Развертывание PKI на базе Enterprise Java Beans Certificate Authority
Сергей Яремчук

# yum install java mysql mysql-server mysql-connector-odbc


# java --version


# wget -c http://freefr.dl.sourceforge.net/project/jboss/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip
# unzip jboss-4.2.3.GA-jdk6.zip –d /usr


# ln -s /usr/jboss-4.2.3.GA /usr/jboss


JAVA_OPTS="-server -Xms128m -Xmx512m"


# wget –с http://apache.vc.ukrtel.net/ant/ivy/2.1.0/apache-ivy-2.1.0-bin.tar.gz
# tar zxvf apache-ivy-2.1.0-bin.tar.gz -C /usr
# ln -s /usr/apache-ivy-2.1.0 /usr/apache-ivy


# Если установка производилась при помощи пакета JAVA_HOME будет установлена автоматически
# export JAVA_HOME=/usr/lib/java
export JBOSS_HOME=/usr/jboss
export ANT_HOME=/usr/apache-ivy
export PATH=$PATH: $JBOSS_HOME/bin:$ANT_HOME/bin

ANT_OPTS=-Xmx512m


# unzip jce_policy-6.zip -d /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib


# /etc/init.d/mysqld start
# netstat -ant | grep 3306


# mysql -u root -p
mysql> CREATE DATABASE `ejbca`;
mysql> CREATE USER 'ejbca'@'localhost' IDENTIFIED BY 'ejbca';
mysql> GRANT ALL PRIVILEGES ON ejbca.* TO 'ejbca'@'%' WITH GRANT OPTION;
mysql> flush privileges;
mysql> exit


# wget -c http://downloads.sourceforge.net/project/ejbca/ejbca3/ejbca_3_10_1/ejbca_3_10_1.zip
# unzip  ejbca_3_10_1.zip –d /usr


# cp conf/database.properties.sample conf/database.properties
# nano conf/database.properties

database.name=mysql
datasource.mapping=mySQL
database.url=jdbc:mysql://127.0.0.1:3306/ejbca
database.driver=com.mysql.jdbc.Driver
database.username=ejbca
database.password=ejbca


# mysql -u ejbca -p ejbca < doc/howto/create-tables-ejbca3-mysql.sql


# ant bootstrap
# ant install


# ant deploy


# run.sh -b 0.0.0.0

-----------------------------------------------------------------------------------------------------------------

WebGoat. Учимся защищать веб-приложения
Сергей Яремчук

$ grep partner /etc/apt/sources.list


$ sudo apt-get update
$ sudo apt-get install sun-java6-bin sun-java6-jdk unzip


$ wget http://webgoat.googlecode.com/files/WebGoat-OWASP_Standard-5.2.zip
$ unzip WebGoat-OWASP_Standard-5.2.zip


$ sudo mv WebGoat-5.2 /usr/local
$ cd /usr/local/WebGoat-5.2/
$ sudo chmod 755 webgoat.sh


$ sudo cp webgoat.sh webgoat.sh.orig


$ sudo nano ./webgoat.sh

JAVA_HOME=/usr/lib/jvm/java-6-sun/
export JAVA_HOME


# is_java_1dot5


$ sudo ./webgoat.sh start80


$ sudo ./webgoat.sh start8080


$ cat tomcat/conf/server_8080.xml


<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,192.168.1.1" />


$ cat tomcat/conf/tomcat-users.xml

-----------------------------------------------------------------------------------------------------------------