-
Notifications
You must be signed in to change notification settings - Fork 119
Windows 2012 R2 Installation Guide
- Java 8 (Recommended) / Java 7 (Minimum Required)
- Tomcat 7 (Required)
- MySQL (Optional, Highly Recommended) / 5.5.3 (Minimum Required)
- Download and install the latest JDK for Windows x64. [here] (http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
- Create a new JAVA_HOME environment variable and append, ";%JAVA_HOME%\bin", without the quotes to your PATH variable
- Download and run the Tomcat 7 Windows Service Installer located here
Tomcat Configuration
- Run the 'Monitor Tomcat' application that was installed with Tomcat.
- Right click on the feather and cog icon that appears in your taskbar and select 'configure'.
- Click on the 'Java' tab and make sure that the Java Classpath matches the location of where you have previously installed Java 8.
- In this tab you can change your memory options for Tomcat. We recommend a minimum of 8GB (8g).
- If you wish to designate a scratch folder for storing temporary files during scan upload, you may add "
-Dthreadfix.scratchFolder=<Path/to/Scratch/Folder>" to the Java options.
- Download and install the latest version of MySQL here.
If you have the ‘Monitor Tomcat’ application running you can right click on the icon in the taskbar and stop the service. Note that it is important Tomcat has stopped before proceeding with the following steps.
- After unzipping the ThreadFix zip file move its contents to the 'webapps' folder of Tomcat.
ESAPI Configuration
Change the master key (Encryptor.MasterKey) and master salt (Encryptor.MasterSalt) in the ESAPI.properties file, located: //CATALINA_HOME/webapps/threadfix/WEB-INF/classes/ESAPI.properties. More information here.
To generate a new master key and salt, make sure you are in the //CATALINA_HOME/webapps/threadfix/WEB-INF/classes/ directory and run the following command:
java -classpath ..\lib\esapi-2.1.0-SNAPSHOT.jar;..\lib\log4j-1.2.17.jar org.owasp.esapi.reference.crypto.JavaEncryptor
For Enterprise Customers
Copy your ThreadFix license to the //CATALINA_HOME/webapps/threadfix/WEB-INF/classes/ directory.
Database Configuration
Now that the license file has been added to the correct location we need to set the database to create. Use your preferred text editor and modify the “jdbc.properties” file. (CATALINA_HOME/webapps/threadfix/WEB-INF/classes/jdbc.properties).
NOTE: After ThreadFix has started successfully change the option back to ‘update’! If the ‘create’ option is still in place the database will be scratched each time ThreadFix is started.
HSQL:
- Simply change the
hibernate.hbm2ddl.autofromupdatetocreate.
MySQL:
- If you are planning on using a MySQL database you will need to take a few more steps. First, create a backup of the current jdbc.properties. After you have created a backup copy of the properties, rename the jdbc.properties.mysql to jdbc.properties.
Fields that require modification:
- jdbc.url(If your MySQL instance is on the same machine as Tomcat leave as localhost, otherwise modify to the correct url)
- jdbc.username(MySQL username)
- jdbc.password(MySQL password)
- hibernate.hbm2ddl.auto(
updatetocreate)
The following commands can be run as the root user either through the MySQL Workbench or the command prompt.
Update MySQL Character Set and Create the threadfix database:
- MySQL does not, by default, support the full Unicode character set. ThreadFix requires the MySQL character set to updated to utf8mb4. Running the following command that will create the threadfix database and set the correct encoding:
CREATE DATABASE threadfix CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci;
Create a new user by using the following commands.
CREATE USER ‘threadfix’@‘localhost’ IDENTIFIED BY ‘tfpass’;CREATE USER ‘threadfix’@‘%’ IDENTIFIED BY ‘tfpass’;GRANT ALL PRIVILEGES ON threadfix.* TO ‘threadfix’@‘localhost’ IDENTIFIED BY ‘tfpass’;GRANT ALL PRIVILEGES ON threadfix.* TO ‘threadfix’@‘%’ IDENTIFIED BY ‘tfpass’;FLUSH PRIVILEGES;
Change 'threadfix' and 'tfpass' to a more secure username and password
More information on creating users and their permissions in MySQL can be found here.
SQL Server:
- See instructions on SQL Server configuration here.
NOTE: After ThreadFix has started successfully change the option back to ‘update’! If the ‘create’ option is still in place the database will be scratched each time ThreadFix is started.
Logging Configuration
You change to location of where ThreadFix logs by using your preferred text editor and modifying the correct parameter in the 'log4j.xml' file, located in the CATALINA_HOME/webapps/threadfix/WEB-INF/classes directory
<param name="file" value="LOG LOCATION" />
- Stop and restart the Tomcat service using the 'Monitor Tomcat' application.
- Wait for ThreadFix to start completely. (“INFO: Server startup in Xms” will appear in the catalina.out log file.)
Now that ThreadFix is started open your web browser and navigate to http://localhost:8080/threadfix
The ThreadFix login page will appear. Change the default login credentials as soon as possible.
- Username: user
- Password: password