vulfocus install

发表于 | 分类于
字数统计: 1.1k | 阅读时长 ≈ 6

生产环境下的 Vulfocus 安装

安装依赖

安装需要的软件和开发环境

1
yum -y install epel-release
2
yum install gcc -y
3
yum install  nginx supervisor net-tools wget git -y

安装docker

安装docker

1
yum install docker -y

Docker 配置

配置 Docker 2375 端口(可根据实际情况进行修改),修改 docker 配置文件,加入以下信息:

位置: /usr/lib/systemd/system/docker.service

1
ExecStart=/usr/bin/dockerd -H tcp://127.0.0.1:2375 -H unix://var/run/docker.sock \

或者

1
/usr/bin/dockerd-current -H tcp://127.0.0.1:2375 -H unix://var/run/docker.sock \

重启

1
systemctl daemon-reload

安装vulfocus-api端

安装python3(不想源码编译)

1
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
2
chmod 755 Miniconda3-latest-Linux-x86_64.sh
3
./Miniconda3-latest-Linux-x86_64.sh  # 安装位置选  /opt/anaconda3/  
4
source ~/.bashrc

更新pip

1
/opt/anaconda3/pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pip -U
2
/opt/anaconda3/pip install virtualenv -i https://pypi.tuna.tsinghua.edu.cn/simple

安装虚拟环境

1
mkdir -p /data/{etc,log,tmp}
2
/opt/anaconda3/virtualenv /data/venv_py --python=/opt/anaconda3/bin/python
3
echo "source /data/venv_py/bin/activate" >> ~/.bashrc
4
source ~/.bashrc

拉取vulfocus和安装项目依赖

1
cd /data
2
git clone https://github.com/fofapro/vulfocus.git web
3
cd /data/web/vulfocus-api/
4
pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple

初始化数据库

1
cd /data/web/vulfocus-api
2
python manage.py migrate
3
python manage.py createsuperuser

靶场配置:

  1. 配置 Docker URL(vulfocus/settings.py),默认为:tcp://127.0.0.1:2375,修改为 Docker 服务器的 IP。

  2. 配置 VUL_IP(vulfocus/settings.py),修改为 Docker 服务器的 IP。

安装uwsgi

1
pip install uwsgi -i https://pypi.tuna.tsinghua.edu.cn/simple

uwsgi 配置

位置 /data/etc/vulfocus_uwsgi.ini

1
[uwsgi]
2
uid=nginx
3
chdir = /data/web/vulfocus-api
4
;module = vulfocus.wsgi  
5
mount = /api=vulfocus.wsgi:application  # nginx配置子目录
6
manage-script-name = true
7
;route-run = fixpathinfo:  
8
home = /data/venv_py
9
socket = /data/tmp/vulfocus_uwsgi.sock
10
processes = 8
11
master = true
12
max-requests = 6000
13
chmod-socket = 777
14
vacuum = true
15
enable-threads = true
16
single-interpreter = true

安装vulfocus-frontend

建议直接下载

环境准备

1
wget https://nodejs.org/dist/v12.16.3/node-v12.16.3-linux-x64.tar.xz
2
yum install nodejs
3
npm config set registry https://registry.npm.taobao.org

编译前端

1
cd /data/web/vulfocus-frontend/
2
npm install
3
npm run build:prod

nginx 配置

配置上传文件大小,修改 nginx.conf 文件,http 中加入:

1
client_max_body_size 2048M;

其中 2048M(2GB) 为上传文件最大限制,可根据实际进行修改,最小配置为 200M 。

###带证书多vhost的nginx配置文件

位置:/etc/nginx/conf.d/vulfocus.xxx.net.conf

1
server {
2
    listen 80;
3
     server_name vulfocus.xxx.net;
4
     rewrite ^(.*) https://$host$1 permanent;
5
}
6
server{
7
listen 443 ssl http2;
8
server_name vulfocus.xxx.net;
9
ssl_certificate /etc/nginx/ssl/1_vulfocus.xxx.net_bundle.crt;
10
ssl_certificate_key /etc/nginx/ssl/2_vulfocus.xxx.net.key;
11
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
12
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
13
ssl_prefer_server_ciphers on;
14
ssl_session_timeout 10m;
15
ssl_session_cache builtin:1000 shared:SSL:10m;
16
ssl_stapling on;
17
ssl_stapling_verify on;
18
client_max_body_size 2048M;
19
location /{
20
root /data/vulfocus/vulfocus-frontend/dist;
21
 index index.html;
22
}
23
location /api {
24
	      uwsgi_pass  unix://////data/tmp/vulfocus_uwsgi.sock;
25
        uwsgi_read_timeout 600;
26
        uwsgi_param SCRIPT_NAME /api;
27
        # the uwsgi_params file you installed
28
        include     /etc/nginx/uwsgi_params;
29
}
30
    access_log  /data/log/vulfocus.xxx.net.log;
31
    error_log  /data/log/vulfocus.xxx.net.log;
32
}

不带证书仅有一个项目配置文件

位置:/etc/nginx/nginx.conf

1
user nginx;
2
worker_processes auto;
3
error_log /var/log/nginx/error.log;
4
pid /run/nginx.pid;
5
6
include /usr/share/nginx/modules/*.conf;
7
8
events {
9
    worker_connections 1024;
10
}
11
12
http {
13
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
14
                      '$status $body_bytes_sent "$http_referer" '
15
                      '"$http_user_agent" "$http_x_forwarded_for"';
16
17
    access_log  /var/log/nginx/access.log  main;
18
19
    sendfile            on;
20
    tcp_nopush          on;
21
    tcp_nodelay         on;
22
    keepalive_timeout   65;
23
    types_hash_max_size 2048;
24
25
    include             /etc/nginx/mime.types;
26
    default_type        application/octet-stream;
27
28
    include /etc/nginx/conf.d/*.conf;
29
30
    server {
31
        listen       80 default_server;
32
        listen       [::]:80 default_server;
33
        server_name  _;
34
35
        # Load configuration files for the default server block.
36
        include /etc/nginx/default.d/*.conf;
37
38
       location /{
39
           root /data/web/vulfocus-frontend/dist;
40
       index index.html;
41
       }
42
       location /api {
43
              uwsgi_pass  unix://////data/tmp/vulfocus_uwsgi.sock;
44
              uwsgi_read_timeout 600;
45
              uwsgi_param SCRIPT_NAME /api;
46
              include     /etc/nginx/uwsgi_params;
47
}
48
    access_log  /data/log/vulfocus.xxx.net.log;
49
    error_log  /data/log/vulfocus.xxx.net.log;
50
51
    }
52
53
54
}

配置supervisor

位置:/etc/supervisord.d/vulfoucs.ini

1
[program:vulfocus]
2
directory=/data/venv_py
3
command=/data/venv_py/bin/uwsgi --ini /data/etc/vulfocus_uwsgi.ini
4
numprocs=1
5
user=nginx
6
startretries=3
7
startsecs=5
8
autostart=true
9
autorestart=true
10
stopsignal=INT
11
stopasgroup=true
12
killasgroup=true
13
redirect_stderr=true
14
stdout_logfile=/data/log/vulfoucs_uwsgi.log

权限以及自启

chown -R nginx. /data

开机自启动

1
systemctl enable nginx
2
systemctl enable supervisord
3
systemctl enable docker

启动

1
systemctl start supervisord
2
systemctl start nginx
3
systemctl start docker