-
Notifications
You must be signed in to change notification settings - Fork 119
Windows 2012 R2 Installation Guide
- Java 8 (Recommended) / Java 7 (Minimum Required)
- Tomcat 7 (Required)
- MySQL (Optional, Highly Recommended)
- Download and install the latest JDK for Windows x64. [here] (http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
- Create a new JAVA_HOME environment variable and append, ";%JAVA_HOME%\bin", without the quotes to you PATH variable
Configuring Tomcat as a Windows Service
- Open a power shell
- Run the following command from your Tomcat 'bin' directory.
tomcat7 //IS//Tomcat7 --DisplayName="Apache Tomcat 7" --Install=“<Tomcat_Directory>\bin\Tomcat7.exe" --Jvm=auto -StartMode=jvm --StopMode=jvm --StartClass=org.apache.catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.catalina.startup.Bootstrap —StopParams=stop
For more information visit the reference link here.
You can verify that Tomcat is running as a service by opening your Services Window.
Tomcat Configuration
- Run the 'Monitor Tomcat' application that was installed with Tomcat.
- Right click on the feather and cog icon that appears in your taskbar and select 'configure'.
- Click on the 'Java' tab and make sure that the Java Classpath matches the location of where you have previously installed Java 8.
- In this tab you can change your memory options for Tomcat. We recommend a minimum of 8GB (8g).
- If you wish to designate a scratch folder for storing temporary files during scan upload, you may add "
-Dthreadfix.scratchFolder=<Path/to/Scratch/Folder>". Alternatively, you may add the following line to the catalina.bat file (located in the "bin" folder of your Tomcat installation) after the line that says "setlocal" near the beginning of the script:set "CATALINA_OPTS=%CATALINA_OPTS% -Dthreadfix.scratchFolder=<Path/to/Scratch/Folder>"
- Download and install the latest version of MySQL.
- After the installation is complete create a new user for ThreadFix. We do not recommend, for security reasons, that root credentials are used for ThreadFix.
Create a new user by using the following commands.
CREATE USER ‘threadfix’@‘localhost’ IDENTIFIED BY ‘tfpass’;CREATE USER ‘threadfix’@‘%’ IDENTIFIED BY ‘tfpass’;GRANT ALL PRIVILEGES ON threadfix.* TO ‘threadfix’@‘localhost’ IDENTIFIED BY ‘tfpass’;GRANT ALL PRIVILEGES ON threadfix.* TO ‘threadfix’@‘%’ IDENTIFIED BY ‘tfpass’;FLUSH PRIVILEGES;
Change 'threadfix' and 'tfpass' to a more secure username and password
More information on creating users and their permissions in MySQL can be found here.
MySQL does not, by default, support the full Unicode character set. ThreadFix requires the MySQL character set to updated to utf8mb4. Set by step instructions on that process can be found here.
Configuring MySQL as a Windows Service
- Shut down your MySQL instance. One way of accomplishing this is:
mysqladmin -u root -p shutdownAnd then entering your root MySQL password in. - Next, run the following code, making sure to include the full path to the mysqld executable, not a relative path:
<Full Path to mysqld> --install
A sample call would be:
"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --install - More information can be found here.
If you have the ‘Monitor Tomcat’ application running you can right click on the icon in the taskbar and stop the service.
- Copy the threadfix.war file to the 'webapps' folder of Tomcat.
*Start the Tomcat service by right clicking on the 'Monitor Tomcat' icon in the taskbar and selecting the 'Start service' option. Starting Tomcat will explode the threadfix.war file.
ESAPI Configuration
Change the master key (Encryptor.MasterKey) and master salt (Encryptor.MasterSalt) in the ESAPI.properties file, located: //TOMCAT_HOME/webapps/threadfix/WEB-INF/classes/ESAPI.properties. More information here.
To generate a new master key and salt run the following command.
java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
For Enterprise Customers
After the WAR has been exploded navigate to the 'classes' folder, located: <Tomcat_Directory>/webapps/threadfix/WEB-INF/classes, and copy your ThreadFix license to this folder.
Database Configuration
Now that the license file has been added to the correct location we need to set the database to create. Use your preferred text editor and modify the file “jdbc.properties”. (<Tomcat_Directory>/webapps/threadfix/WEB-INF/classes/jdbc.properties).
NOTE: After ThreadFix has started successfully change the option back to ‘update’! If the ‘create’ option is still in place the database will be scratched each time ThreadFix is started.
HSQL:
- Simply change the
hibernate.hbm2ddl.autofromupdatetocreate.
MySQL:
If you are planning on using a MySQL database you will need to take a few more steps. First, create a backup of the current jdbc.properties. After you have created a backup copy of the properties, rename the jdbc.properties.mysql to jdbc.properties.
Fields that require modification:
- jdbc.url(If your MySQL instance is on the same machine as Tomcat leave as localhost, otherwise modify to the correct url)
- jdbc.username(MySQL username)
- jdbc.password(MySQL password)
- hibernate.hbm2ddl.auto(
updatetocreate)
SQL Server:
- See instructions on SQL Server configuration here.
NOTE: After ThreadFix has started successfully change the option back to ‘update’! If the ‘create’ option is still in place the database will be scratched each time ThreadFix is started.
Logging Configuration
You change to location of where ThreadFix logs by using your preferred text editor and modifying the correct parameter in the 'log4j.xml' file. Located: <Tomcat_Directory>/webapps/threadfix/WEB-INF/classes
<param name="file" value="LOG LOCATION" />
- Stop and restart the Tomcat service using the 'Monitor Tomcat' application.
- Wait for ThreadFix to start completely. (“INFO: Server startup in Xms” will appear in the logs.)
Now that ThreadFix is started open your web browser and navigate to http://localhost:8080/threadfix
The ThreadFix login page will appear. Change the default login credentials as soon as possible.
- Username: user
- Password: password