => 'host',
|
|
|
|
'user' => 'user',
|
|
|
|
'password' => 'password',
|
|
|
|
'dbname' => 'monarc_cli',
|
2016-04-12 17:40:50 +02:00
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
);
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
|
2017-01-31 10:45:04 +01:00
|
|
|
Configuration
|
|
|
|
-------------
|
|
|
|
|
2017-05-26 10:55:39 +02:00
|
|
|
Create configuration file
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-03-09 08:27:30 +01:00
|
|
|
sudo cp ./config/autoload/local.php.dist ./config/autoload/local.php
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
Update connection information to local.php and global.php
|
|
|
|
|
|
|
|
Configuration files are stored in cache.
|
2017-06-21 22:39:25 +02:00
|
|
|
If your changes have not been considered, empty cache by deleting file in
|
|
|
|
/data/cache
|
2017-01-31 10:45:04 +01:00
|
|
|
|
|
|
|
Install Grunt
|
|
|
|
-------------
|
|
|
|
|
|
|
|
sudo apt-get install nodejs
|
|
|
|
sudo apt-get install npm
|
|
|
|
sudo npm install -g grunt-cli
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
Only for linux systems:
|
|
|
|
|
|
|
|
sudo ln -s /usr/bin/nodejs /usr/bin/node (only linux)
|
2017-01-31 10:45:04 +01:00
|
|
|
|
|
|
|
Update project
|
|
|
|
--------------
|
2017-05-26 10:36:54 +02:00
|
|
|
Play script (mandatory from the root of the project)(pull and migrations):
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-06-21 22:14:51 +02:00
|
|
|
/bin/bash ./scripts/update-all.sh
|
2017-05-26 10:36:54 +02:00
|
|
|
|
|
|
|
This shell script uses others shell scripts. You may need to change the access rights of those scripts.
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-02-03 16:27:52 +01:00
|
|
|
Create Initial User and Client
|
|
|
|
------------------------------
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2017-06-21 22:14:51 +02:00
|
|
|
Modify email and password (firstname or lastname) of first user in ./module/MonarcFO/migrations/seeds/AdminUserInit.php
|
2017-02-01 11:09:55 +01:00
|
|
|
|
|
|
|
If you have a mail server, you can keep default password and click on "Password forgotten ?" after user creation.
|
2017-01-31 10:45:04 +01:00
|
|
|
|
|
|
|
Create first user:
|
|
|
|
|
2017-02-03 15:45:25 +01:00
|
|
|
php ./vendor/robmorgan/phinx/bin/phinx seed:run -c ./module/MonarcFO/migrations/phinx.php
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-02-03 15:45:25 +01:00
|
|
|
Data Model
|
|
|
|
----------
|
|
|
|
|
2017-02-06 12:49:25 +01:00
|
|
|
monarc_cli
|
|
|
|
![monarc_cli](public/img/model-cli.png "monarc_cli")
|
|
|
|
|
|
|
|
|
|
|
|
monarc_common
|
|
|
|
![monarc_common](public/img/model-common.png "monarc_common")
|
2017-02-06 09:18:18 +01:00
|
|
|
|
|
|
|
License
|
|
|
|
-------
|
|
|
|
|
2017-02-06 08:24:06 +01:00
|
|
|
This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
|
|
|
|
Copyright (C) 2016-2017 SMILE gie securitymadein.lu
|