PT-TLS SWIMA Client » History » Version 9
Version 8 (Andreas Steffen, 07.07.2017 16:39) → Version 9/26 (Andreas Steffen, 07.07.2017 16:56)
h1. PT-TLS SWIMA Client
h2. Installing the strongSwan TNC Software
First we have to install some additional Ubuntu packages needed for the strongSwan TNC build
<pre>
sudo apt install libssl-dev libcurl4-openssl-dev sqlite3 libsqlite3-dev libjson0-dev
</pre>
Download the lastest strongSwan tarball
<pre>
wget https://download.strongswan.org/strongswan-5.6.0dr1.tar.bz2
</pre>
Unpack the tarball
<pre>
tar xf strongswan-5.6.0dr1.tar.bz2
</pre>
and change into the strongSwan build directory
<pre>
cd strongswan-5.6.0dr1
</pre>
Configure strongSwan with the following options
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-openssl --enable-tnc-imc --enable-tnccs-20 --enable-imc-os --enable-imc-swima --enable-sqlite --enable-curl
</pre>
Build and install strongSwan with the commands
<pre>
make; sudo make install
</pre>
h2. Configure the strongSwan "sw-collector" Tool
The *sw-collector* tool allows all software installation events to be collected and stored in an SQLite database. Since the tool is installed in a rather unusual place together with other strongSwan executables, First we define the following symbolic link
<pre>
sudo ln -s /usr/libexec/ipsec/sw-collector /usr/sbin/sw-collector
</pre>
Then we set up a clean collector database with the command
<pre>
sudo -s
mkdir /etc/pts
cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db
</pre>
The *sw-collector* needs some options defined in the */etc/strongswan.conf*/ configuration file
<pre>
sw-collector {
database = sqlite:///etc/pts/collector.db
history = /var/log/apt/history.log
first_time = 2017-02-15T20:20:34Z
rest_api {
uri = https://admin-user:ietf99hackathon@tnc.example.com/api/
}
}
</pre>
The date of the original OS installation can be found e.g. with the command
<pre>
ls -l --full-time /var/log/bootstrap.log
-rw-r--r-- 1 root root 57457 2017-02-15 12:20:34.000000000 -0800 /var/log/bootstrap.log
</pre>
Then we are ready to populate the collector database with all installation events that have already happened. Since there are usually up to 2000 software packages we reduce the debug level for the initial run
<pre>
sudo sw-collector --debug 1
First-Date: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
processing "/etc/lsb-release" file
operating system name is 'Ubuntu'
operating system version is '16.04 x86_64'
Last-Event: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
Start-Date: 2017-02-16T04:20:50Z, eid = 2, epoch = 1849176721
Upgrade:
Start-Date: 2017-02-16T04:23:44Z, eid = 3, epoch = 1849176721
Install:
Start-Date: 2017-02-16T04:37:48Z, eid = 4, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:17:46Z, eid = 5, epoch = 1849176721
Upgrade:
Start-Date: 2017-07-07T13:18:15Z, eid = 6, epoch = 1849176721
Start-Date: 2017-07-07T13:18:23Z, eid = 7, epoch = 1849176721
Purge:
Start-Date: 2017-07-07T13:19:08Z, eid = 8, epoch = 1849176721
Start-Date: 2017-07-07T13:20:01Z, eid = 9, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:20:10Z, eid = 10, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:24:09Z, eid = 11, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:41:44Z, eid = 12, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T13:55:18Z, eid = 13, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:57:02Z, eid = 14, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:58:05Z, eid = 15, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T14:01:13Z, eid = 16, epoch = 1849176721
Install:
Start-Date: 2017-07-07T14:02:23Z, eid = 17, epoch = 1849176721
Install:
Start-Date: 2017-07-07T14:03:52Z, eid = 18, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T14:24:12Z, eid = 19, epoch = 1849176721
Install:
Merging:
merged 1741 installed packages, 1741 registered in database
</pre>
h2. Installing the strongSwan TNC Software
First we have to install some additional Ubuntu packages needed for the strongSwan TNC build
<pre>
sudo apt install libssl-dev libcurl4-openssl-dev sqlite3 libsqlite3-dev libjson0-dev
</pre>
Download the lastest strongSwan tarball
<pre>
wget https://download.strongswan.org/strongswan-5.6.0dr1.tar.bz2
</pre>
Unpack the tarball
<pre>
tar xf strongswan-5.6.0dr1.tar.bz2
</pre>
and change into the strongSwan build directory
<pre>
cd strongswan-5.6.0dr1
</pre>
Configure strongSwan with the following options
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-openssl --enable-tnc-imc --enable-tnccs-20 --enable-imc-os --enable-imc-swima --enable-sqlite --enable-curl
</pre>
Build and install strongSwan with the commands
<pre>
make; sudo make install
</pre>
h2. Configure the strongSwan "sw-collector" Tool
The *sw-collector* tool allows all software installation events to be collected and stored in an SQLite database. Since the tool is installed in a rather unusual place together with other strongSwan executables, First we define the following symbolic link
<pre>
sudo ln -s /usr/libexec/ipsec/sw-collector /usr/sbin/sw-collector
</pre>
Then we set up a clean collector database with the command
<pre>
sudo -s
mkdir /etc/pts
cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db
</pre>
The *sw-collector* needs some options defined in the */etc/strongswan.conf*/ configuration file
<pre>
sw-collector {
database = sqlite:///etc/pts/collector.db
history = /var/log/apt/history.log
first_time = 2017-02-15T20:20:34Z
rest_api {
uri = https://admin-user:ietf99hackathon@tnc.example.com/api/
}
}
</pre>
The date of the original OS installation can be found e.g. with the command
<pre>
ls -l --full-time /var/log/bootstrap.log
-rw-r--r-- 1 root root 57457 2017-02-15 12:20:34.000000000 -0800 /var/log/bootstrap.log
</pre>
Then we are ready to populate the collector database with all installation events that have already happened. Since there are usually up to 2000 software packages we reduce the debug level for the initial run
<pre>
sudo sw-collector --debug 1
First-Date: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
processing "/etc/lsb-release" file
operating system name is 'Ubuntu'
operating system version is '16.04 x86_64'
Last-Event: 2017-02-15T20:20:34Z, eid = 1, epoch = 1849176721
Start-Date: 2017-02-16T04:20:50Z, eid = 2, epoch = 1849176721
Upgrade:
Start-Date: 2017-02-16T04:23:44Z, eid = 3, epoch = 1849176721
Install:
Start-Date: 2017-02-16T04:37:48Z, eid = 4, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:17:46Z, eid = 5, epoch = 1849176721
Upgrade:
Start-Date: 2017-07-07T13:18:15Z, eid = 6, epoch = 1849176721
Start-Date: 2017-07-07T13:18:23Z, eid = 7, epoch = 1849176721
Purge:
Start-Date: 2017-07-07T13:19:08Z, eid = 8, epoch = 1849176721
Start-Date: 2017-07-07T13:20:01Z, eid = 9, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:20:10Z, eid = 10, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:24:09Z, eid = 11, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:41:44Z, eid = 12, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T13:55:18Z, eid = 13, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:57:02Z, eid = 14, epoch = 1849176721
Install:
Start-Date: 2017-07-07T13:58:05Z, eid = 15, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T14:01:13Z, eid = 16, epoch = 1849176721
Install:
Start-Date: 2017-07-07T14:02:23Z, eid = 17, epoch = 1849176721
Install:
Start-Date: 2017-07-07T14:03:52Z, eid = 18, epoch = 1849176721
Install:
Upgrade:
Start-Date: 2017-07-07T14:24:12Z, eid = 19, epoch = 1849176721
Install:
Merging:
merged 1741 installed packages, 1741 registered in database
</pre>