Post-install activities

The sections below covers the typical areas of an SD Elements that are customized when a system is installed. It is assumed that the SD Elements virtual machine is installed and the guest system is running.

Required tasks

The tasks in this section are required for all system customization.

Configure system networking

Assign an IP to the server by following the steps below.

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

  • Network information

    • IP Address

    • Gateway Address

    • Broadcast Address

    • Netmask

    • Network Address

    • DNS Server Addresses

    • System Hostname

Steps:

  1. RHEL and CentOS 7

    1. Run the following commands:

      sudo hostnamectl set-hostname [desired FQDN]
sudo systemctl restart systemd-hostnamed

  2. Identify the network interface: ip link show

  3. Setup the network interface: Update file /etc/sysconfig/network-scripts/ifcfg-$ and add or change the following lines using the *Network Information:

    DEVICE=$
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255

    • $ is the network interface identified from Step 2.

  4. Setup DNS: Update file /etc/resolv.conf and add or change the following lines with the DNS Server Addresses: (search line is optional)

    search domain.com
nameserver 192.168.1.2
nameserver 192.168.1.3

  5. Disable IPv6: (Optional) Update file /etc/hosts file to remove/comment out the IPv6 localhost entry if you don’t make use of IPv6.

  6. Restart networking: Run the command:

    sudo ifdown [interface-name] && sudo ifup [interface-name]

The server is configured based on the Network Information and assigned IP Address.

Configure SD Elements domain name

SD Elements relies on its domain name configuration to generate application URLs (project web links and SAML configuration settings). By default this setting is assigned example.com. Follow the steps below to update the server for its proper domain name.

Prerequisites:

  • The application user is a Super User.

  • SSH credentials for sde_admin or sudo access.

Steps:

  1. Log in to the SD Elements web application

  2. From the gear icon menu, select Domain Settings.

  3. Update Domain with the desired value.

  4. Run the command sde apache restart to apply the domain name change.

  5. Click Save.

The server is updated with the new domain name. All project and Countermeasure links are updated to reflect the change.

Validate access to update servers

After networking is configured, check that the server has access to the updates servers updates.sdelements.com, anvil.sdelements.com, and tar.sdelements.com.

Prerequisites:

  • SSH credentials for sde_admin

Steps:

  1. Validate access to the application updates server

  2. Validate access to the system updates server

If either validation step fails refer to the system troubleshooting steps for a resolution. The Countermeasure Configure an HTTP proxy is a common solution but other steps may need to be taken depending on your environment.

Configure the system

This Countermeasure covers the specific configuration the system needs to work with your environment. Refer to task:

Optional tasks

The tasks below enable finer grained customization and are optional.

Configure an HTTP proxy

Follow the steps below to configure an HTTP proxy on the server. This change will enable outgoing HTTP connections to reach other systems.

Prerequisites:

  • SSH credentials for sde_admin

  • HTTP proxy details: hostname and port

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. Update the system environment. Add the following to file /etc/environment, replacing 172.30.0.2:3128 with your proxy details

    export HTTP_PROXY=http://172.30.0.2:3128/
export HTTPS_PROXY=http://172.30.0.2:3128/
export NO_PROXY=localhost,127.0.0.1,.example.com
export http_proxy=http://172.30.0.2:3128/
export https_proxy=http://172.30.0.2:3128/
export no_proxy=localhost,127.0.0.1,.example.com

  3. Restart Apache and Celery.

    sde supervisor restart all
sde apache restart

The system is configured for the HTTP proxy.

If the system is configured to access the proxy over HTTPS then its TLS/SSL certificate must be trusted by the system.

Connect to an issue tracker endpoint via a proxy

For users on SD Elements on-premises:

  1. Add the following to your /docs/sde/local_settings file (actual proxy IP address and port may differ):

    os.environ['HTTP_PROXY'] = '192.168.101.166:3128'
os.environ['HTTPS_PROXY'] = '192.168.101.166:3128'
os.environ['http_proxy'] = '192.168.101.166:3128'
os.environ['https_proxy'] = '192.168.101.166:3128'

  2. Restart the celery workers:

    sudo sde supervisor restart all

  3. Restart apache:

    sudo sde apache restart

Add custom logos

Update the appearance of the SD Elements application with custom logos.

Prerequisites:

  • The application user is a Super User.

Steps:

  1. Log in to the SD Elements web application

  2. From the gear icon menu, select Theming.

  3. Click Choose File for the logo you wish to customize.

    • Header Logo: Is displayed on the top-left of the application banner.

    • Login Logo: Is displayed on the login page.

    • Reports Logo: Is displayed on the top of every HTML and PDF report.

  4. Click Save.

The application is updated with the new logo selections.

Rename application UI strings

Certain application UI strings in SD Elements such as "Project", "Application", and "Release" can be renamed. A key denotes a UI element such as "project", "application", "release".

Follow the steps below to update these UI elements to a different value.

Prerequisites:

  • Superuser access

Steps:

  1. Log in to SD Elements using superuser credentials.

  2. From the Dashboard, navigate to the "System" menu and select "UI Customization".

  3. Update the JSON with the desired changes.

Table 1. Explanation of certain terms:
Term Description

LOGIN_SUBTITLE

This appears centered below the logo of the login screen.

LOGIN_MESSAGE

This appears right-aligned below the "Login" title and above the "Email" field.

LOGIN_EMAIL_REPLACEMENT_LABEL

This replaces the "Email" field’s label.

LOGIN_PASSWORD_REPLACEMENT_LABEL

This replaces the "Password" field’s label.

LOGIN_SUBTITLE

Custom login page subtitle message (can be HTML snippet).

LOGIN_FORGOT_PASSWORD_BUTTON_HIDDEN

Set this to "True" to hide the "Forgot Password" button in the Login page.

Update application email addresses and links

Certain application email addresses and links can be changed to suit your own environment.

Setting Description Default value

FEEDBACK_EMAIL

E-mail address to which user feedback will be sent.

sdesupport@securitycompass.com

DEFAULT_FROM_EMAIL

'From' address for outgoing email

SDElements <noreply@sdelements.com>

SYSTEM_ADMIN_EMAIL

Email address to which technical failure notifications will be sent. If SYSTEM_ADMIN_EMAIL is left at its default value, technical failure notifications will not be delivered.

root@localhost
Prerequisites:

  • SSH credentials for sde_admin or sudo access.

Steps:

  1. Open /docs/sde/local_settings

  2. Add a entry for the setting you want to change.

    • To change the DEFAULT_FROM_EMAIL setting, for example:

      DEFAULT_FROM_EMAIL = 'SDElements Feedback <noreply@example.com>'

    • To change the SYSTEM_ADMIN_EMAIL setting:

      SYSTEM_ADMIN_EMAIL = 'it-support@example.com'

  3. Restart Apache

    sde apache restart

The application is restarted with the new customized application settings.

Disable email service

In some environments it may be needed to disable email delivery. Follow the steps below to disable email delivery in the application.

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

Steps:

  1. Open /docs/sde/local_settings for edit.

    • If EMAIL_BACKEND = exists in the file, comment it out by prefixing it with #

    • If EMAIL_BACKEND is not in the file, add the following line:

      EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'

  2. Restart application services:

    sde apache restart
sde supervisor restart all

SD Elements will no longer send emails.

Configure Integration Network Restriction Settings

By default, the test connection functionality in the integration form has restricted network access to local or private internal IPs and certain ports. Follow the steps below to configure or disable these restrictions.

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

Add a domain to the block list:

  1. Open /docs/sde/local_settings for edit.

    • If SDETOOLS_NETWORK_RESTRICTION_DOMAIN_BLOCK_LIST exists in the file, append your domain to the list.

    • If SDETOOLS_NETWORK_RESTRICTION_DOMAIN_BLOCK_LIST is not in the file, add the following line:

      SDETOOLS_NETWORK_RESTRICTION_DOMAIN_BLOCK_LIST = ["localhost", "your_domain_here"]
Remove a port from the block list:

  1. Open /docs/sde/local_settings for edit.

    • If SDETOOLS_NETWORK_RESTRICTION_PORT_BLOCK_LIST exists in the file, remove the specified port from the list.

    • If SDETOOLS_NETWORK_RESTRICTION_PORT_BLOCK_LIST is not in the file, add the following line:

      SDETOOLS_NETWORK_RESTRICTION_PORT_BLOCK_LIST = [22, 23]
Disable the network restriction:

  1. Open /docs/sde/local_settings for edit.

    • If SDETOOLS_IGNORE_INTERNAL_NETWORK_RESTRICTION exists in the file, set the value to True.

    • If SDETOOLS_IGNORE_INTERNAL_NETWORK_RESTRICTION is not in the file, add the following line:

      SDETOOLS_IGNORE_INTERNAL_NETWORK_RESTRICTION = True

  2. Restart application services:

    sde apache restart
sde supervisor restart all

SD Elements will no-longer enforce the above network restrictions when performing a test connection.

To see a more detailed list of hostnames that are being restricted please see the links below:

Configure Session Inactivity Timeout

After a period of inactivity, a user’s session will be terminated and they will be forced to re-authenticate before they can access the application. By default, this timeout is set to 7200 seconds (2 hours). To adjust the timeout value, follow the steps below.

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

Set the session inactivity timeout value:

  1. Open /docs/sde/local_settings for edit.

    • If SESSION_INACTIVITY_TIMEOUT exists in the file, update the value.

    • If SESSION_INACTIVITY_TIMEOUT is not in the file, add the following line:

      SESSION_INACTIVITY_TIMEOUT = 7200  # Inactivity timeout value in seconds

results matching ""

    No results matching ""