PT-TLS SWIMA Client » History » Version 10
Andreas Steffen, 07.07.2017 17:05
| 1 | 1 | Andreas Steffen | h1. PT-TLS SWIMA Client |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 1 | Andreas Steffen | h2. Installing the strongSwan TNC Software |
| 4 | 1 | Andreas Steffen | |
| 5 | 4 | Andreas Steffen | First we have to install some additional Ubuntu packages needed for the strongSwan TNC build |
| 6 | 4 | Andreas Steffen | <pre> |
| 7 | 7 | Andreas Steffen | sudo apt install libssl-dev libcurl4-openssl-dev sqlite3 libsqlite3-dev libjson0-dev |
| 8 | 4 | Andreas Steffen | </pre> |
| 9 | 4 | Andreas Steffen | |
| 10 | 1 | Andreas Steffen | Download the lastest strongSwan tarball |
| 11 | 1 | Andreas Steffen | <pre> |
| 12 | 2 | Andreas Steffen | wget https://download.strongswan.org/strongswan-5.6.0dr1.tar.bz2 |
| 13 | 1 | Andreas Steffen | </pre> |
| 14 | 1 | Andreas Steffen | |
| 15 | 5 | Andreas Steffen | Unpack the tarball |
| 16 | 1 | Andreas Steffen | <pre> |
| 17 | 1 | Andreas Steffen | tar xf strongswan-5.6.0dr1.tar.bz2 |
| 18 | 2 | Andreas Steffen | </pre> |
| 19 | 2 | Andreas Steffen | |
| 20 | 2 | Andreas Steffen | and change into the strongSwan build directory |
| 21 | 2 | Andreas Steffen | <pre> |
| 22 | 6 | Andreas Steffen | cd strongswan-5.6.0dr1 |
| 23 | 2 | Andreas Steffen | </pre> |
| 24 | 2 | Andreas Steffen | |
| 25 | 2 | Andreas Steffen | Configure strongSwan with the following options |
| 26 | 2 | Andreas Steffen | <pre> |
| 27 | 6 | Andreas Steffen | ./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-openssl --enable-tnc-imc --enable-tnccs-20 --enable-imc-os --enable-imc-swima --enable-sqlite --enable-curl |
| 28 | 4 | Andreas Steffen | </pre> |
| 29 | 4 | Andreas Steffen | |
| 30 | 4 | Andreas Steffen | Build and install strongSwan with the commands |
| 31 | 4 | Andreas Steffen | <pre> |
| 32 | 1 | Andreas Steffen | make; sudo make install |
| 33 | 7 | Andreas Steffen | </pre> |
| 34 | 7 | Andreas Steffen | |
| 35 | 7 | Andreas Steffen | h2. Configure the strongSwan "sw-collector" Tool |
| 36 | 7 | Andreas Steffen | |
| 37 | 10 | Andreas Steffen | The *sw-collector* tool allows all software installation events to be collected and stored in an SQLite database. Currently only *apt* history logs generated by the *dpkg* packet manager (Debian, Ubuntu, etc.) can be parsed. Since the tool is installed in a rather unusual place together with other strongSwan executables, we define the following symbolic link |
| 38 | 1 | Andreas Steffen | <pre> |
| 39 | 9 | Andreas Steffen | sudo ln -s /usr/libexec/ipsec/sw-collector /usr/sbin/sw-collector |
| 40 | 9 | Andreas Steffen | </pre> |
| 41 | 9 | Andreas Steffen | |
| 42 | 9 | Andreas Steffen | Then we set up a clean collector database with the command |
| 43 | 9 | Andreas Steffen | <pre> |
| 44 | 7 | Andreas Steffen | sudo -s |
| 45 | 7 | Andreas Steffen | mkdir /etc/pts |
| 46 | 7 | Andreas Steffen | cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db |
| 47 | 7 | Andreas Steffen | </pre> |
| 48 | 7 | Andreas Steffen | |
| 49 | 7 | Andreas Steffen | The *sw-collector* needs some options defined in the */etc/strongswan.conf*/ configuration file |
| 50 | 7 | Andreas Steffen | <pre> |
| 51 | 7 | Andreas Steffen | sw-collector { |
| 52 | 7 | Andreas Steffen | database = sqlite:///etc/pts/collector.db |
| 53 | 7 | Andreas Steffen | history = /var/log/apt/history.log |
| 54 | 7 | Andreas Steffen | first_time = 2017-02-15T20:20:34Z |
| 55 | 7 | Andreas Steffen | rest_api { |
| 56 | 8 | Andreas Steffen | uri = https://admin-user:ietf99hackathon@tnc.example.com/api/ |
| 57 | 7 | Andreas Steffen | } |
| 58 | 7 | Andreas Steffen | } |
| 59 | 7 | Andreas Steffen | </pre> |
| 60 | 7 | Andreas Steffen | |
| 61 | 7 | Andreas Steffen | The date of the original OS installation can be found e.g. with the command |
| 62 | 7 | Andreas Steffen | <pre> |
| 63 | 7 | Andreas Steffen | ls -l --full-time /var/log/bootstrap.log |
| 64 | 1 | Andreas Steffen | -rw-r--r-- 1 root root 57457 2017-02-15 12:20:34.000000000 -0800 /var/log/bootstrap.log |
| 65 | 9 | Andreas Steffen | </pre> |
| 66 | 9 | Andreas Steffen | |
| 67 | 9 | Andreas Steffen | Then we are ready to populate the collector database with all installation events that have already happened. Since there are usually up to 2000 software packages we reduce the debug level for the initial run |
| 68 | 9 | Andreas Steffen | <pre> |
| 69 | 9 | Andreas Steffen | sudo sw-collector --debug 1 |
| 70 | 9 | Andreas Steffen | |
| 71 | 9 | Andreas Steffen | First-Date: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721 |
| 72 | 9 | Andreas Steffen | processing "/etc/lsb-release" file |
| 73 | 9 | Andreas Steffen | operating system name is 'Ubuntu' |
| 74 | 9 | Andreas Steffen | operating system version is '16.04 x86_64' |
| 75 | 9 | Andreas Steffen | Last-Event: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721 |
| 76 | 9 | Andreas Steffen | Start-Date: 2017-02-16T04:20:50Z, eid = 2, epoch = 1849176721 |
| 77 | 9 | Andreas Steffen | Upgrade: |
| 78 | 9 | Andreas Steffen | Start-Date: 2017-02-16T04:23:44Z, eid = 3, epoch = 1849176721 |
| 79 | 9 | Andreas Steffen | Install: |
| 80 | 9 | Andreas Steffen | Start-Date: 2017-02-16T04:37:48Z, eid = 4, epoch = 1849176721 |
| 81 | 9 | Andreas Steffen | Install: |
| 82 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:17:46Z, eid = 5, epoch = 1849176721 |
| 83 | 9 | Andreas Steffen | Upgrade: |
| 84 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:18:15Z, eid = 6, epoch = 1849176721 |
| 85 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:18:23Z, eid = 7, epoch = 1849176721 |
| 86 | 9 | Andreas Steffen | Purge: |
| 87 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:19:08Z, eid = 8, epoch = 1849176721 |
| 88 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:20:01Z, eid = 9, epoch = 1849176721 |
| 89 | 9 | Andreas Steffen | Install: |
| 90 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:20:10Z, eid = 10, epoch = 1849176721 |
| 91 | 9 | Andreas Steffen | Install: |
| 92 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:24:09Z, eid = 11, epoch = 1849176721 |
| 93 | 9 | Andreas Steffen | Install: |
| 94 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:41:44Z, eid = 12, epoch = 1849176721 |
| 95 | 9 | Andreas Steffen | Install: |
| 96 | 9 | Andreas Steffen | Upgrade: |
| 97 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:55:18Z, eid = 13, epoch = 1849176721 |
| 98 | 9 | Andreas Steffen | Install: |
| 99 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:57:02Z, eid = 14, epoch = 1849176721 |
| 100 | 9 | Andreas Steffen | Install: |
| 101 | 9 | Andreas Steffen | Start-Date: 2017-07-07T13:58:05Z, eid = 15, epoch = 1849176721 |
| 102 | 9 | Andreas Steffen | Install: |
| 103 | 9 | Andreas Steffen | Upgrade: |
| 104 | 9 | Andreas Steffen | Start-Date: 2017-07-07T14:01:13Z, eid = 16, epoch = 1849176721 |
| 105 | 9 | Andreas Steffen | Install: |
| 106 | 9 | Andreas Steffen | Start-Date: 2017-07-07T14:02:23Z, eid = 17, epoch = 1849176721 |
| 107 | 9 | Andreas Steffen | Install: |
| 108 | 9 | Andreas Steffen | Start-Date: 2017-07-07T14:03:52Z, eid = 18, epoch = 1849176721 |
| 109 | 9 | Andreas Steffen | Install: |
| 110 | 9 | Andreas Steffen | Upgrade: |
| 111 | 9 | Andreas Steffen | Start-Date: 2017-07-07T14:24:12Z, eid = 19, epoch = 1849176721 |
| 112 | 9 | Andreas Steffen | Install: |
| 113 | 9 | Andreas Steffen | Merging: |
| 114 | 9 | Andreas Steffen | merged 1741 installed packages, 1741 registered in database |
| 115 | 1 | Andreas Steffen | </pre> |