Skip to content

Latest commit

 

History

History
291 lines (180 loc) · 7.35 KB

INSTALL.md

File metadata and controls

291 lines (180 loc) · 7.35 KB

Deming installation procedure

Recommended configuration

  • OS : Ubuntu 24.04 LTS
  • RAM : 2G
  • Disk : 30G
  • VCPU 2

Installation

Update linux distribution

sudo apt update && sudo apt upgrade

Install Apache, git, php and composer

sudo apt-get install git composer apache2 php-fpm php php-cli php-opcache php-mysql php-zip php-gd php-mbstring php-curl php-xml -y

Create the project directory

cd /var/www
sudo mkdir deming
sudo chown $USER:$GROUP deming

Clone project from Github

git clone https://www.github.com/dbarzin/deming

Install packages with composer :

cd deming
mkdir -p storage/framework/views
mkdir -p storage/framework/cache
mkdir -p storage/framework/sessions
mkdir -p bootstrap/cache
composer install

MySQL

Install MySQL

sudo apt install mysql-server

Make sure you're using MySQL and not MariaDB (Deming doesn't work with MariaDB).

sudo mysql --version

Run MySQL with root rights

sudo mysql

Create database deming and user deming_user.

CREATE DATABASE deming CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'deming_user'@'localhost' IDENTIFIED BY 'demPasssword-123';
GRANT ALL ON deming.* TO deming_user@localhost;
GRANT PROCESS ON *.* TO 'deming_user'@'localhost';

FLUSH PRIVILEGES;
EXIT;

Configuration

Create an .env file in the project root directory:

cd /var/www/deming
cp .env.example .env

Set database connection parameters :

vi .env

## .env file
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=deming
DB_USERNAME=deming_user
DB_PASSWORD=demPasssword-123

Create database

Run migrations

php artisan migrate --seed

Note: the seed is important (--seed), as it will create the first administrator user for you.

Generate application key

php artisan key:generate

If you want to use the API, install Laravel Passport (optional) :

php artisan passport:install

Create storage link

php artisan storage:link

Import attributes

php artisan db:seed --class=AttributeSeeder

Then populate the database with 27001:2022 and generated tests data

php artisan deming:import-framework ./storage/app/repository/ISO27001-2022.en.xlsx --clean
php artisan deming:generate-tests

Start application with php

php artisan serve

or to access the application from another server

php artisan serve --host 0.0.0.0 --port 8000

The application can be accessed at URL [http://127.0.0.1:8000]

user : [email protected]
password : admin

The administrator's default language is English. To change language, go to the user profile page (top right of the main page).

To import a framework and generate test data, go to "Configuration" -> "Import" (optional).

Apache

To configure Apache, modify the properties of the Deming directory and grant the appropriate permissions to the hive with the following command:

sudo chown -R www-data:www-data /var/www/deming
sudo chmod -R 775 /var/www/deming/storage

Next, create a new Apache virtual host configuration file to serve the application:

sudo vi /etc/apache2/sites-available/deming.conf

Add the following lines:

<VirtualHost *:80>
ServerName deming.local
ServerAdmin [email protected]
DocumentRoot /var/www/deming/public
<Directory /var/www/deming>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save and close the file when finished. Next, activate the Apache virtual host and rewrite module with the following commands:

sudo a2enmod rewrite
sudo a2dissite 000-default.conf
sudo a2ensite deming.conf
sudo a2dismod php8.3
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php8.3-fpm

Finally, restart the Apache service to activate the changes:

sudo systemctl restart apache2

PHP

You need to set the value of upload_max_filesize and post_max_size in your php.ini (/etc/php/8.3/fpm/php.ini) :

; Maximum allowed size for uploaded files.
upload_max_filesize = 10M

; Must be greater than or equal to upload_max_filesize
post_max_size = 10M

After modifying php.ini file(s), you need to restart your php-fpm service to use the new configuration.

sudo systemctl restart php-fpm

Mail configuration

If you wish to send notification e-mails from Deming. You have to configure the SMTP server access in .env

MAIL_HOST='smtp.localhost'
MAIL_PORT=2525
MAIL_AUTH=true
MAIL_SMTP_SECURE='ssl'
MAIL_SMTP_AUTO_TLS=false
MAIL_USERNAME=
MAIL_PASSWORD=

You may also configure DKIM :

MAIL_DKIM_DOMAIN = 'admin.local';
MAIL_DKIM_PRIVATE = '/path/to/private/key';
MAIL_DKIM_SELECTOR = 'default'; // Match your DKIM DNS selector
MAIL_DKIM_PASSPHRASE = '';      // Only if your key has a passphrase

Don't forget to configure the content and frequency of your emails.

Keycloak Configuration (optional)

To configure Keycloak, follow these steps:

  • Open your .env file.
  • Modify the Keycloak configuration settings as follows:
SOCIALITE_PROVIDERS="keycloak"
KEYCLOAK_CLIENT_ID= # Client Id (on Keycloak)
KEYCLOAK_CLIENT_SECRET=  # Client Secret
KEYCLOAK_REDIRECT_URI=${APP_URL}auth/callback/keycloak
KEYCLOAK_BASE_URL=<KeyCloak IP Address>
KEYCLOAK_REALM=   # Realm Name

After adding keycloak to the SOCIALITE_PROVIDERS variable, a button will appear on the login page, allowing users to log in via Keycloak. (It is possible to modify the button text with the KEYCLOAK_DISPLAY_NAME variable).

To allow user creation and/or updates by Keycloak, add the following parameters:

KEYCLOAK_ALLOW_CREATE_USER=true
KEYCLOAK_ALLOW_UPDATE_USER=true

If you want to retrieve the user role provided by Keycloak during creation or update, it is necessary to request an additional scope and define the name of the claim that will contain the role:

KEYCLOAK_ADDITIONAL_SCOPES="roles"
KEYCLOAK_ROLE_CLAIM="resource_access.deming.roles.0"

It is also possible to provide a default role, used if Keycloak does not provide the role:

KEYCLOAK_DEFAULT_ROLE=<Possible value: auditee, auditor, user>

For more complete documentation on Keycloak configuration, consult the official Keycloak documentation.

Configuration of a Generic OpenID Connect Provider

It is possible to add a generic OpenID Connect identity provider. Simply add oidc to the SOCIALITE_PROVIDERS variable. All the variables seen above exist, they start with OIDC_ (see the .env.example file for more information).

Sheduler

Modify crontab

sudo crontab -e

add this line to crontab

* * * * * cd /var/www/deming && php artisan schedule:run >> /dev/null 2>&1

Update

To update Deming, go to the Deming directory and retrieve the sources

cd /var/www/deming
git pull

Migrate database

php artisan migrate

Update libraries

composer install

Empty caches

php artisan optimize:clear

Reset to zero

To start from an empty database with the ISO 27001:2022 standard.

Here's the command to recreate the DB:

php artisan migrate:fresh --seed

Import attributes

php artisan db:seed --class=AttributeSeeder

Then to populate the database with 27001:2022

php artisan deming:import-framework ./storage/app/repository/ISO27001-2022.en.xlsx