1. Installation

2. Configuration

  • Start the computer.

  • Type the passphrase to unlock the computer.

  • Log in as smru with the default live password.

  • Enter the following commands at a Command Line.

    ip address

  • Log in as smru with the default live password using PuTTY.

  • Enter the following commands at a Command Line.

    sudo su -                               # Get root privileges.
passwd                                  # Set root password to level 1.
passwd smru                             # Set smru password to level 2.

  • Enter the following commands at a Command Line with root privileges.

    delta install basic-tools               # Install basic commands like curl and wget.
delta config sudo                       # Install and configure sudo for each user.
delta config legacy-ethernet 10.30.1.2 10.30.1.170 10.30.1.1 test.shoklo-unit.com

  • Restart the computer.

  • Log in as smru using PuTTY.

  • Enter the following commands at a Command Line.

    ip address
ip link list
sudo systemctl --type service
ls -al /etc/resolv.conf
cat /etc/resolv.conf
    sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get autoremove
sudo apt-get autoclean

cat /etc/debian_version
df

# Make sure to have the TBHF-ANC-SKK server listed in the "Allow DNS HTTP HTTPS NTP for Linux servers" Sophos firewall rule.
sudo apt-get --yes install ntp
sudo timedatectl
sudo service ntp stop
sudo ntpd -gq
sudo service ntp start
# Note: It may take some time (several minutes/hours) for it show that the system clock is synchronized.
sudo timedatectl

sudo smru setup vim                     # Install and configure vim editor for each user.
sudo check-syslog                       # Check /var/log/syslog for possible remaining issues.

3. CrowdStrike Sensor

4. ANC Server

  • Enter the following commands at a Command Line.

    sudo smru setup apache                  # Install and configure apache http server.
sudo smru setup exim                    # Install and configure exim message transfer agent.
sudo smru setup php                     # Install and configure php.
sudo smru setup postgresql              # Install and configure postgresql database server.
sudo smru setup samba Other$            # Install and configure samba with Other$ share.

4.1. ANC Debian Packages

  • Enter the following commands at a Command Line.

    sudo apt-get --yes install fakeroot groff make

sudo smru setup git                     # Install and configure git.
sudo smru setup nodejs-22               # Install and configure nodejs.
sudo smru setup jshint                  # Install and configure jshint.
sudo smru setup jslint                  # Install and configure jslint.

# Packages needed for data dictionary.
sudo smru setup jre-headless            # Install and configure headless java runtime environment.

sudo apt-get --yes install graphviz
sudo apt-get install p7zip p7zip-full p7zip-rar
    # Get source code from GitHub repository.
mkdir -p ~/github/git/delta-software-labs
cd ~/github/git/delta-software-labs
git clone https://delta-software-labs@github.com/delta-software-labs/ANC-Application.git
    su -
# Add anc role if it is missing.
# Enter the level 2 password for the anc role.
roles="$(su - postgres --command "psql --dbname postgres --command \"\du;\"")"
echo "${roles}"
if ! echo "${roles}" | grep -iq "^[[:space:]]*anc[[:space:]]"; then
  password="********"
  #password="$(get_password)"
  su - postgres --command "psql --dbname postgres --command \"CREATE ROLE anc WITH LOGIN NOCREATEDB NOCREATEROLE NOINHERIT NOSUPERUSER PASSWORD '${password}';\""
# su - postgres --command "psql --dbname postgres --command \"ALTER ROLE anc WITH PASSWORD '${password}';\""
fi
roles="$(su - postgres --command "psql --dbname postgres --command \"\du;\"")"
echo "${roles}"
exit
    # Only show records of patients with enrolments of last 2 * 365 = 730 days.
psql -d anc-mkt
SELECT * FROM "Parameters";
UPDATE "Parameters" SET "Days" = 730;
SELECT * FROM "Parameters";
\q
    cd ~/github/git/delta-software-labs/ANC-Application
make
make clean
make clean-all
make check

# Note: The smru-anc-data-dictionary package build asks for the level 2 password.
make all

# Copy packages to SMRU repository server.
make publish PUBLISH_TARGET=delta@tbhf-anc-skk:/home/delta

4.2. SMRU Repository

  • Enter the following commands at a Command Line.

    # Create an SMRU.key repository key with the level 2 password.
sudo smru setup gnupg /root/.gnupg/SMRU.key     # Install and configure gnupg.
sudo smru setup repository                      # Install and configure repository.

# List debian packages in repository.
cd /var/www/html/debian
sudo reprepro list smru

# Remove existing packages from repository.
packages=$(sudo reprepro list smru | sed -e 's/^.*: //g' | sed -e 's/ .*$//g')
for package in "$packages"; do sudo reprepro remove smru $package; done         # Use level 2 password.

# Add debian packages to new repository.
sudo reprepro export                                                            # Use level 2 password.
packages=$(ls /home/delta/smru-*.deb)
for package in "$packages"; do sudo reprepro includedeb smru $package; done     # Use level 2 password.
sudo reprepro list smru
cd -
    sudo smru config apt tbhf-anc-skk               # Make this computer the SMRU repository server.
sudo apt-get update

4.3. ANC Application

  • Enter the following commands at a Command Line.

    sudo smru setup anc-application

  • Browse to http://10.30.1.2/anc-app.

    2024-12-23 15:29:36 delta@tbhf-anc-skk ~/github/git/delta-software-labs/ANC-Application$ sudo delta setup anc-application
[sudo] password for root:
anc-application
:: Checking internet connectivity.
:: Installing package: smru-anc-application smru-anc-data-dictionary smru-anc-tools smru-cerise-framework.
:: Configuring anc-application.
:: Replace the asterisks by the appropriate passwords in the /home/delta/anc-db.sql file.
:: Then type the following two commands.
:: PSQLOPTIONS='--no-psqlrc --pset pager=off --quiet --set ON_ERROR_STOP=1 --single-transaction'
:: psql $PSQLOPTIONS --dbname anc-db --file /home/delta/anc-db.sql
:: Replace the asterisks in the [database] section by the level 2 password in the /home/delta/anc-db.ini file.
:: Replace the asterisks in the other sections by the appropriate passwords in the /home/delta/anc-db.ini file.
:: Creating anc-db database.
    cd /var/www/html/anc-app
php -a
require('cerise/cCerise.php');
print cCerise::run('config/cerise.ini')->send();
quit
    PHP Warning:  session_start(): Cannot start session when headers already sent in /var/www/html/anc-app/controllers/BaseController.php on line 46
PHP Notice:  Undefined index: SERVER_NAME in /var/www/html/anc-app/controllers/Main.php on line 29
PHP Notice:  Undefined index: SERVER_NAME in /var/www/html/anc-app/controllers/Main.php on line 29
PHP Notice:  Undefined index: SERVER_NAME in /var/www/html/anc-app/controllers/Main.php on line 32
PHP Notice:  Undefined index: SERVER_NAME in /var/www/html/anc-app/controllers/Main.php on line 32
PHP Warning:  Uncaught Error: Call to a member function prepare() on null in /var/www/html/anc-app/controllers/Main.php:41
Stack trace:
#0 /var/www/html/anc-app/cerise/core/cDispatcher.php(36): Main->index()
#1 /var/www/html/anc-app/cerise/cCerise.php(59): cDispatcher->dispatch()
#2 php shell code(1): cCerise::run()
#3 {main}
  thrown in /var/www/html/anc-app/controllers/Main.php on line 41
php > quit

5. SSH Configuration

cd /tmp
scp -p delta@tbhf-anc-mrm:/media/Windows/Software/_Delta/id_rsa-auto.pub .
cat id_rsa.pub >> ~delta/.ssh/authorized_keys
cat ~delta/.ssh/authorized_keys
ssh.exe -i id_rsa-auto delta@10.10.1.222
ssh.exe -i id_rsa-auto delta@tbhf-anc-skk

6. Appache Configuration

vi /etc/apache2/sites-available/000-default.conf
vi /etc/apache2/sites-available/default-ssl.conf
a2enmod ssl
curl --insecure https://localhost
sudo cp -a /etc/apache2/ports.conf  /etc/apache2/ports.conf.org
sudo vi /etc/apache2/ports.conf
# Add the "Listen 5000" line.
# Add the "Listen 5001" line.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/5000-default.conf
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/5001-default-ssl.conf
sudo vi /etc/apache2/sites-available/5000-default.conf
# Change port 80 to port 5000.

sudo vi /etc/apache2/sites-available/5001-default-ssl.conf
# Change port 443 to port 5000.

sudo a2ensite 5000-default
sudo a2ensite 5001-default-ssl
sudo systemctl restart apache2

curl --silent http://localhost      | grep -i 'it works'
curl --silent http://localhost:80   | grep -i 'it works'
curl --silent http://localhost:5000 | grep -i 'it works'

curl --insecure --silent https://localhost      | grep -i 'it works'
curl --insecure --silent https://localhost:443  | grep -i 'it works'
curl --insecure --silent https://localhost:5001 | grep -i 'it works'