Fortify SSC Install on Oracle Enterprise

Linux
Issues (probably won’t have to deal with these if installing from
approved images)
 Installing VirtualBox Tools can be a pain due to dependencies (especially kernel headers)
 Installing the necessary X11 components
 Meeting minimum system requirements (make sure memory is at least ~1.5GB and double the
size of memory for swap space)

Installation Steps
 Login as Demo/Test1234@
 As root user (“su -“ <root password is Test1234@> or “sudo su -“)
 <Skip Highlighted Section> Following highlighted steps are already complete:
o yum install java
o yum install firefox
o rpm -Uvh /home/installers/adobe/flash/adobe-release-x86_64-1.0-1.noarch.rpm
o yum install flash-plugin.x86_64
o unzip /home/installers/hp/HP_SSC.war
o yum install httpd
o chkconfig httpd on
o service httpd start
o yum install tomcat6
o chkconfig tomcat6 on
o service tomcat6 start
o Change /etc/hosts to include oracle-fortify oracle-fortify.local
 cat /etc/hosts
 cat /etc/passwd | grep oracle (output should be blank)
 cat /etc/group | grep -e oinstall -e dba (output should be blank)
 yum install oracle-rdbms-server-12cR1-preinstall
 cat /etc/passwd | grep oracle
 cat /etc/group | grep -e oinstall -e dba
 chown –R oracle:oinstall /home/installers/oracle
 export DISPLAY=:0.0
 xhost +
 su - oracle
 cd /home/installers/oracle/database
  ./runInstaller
 Enter email address
 Uncheck “I wish to receive security updates via My Oracle Support” <only for this demo>
 Next
 Create and configure a database
 Next
 Select Server Class
 Next
 Select Single instance database installation
 Next
 Select Typical install
 Next
 Leave defaults unless installing elsewhere except change “Global database name” to “ssc” or
similar and uncheck “Create as Container database”
 Set password to Test1234
 Next
 Leave defaults for Step 7
 Next
 Install
o Open another Terminal window
o As root user (“su -“ <root password is Test1234@> or “sudo su -“)
o When prompted to execute root scripts, run them from this window
 /home/oracle/app/oraInventory/orainstRoot.sh
 /home/oracle/app/oracle/product/12.1.0/dbhome_1/root.sh (accept defaults)
o Select “OK” on “Execute Configuration scripts” dialogue
 Select “OK” for Password Management Dialogue
 Select “Close”
 Return to the terminal that is logged in as oracle
 Edit “/home/oracle/.bash_profile” to include the following contents <replace current contents>:

<Begin copy below this line>

# .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin
export PATH

# Oracle Settings
export TMP=/tmp
export TMPDIR=$TMP

export ORACLE_HOSTNAME=oracle-fortify.local
export ORACLE_UNQNAME=oracle-fortify
export ORACLE_OWNER=oracle
export ORACLE_BASE=/home/oracle/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/12.1.0/dbhome_1
export ORACLE_SID=ssc

export PATH=$ORACLE_HOME/bin:$PATH

export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:$LD_LIBRARY_PATH
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib:$CLASSPATH

<End copy above this line>

 Edit “/etc/oratab” and change “ssc:/home/oracle/app/oracle/product/12.1.0/dbhome_1:N” to

“ssc:/home/oracle/app/oracle/product/12.1.0/dbhome_1:Y”
 exit back to root user
 Create file “/etc/init.d/dbora” with the following contents:

<Begin copy below this line>

#!/bin/sh
# chkconfig: 345 99 10
# description: Oracle auto start-stop script.
#
# Set ORA_HOME to be equivalent to the $ORACLE_HOME
# from which you wish to execute dbstart and dbshut;
#
# Set ORA_OWNER to the user id of the owner of the
# Oracle database in ORA_HOME.

ORACLE_BASE=/home/oracle/app/oracle
ORA_HOME=$ORACLE_BASE/product/12.1.0/dbhome_1
ORA_OWNER=oracle
if [ ! -f $ORA_HOME/bin/dbstart ]
then
echo "Oracle startup: cannot start"
exit
fi

case "$1" in
'start')
# Start the Oracle databases:
# The following command assumes that the oracle login
# will not prompt the user for any values
# Remove "&" if you don't want startup as a background process.
su $ORA_OWNER -c "$ORA_HOME/bin/dbstart $ORA_HOME" &
touch /var/lock/subsys/dbora
;;
'stop')
# Stop the Oracle databases:
# The following command assumes that the oracle login
# will not prompt the user for any values
su $ORA_OWNER -c "$ORA_HOME/bin/dbshut $ORA_HOME"
rm -f /var/lock/subsys/dbora
;;
esac

<End copy above this line>

 chgrp dba /etc/init.d/dbora

 chmod 750 /etc/init.d/dbora
 chkconfig --add dbora
 reboot

<Create Snapshot Oracle_Install>

 As root user (“su -“ <root password is Test1234@> or “sudo su -“)

 cd /home/installers/hp/HP_Fortify_4.21/SSC_War/
 unzip HP_Fortify_SSC_4.21_Server_WAR.zip
 xhost +
 export ORACLE_HOME=/home/oracle/app/oracle/product/12.1.0/dbhome_1
 Run the following script in sqldeveloper - $ORACLE_HOME/sqldeveloper/sqldeveloper.sh
 Add connection using username (sys) password (Test1234), change role to “SYSDBA”, and
change “SID” to ssc.
  Run the following script once connected to the database:

<Begin copy below this line>

define dataFile=/home/oracle/app/oracle/oradata/ssc/fortify-01.dbf

define Tablespace=FORTIFY_SSC
define User=FORTIFY_SSC
define Pass=Test1234

create bigfile tablespace &&Tablespace datafile '&&dataFile' size 2G ;

ALTER DATABASE DATAFILE '/home/oracle/app/oracle/oradata/ssc/fortify-01.dbf' AUTOEXTEND ON
MAXSIZE UNLIMITED;

create user &&User identified by &&Pass account lock ;

alter user &&User default tablespace &&Tablespace ;
alter user &&User QUOTA Unlimited on &&Tablespace ;
grant CREATE SESSION to &&User ;
grant CREATE SEQUENCE to &&User ;
grant CREATE TABLE to &&User ;
grant CREATE VIEW to &&User ;
grant CREATE PROCEDURE to &&User ;
alter user &&User account unlock ;

<End copy above this line>

 Connect as new FORTIFY_SSC user <remember to change SID to ssc>

 Run script under /home/installers/hp/HP_Fortify_4.21/SSC_War/HP-Fortify-Server-
WAR/sql/oracle/create-tables.sql in sqldeveloper connected to ssc as FORTIFY_SSC/Test1234
 Reconnect as sys as SYSDBA
 Then, run these commands, copy the output and run the output <make sure all of the output is
single-line output>:

SET PAGESIZE 200

SET LINESIZE 200

SELECT 'GRANT SELECT, INSERT, UPDATE, DELETE ON FORTIFY_SSC.'||TABLE_NAME||' TO

FORTIFY_SSC;' FROM ALL_TABLES WHERE TABLESPACE_NAME = 'FORTIFY_SSC';

 Then, run these commands, copy the output and run the output <make sure all of the output is
single-line output>:

SET PAGESIZE 200

SET LINESIZE 200

SELECT 'GRANT EXECUTE ON FORTIFY_SSC.'||OBJECT_NAME||' TO FORTIFY_SSC;' FROM

ALL_PROCEDURES WHERE OWNER = 'FORTIFY_SSC';

 Run /home/installers/hp/HP_Fortify_4.21/SSC_War/HP-Fortify-Server-WAR/ssc-configuration
 Select license file at /home/installers/hp/license/fortify.license
 On Core tab
 Change “Application Server” to “Tomcat . . .”
 Change “URL to reach HP . . .” to http://oracle-fortify.local/ssc
 Change “User Administrator’s Email . . .” to <your_email>
 On Database Setup tab
 Click “Add JDBC Driver” and browse to
/home/oracle/app/oracle/product/12.1.0/dbhome_1/jdbc/lib/ojdbc6.jar
 Change “JDBC URL” to “jdbc:oracle:thin:@oracle-fortify.local:1521:ssc”
 Change “DB Username” to FORTIFY_SSC
 Change “DB Password” to Test1234
 Change “DB Type” to Oracle
 Click “Test JDBC”
 Click “Seed Process Templates” and browse to
“/home/installers/hp/HP_Fortify_4.21/srg_content/HP_Fortify_Process_Seed_Bundle_2014_Q3
.zip”
 Click “Seed Reports” and browse to
“/home/installers/hp/HP_Fortify_4.21/srg_content/HP_Fortify_Report_Seed_Bundle_2014_Q3.
zip”
 Click “Seed Reports” again and browse to
“/home/installers/hp/HP_Fortify_4.21/srg_content/HP_Fortify_PCI_3.0_Basic_Seed_Bundle_20
14_Q3.zip”
 Click “Validate DB”
 Click “Save & Exit”
 Open browser and browse to http://oracle-fortify.local (Should see Apache default page)
 Edit /usr/share/tomcat6/conf/tomcat6.conf and uncommand and change “JAVA_HOME” to
“/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.35.x86_64”
 Edit /usr/share/tomcat6/conf/server.xml and add the following under the Connector section
replace the default 8080 connector with the following:

<Begin copy below this line>

<Connector address="localhost" port="8180" protocol="HTTP/1.1"

connectionTimeout="20000"
redirectPort="8443"
 proxyName="oracle-fortify.local"
proxyPort="80" />

<End copy above this line>

 Edit “/etc/httpd/conf/httpd.conf”, and add the following to the bottom:

<Begin copy below this line>

ProxyRequests Off
ProxyPreserveHost On
ServerName oracle-fortify.local

ProxyPass / http://localhost:8180/ retry=1 acquire=3000 timeout=600

ProxyPassReverse / http://localhost:8180/

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /ssc/ [R=301]

<End copy above this line>

 Run the following command:

o setsebool -P httpd_can_network_connect 1
 cp /home/installers/hp/HP_Fortify_4.21/SSC_War/HP-Fortify-Server-WAR/ssc.war
/usr/share/tomcat6/webapps/ssc.war
 chown tomcat:tomcat /usr/share/tomcat6/webapps/ssc.war
 service tomcat6 restart
 service httpd restart
 Browse to http://oracle-fortify.local/ssc
 Login as admin/admin
 Change password to Test1234@
 Login as admin/Test1234@