Skip to content

Apache

Jump to bottom Edit New page
Travis Smith edited this page Jul 14, 2017 · 1 revision

Listening Ports:

  • 443
  • 5602
  • 9201

Configuration Files:

  • /etc/apache2/sites-available/default-ssl.conf
  • /etc/apache2/ports.conf
  • /etc/apache2/conf-available/ssl-params.conf
  • /etc/ssl/private/apache-selfsigned.key
  • /etc/ssl/certs/apache-selfsigned.crt
  • /etc/ssl/certs/dhparam.pem

Enabled Modules:

  • ssl
  • headers

Enabled Sites:

  • default-ssl

Enabled Configurations:

  • ssl-params

WebApp Location: /var/www/webapp

Apache2 is installed as part of the prerequisite install process. The installer creates a configuration file with three virtual hosts enabled, each configured to use Basic Authentication. The installer then configures the website to use SSL with a self-signed certificate.

Virtual Hosts

Elasticsearch Virtual Host

Listening Port: 9201

Authenticated By: /etc/apache2/.elasticsearch

Proxy To: https://0.0.0.0:9200

Kibana Virtual Host

Listening Port: 5602

Authenticated By: /etc/apache2/.htpasswd

Proxy To: https://0.0.0.0:5601

Sweet Security WebApp Virtual Host

Listening Port: 443

Authenticated By: /etc/apache2/.htpasswd

Points To: /var/www/webapp

Sweet Security WebApp

The Sweet Security WebApp is built on Python, Flask, and Django. This site is used to receive network scan data from the Sweet Security Client as well as allow the user to control and configure the devices on their network.

Homepage

Path: /

Devices are listed here are pulled from the sweet_security Elasticsearch index. Devices will be highlighted in either green (being monitored) or red (not being monitored).

Device Info:

Path: /device/

Clicking the More Info button from the home page will bring up additional information and control capabilities for individual devices. For each device, you can control/modify:

  • Nickname
  • Isolation Status
  • Monitor Status
  • Default Firewall Action
  • Firewall Configuration
  • Delete Device

Additional information you can see is any websites/ip addresses which have been blocked by the sensor as well as the listening port information for that device.

Alerts

Path: /alerts

The Alerts tab shows any alerts discovered by the Sweet Security Server application. Right now it is only configured to alert on high disk usage and FileCheck.io notifications (optional).

Settings

Path: /settings

The Settings tab will show health information for the Sweet Security Server and each Sensor/Client installed. If anything appears to be amiss with the configuration or operation of Sweet Security, this is a good place to look first.

Email Alerts

If you configured Apache to send alerts during installation, the following email alerts will be sent out when appropriate:

  • New Device Discovered
  • Device Bypassed (monitoring disabled)
  • Device Being Monitored (monitoring enabled)
  • Alerts

Default Configurations

During installation, the following configuration parameters are set to their default values. To change these, go to /settings.

defaultMonitor: 0 (devices will be monitored)
defaultIsolate: 0 (devices not isolated)
defaultFW: 1 (allow traffic)
defaultLogRetention: 0 (do not delete old logs)

Shlu

Add a custom sidebar
Clone this wiki locally