Skip to content

Upgrading Shepherd 3.0 to 3.1

Jump to bottom
Rob Conan edited this page Oct 11, 2018 · 5 revisions

Upgrading from 3.0 to 3.1

In order to upgrade your Security Shepherd 3.0 VM to 3.1 follow the steps below.

  1. Update the base image
  2. Install Java 8
  3. Uninstall Tomcat 7
  4. Install Tomcat 8
  5. Configure environment
  6. Install Security Shepherd WAR file
  7. Complete Setup
  8. Start Hacking

Update the base image

In order to update the base image connect to the VM (console or SS) Once connected run the following commands:

sudo apt-get update
sudo apt-get upgrade

Install Java 8

Security Shepherd v3.1 requires Java 8 to run. First, check if you have Java 8 installed

java -version

If you see java version "1.7.X_xxx" you will need to update to 1.8.
Follow these steps:

  1. Add the Java 8 repository
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
  1. Install Java 8 and set it as your default Java
sudo apt-get install oracle-java8-set-default
  1. Double check that Java 8 is now set as your default Java version by running java -version again. Your output should resemble the one below
securityshepherd@shepherdVm:~$ java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

Uninstall Tomcat 7

THIS WILL DELETE ALL WEB APPLICATIONS IN THE PROCESS - IF YOU HAVE OTHER WEBSERVICES RUNNING ON THIS VM - THEY WILL BE DELETED ALSO - YOU HAVE BEEN WARNED

  1. Run the following command to remove Tomcat7 and all associated Configurations/Data
sudo apt-get purge tomcat7

Install Tomcat 8

Tomcat 8 can be install in any directory as the user (you) see fit. For this example we will install Tomcat 8 to /opt/.

  1. Get the link to Tomcat 8 (*.tar.gz) from the Apache site (https://tomcat.apache.org/download-80.cgi) - Right click on the core > tar.gz link and select Copy Link
  2. Download Tomcat 8 with wget
cd /opt/
sudo wget http://apache.mirrors.tds.net/tomcat/tomcat-8/v8.5.34/bin/apache-tomcat-8.5.34.tar.gz
  1. Extract Tomcat 8 and delete the original .tar.gz archive
sudo tar xvzf apache-tomcat-8.5.34.tar.gz && sudo rm apache-tomcat-8.5.34.tar.gz

Configure environment

  1. Create a tomcat group and assign the securityshepherd user as a member
sudo groupadd tomcat
sudo usermod -a -G tomcat securityshepherd
  1. Relogin to apply these changes and check that tomcat is know in our user's groups by running groups 
su securityshepherd
groups

Ensure that tomcat is found within the returned list

  1. Assign ownership of the /opt/apache-tomcat-8.5.34 directory (and its contents) to the tomcat user and group
sudo chown -R tomcat:tomcat /opt/apache-tomcat-8.5.34
  1. Check if $JAVA_HOME and $CATALINA_OUT are set by running the following commands.
echo $JAVA_HOME
echo $CATALINA_OUT

If either return with an error or blank line they must be configured. $CATALINA_OUT will need to be set to the location of Tomcat 8 (From step 3 we know this is /opt/apache-tomcat-8.5.34).
Run the following command to find out where java is running from.

securityshepherd@shepherdVm:~$ readlink -f $(which java)
/usr/lib/jvm/java-8-oracle/jre/bin/java
  1. Open your a text editor to ~/.profile and append the following two lines to the end of the file
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export CATALINA_HOME=/opt/apache-tomcat-8.5.34

Observe that JAVA_HOME is not set to the full path returned from the readlink command

  1. Reload ~/.profile by running
source ~/.profile
  1. Start Tomcat 8 by running the following command
$CATALINA_HOME/bin/startup.sh

If everything was successful when you navigate to < MachineIP >:8080 you should now see the Tomcat 8 landing page

Install and Configure Security Shepherd WAR file

Once Tomcat 8 has been installed it must be configured to use HTTPS (this is a security application after all).

  1. Download the Server Config Example from here
  2. Edit this example on line 87 and update the keystoreFile and keystorePass values to the path of the keystore file and shepherd (or your original keystore passphrase)
  3. Replace server.xml in /opt/apache-tomcat-8.5.34/conf/ with configuration from step 2.
  4. Ensure the server.xml permissions are correct.
chmod 644 /opt/apache-tomcat-8.5.34/conf/server.xml
  1. Delete the data within the Tomcat 8 webapps folder
sudo rm -R /opt/apache-tomcat-8.5.34/webapps/*
  1. Download the Security Shepherd WAR file from the manual pack and extract it
wget https://github.com/OWASP/SecurityShepherd/releases/download/v3.1/owaspSecurityShepherd_v3.1_ManualPack.zip
unzip owaspSecurityShepherd_v3.1_ManualPack.zip
  1. Ensure that ROOT.war file is owned by tomcat
cd owaspSecurityShepherd_v3.1_ManualPack/
sudo chown tomcat:tomat ROOT.war
  1. Place ROOT.war in the webapps directory of Tomcat 8
sudo mv ROOT.war /opt/apache-tomcat-8.5.34/webapps/
  1. Restart Tomcat 8
$CATALINA_HOME/bin/shutdown.sh
$CATALINA_HOME/bin/startup.sh
  1. Navigate to https://<MACHINE IP> and observe the Owasp Security Shepherd Setup page

Complete Setup

Nearly there.
In your browser after navigating to https://<MACHINE IP> you should see the Security Shepherd setup page

  1. Configure this page with the following settings
Hostname: localhost
Port: 3306
DB Username: root
DB Password: CowSaysMoo
Override Databases: Upgrade from v3.0
Authentication token:
  1. The last step is to cat the file outlined in Configuration Authentication Token and paste it into the Authentication token box and then press submit

Start Hacking

Good luck

Clone this wiki locally