Skip to content
This repository has been archived by the owner on May 11, 2019. It is now read-only.

Apache 2.2 Deployment

MarkDavidson edited this page Jul 24, 2013 · 18 revisions

This page documents deploying YETI on an Apache 2.2. This page attempts to be complete and correct, but may have errors and omissions. If you see something that doesn't make sense, doesn't look right, or plain doesn't work, please feel free to send an email to [email protected] with a question or comment.

Please note that other deployment configurations may work. This is the one that we have verified.

Requirements

Required Software Packages

These are required for YETI to run correctly

  1. RHEL 6.x, 64-bit (uname -a returns 2.6.32-358.11.1.el6.x86_64)
  2. Python 2.6 or 2.7 (3.x is not supported)
  3. Apache 2.2.x and mod_wsgi yum install httpd mod_wsgi
  4. Django 1.4 (https://www.djangoproject.com/download/)
  5. libxml2 2.9.0 or later (http://www.xmlsoft.org/downloads.html)

Optional software packages

These are required for certain aspects of YETI to function properly.

HTTPS
  1. Apache mod_ssl yum install mod_ssl
MySQL

If you want YETI to use MySQL, you will need these software packages:

  1. MySQL-Server yum install mysql-server
  2. MySQL-Python yum install MySQL-python

Required Python libraries

  1. libtaxii 1.0.105 or higher (https://github.com/TAXIIProject/libtaxii/releases/)
  2. lxml latest version (http://lxml.de/index.html#download)

Configuration

Apache configuration items. It is recommended to create a yeti.conf file in /etc/httpd/conf.d/ and place these values in it.

# Maximum size of the request body - set to the maximum limit you wish to allow. 0 allows any size.
LimitRequestBody 0

#WSGI Configs
WSGIApplicationGroup %{GLOBAL}
WSGISocketPrefix /var/run/wsgi

#Replace /data/yeti with the YETI path if it is different
WSGIDaemonProcess yeti python-path=/data/yeti
WSGIScriptAlias / /data/yeti/yeti/wsgi.py process-group=yeti application-group=%{GLOBAL}
Alias /static/ /data/yeti/yeti/static/

<Directory /data/yeti/yeti>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>

<VirtualHost _default_:443>
ServerName yourServerName

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/private/private_nopass.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt

SSLVerifyClient require
SSLCACertificateFile /data/yeti/yeti/client_certs/all_certs.cer

SSLVerifyDepth 5
SSLOptions StdEnvVars

</VirtualHost>


#This is the recommended configuration for the admin interface
Listen 8443
<VirtualHost _default_:8443>
ServerName yourServerName
RewriteCond {%REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/private/private_nopass.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt

</VirtualHost>
Clone this wiki locally