Project

General

Profile

History

strongSwan User Documentation » Trusted Network Connect (TNC) HOWTO » Software Inventory Message and Attributes for PA-TNC (SWIMA) »

PT-TLS SWIMA Client » History » Version 9

« Previous - Version 9/26 (diff) - Next » - Current version
Andreas Steffen, 07.07.2017 16:56

PT-TLS SWIMA Client

Installing the strongSwan TNC Software

First we have to install some additional Ubuntu packages needed for the strongSwan TNC build

 sudo apt install libssl-dev libcurl4-openssl-dev sqlite3 libsqlite3-dev libjson0-dev

Download the lastest strongSwan tarball

wget https://download.strongswan.org/strongswan-5.6.0dr1.tar.bz2

Unpack the tarball

tar xf strongswan-5.6.0dr1.tar.bz2

and change into the strongSwan build directory

cd strongswan-5.6.0dr1

Configure strongSwan with the following options

./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-openssl --enable-tnc-imc --enable-tnccs-20 --enable-imc-os --enable-imc-swima --enable-sqlite --enable-curl

Build and install strongSwan with the commands

make; sudo make install

Configure the strongSwan "sw-collector" Tool

The sw-collector tool allows all software installation events to be collected and stored in an SQLite database. Since the tool is installed in a rather unusual place together with other strongSwan executables, we define the following symbolic link

sudo ln -s /usr/libexec/ipsec/sw-collector /usr/sbin/sw-collector

Then we set up a clean collector database with the command

sudo -s
mkdir /etc/pts
cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db

The sw-collector needs some options defined in the /etc/strongswan.conf/ configuration file

sw-collector {
  database = sqlite:///etc/pts/collector.db
  history = /var/log/apt/history.log
  first_time = 2017-02-15T20:20:34Z
  rest_api {
    uri = https://admin-user:ietf99hackathon@tnc.example.com/api/
  }
}

The date of the original OS installation can be found e.g. with the command

ls -l --full-time /var/log/bootstrap.log
-rw-r--r-- 1 root root 57457 2017-02-15 12:20:34.000000000 -0800 /var/log/bootstrap.log

Then we are ready to populate the collector database with all installation events that have already happened. Since there are usually up to 2000 software packages we reduce the debug level for the initial run

sudo sw-collector --debug 1

First-Date: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
processing "/etc/lsb-release" file
operating system name is 'Ubuntu'
operating system version is '16.04 x86_64'
Last-Event: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
Start-Date: 2017-02-16T04:20:50Z, eid = 2, epoch = 1849176721
  Upgrade:
Start-Date: 2017-02-16T04:23:44Z, eid = 3, epoch = 1849176721
  Install:
Start-Date: 2017-02-16T04:37:48Z, eid = 4, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:17:46Z, eid = 5, epoch = 1849176721
  Upgrade:
Start-Date: 2017-07-07T13:18:15Z, eid = 6, epoch = 1849176721
Start-Date: 2017-07-07T13:18:23Z, eid = 7, epoch = 1849176721
  Purge:
Start-Date: 2017-07-07T13:19:08Z, eid = 8, epoch = 1849176721
Start-Date: 2017-07-07T13:20:01Z, eid = 9, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:20:10Z, eid = 10, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:24:09Z, eid = 11, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:41:44Z, eid = 12, epoch = 1849176721
  Install:
  Upgrade:
Start-Date: 2017-07-07T13:55:18Z, eid = 13, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:57:02Z, eid = 14, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T13:58:05Z, eid = 15, epoch = 1849176721
  Install:
  Upgrade:
Start-Date: 2017-07-07T14:01:13Z, eid = 16, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T14:02:23Z, eid = 17, epoch = 1849176721
  Install:
Start-Date: 2017-07-07T14:03:52Z, eid = 18, epoch = 1849176721
  Install:
  Upgrade:
Start-Date: 2017-07-07T14:24:12Z, eid = 19, epoch = 1849176721
  Install:
Merging:
  merged 1741 installed packages, 1741 registered in database