InstallSimpleRiskonUbuntu14.04

IntroductionSimpleRiskisasimpleandfreetooltoperformriskmanagementactivities.BasedentirelyonopensourcetechnologiesandsportingaMozillaPublicLicense2.0,aSimpleRiskinstancecanbestoodupinminutesandinstantlyprovidesthesecurityprofessionalwiththeabilitytosubmitrisks,planmitigations,facilitatemanagementreviews,prioritizeforprojectplanning,andtrackregularreviews.Itishighlyconfigurableandincludesdynamicreportingandtheabilitytotweakriskformulasonthefly.Itisunderactivedevelopmentwithnewfeaturesbeingaddedallthetimeandcanbedownloadedforfreeordemoedathttps://www.simplerisk.it/.

DisclaimerTheluckysecurityprofessionalsworkforcompanieswhocanaffordexpensiveGRCtoolstoaideinmanagingrisk.Theunluckymajorityoutthereusuallyendupspendingcountlesshoursmanagingriskviaspreadsheets.It’scumbersome,timeconsuming,andjustplainsucks.WhenJoshSokolstartedwritingSimpleRisk,itwasoutofpurefrustrationwiththeotheroptionsoutthere.Whathe’sputtogetherisundoubtedlybetterthanspreadsheetsandgetsyoumostofthewaytowardsthe“R”inGRCwithoutbreakingthebank.Thatsaid,humanscanmakemistakes,andthereforetheSimpleRisksoftwareisprovidedtoyouwithnowarrantiesexpressedorimplied.Ifyougetstuck,youcanalwaystrysendingane-mailtosupport@simplerisk.itandwe’lldoourbesttohelpyouout.Also,whileSimpleRiskwaswrittenbyasecuritypractitionerwithsecurityinmind,thereisnowaytopromisethatitis100%secure.Youacceptthatasariskwhenusingthesoftware,butifyoudofindanyissues,pleasereportthemtoussothatwecanfixthemASAP.

InstallUbuntuSimpleRiskshouldbeabletoworkonjustaboutanyoperatingsystemthatiscapableofrunningPHPandMySQL.SincethepurposeofthisguideistogetyouupandrunningwithSimpleRiskasquicklyaspossible,weassumethatyouareusingUbuntu,aFREEandeasytouseLinux-basedoperatingsystem.DownloadthelatestversionofUbuntu(atthetimeofthiswritingit’s14.04)andinstallit.SeetheUbuntudocumentationifyouarehavinganyissuesthere.Onceyouhaveaworkinginstallation,youcanmoveontothenextinstallationsteps.

GettheLatestUbuntuUpdatesLogintoyourUbuntuinstallationusingtheusernameandpasswordyoudefinedatsetup.SelecttheUnitymenu(theoneattheverytopofthebarontheleft)andtype“terminal”inthefieldthatpopsup.Thisshouldshowyouashortcuttotheterminalapplication.Youcanclickittolaunchtheterminal,but

itmaybeagoodideatodragittotheUnitybarontheleftfirstsothatyoucaneasilystartitinthefuture.

Oncetheterminalislaunched,youwillwanttoupdatetheOStothelatestsoftwareversionsavailable.Todothisrun“sudoapt-getupdate”andenteryourpasswordwhenprompted.

Thiswillpulldownthelatestversioninformationforalloftheinstalledoperatingsystemfiles.Nowrun“sudoapt-getdist-upgrade”andanswer“y”whenitasksifyouwouldliketocontinue.

InstallingApache,PHP,andMySQLThenextstepistoinstallthenecessaryfilesinordertorunApachewithPHPandMySQLonthissystem.Todo,thisfirstrunthecommand“sudoapt-getinstalltasksel”.

Next,telltheservertoinstallaLAMPstackbyrunningthecommand“sudotaskselinstalllamp-server”.

YoushouldnowseetheterminalchangeintoapackageconfigurationapplicationthatdownloadsandinstallstheapplicationsnecessaryinordertorunaLAMPstackontheserver.EventuallyitwillpausetheinstallinordertoaskyoutospecifyaMySQL“root”password.Generatealongandrandompasswordandsaveitoffinasecurelocationsothatyoucanaccessitlater.Youwillknowthatthisinstallationprocessiscompletewhenthepackageconfigurationscreengoesawayandyouarebackattheterminalshell.

ConfiguringApachefortheSimpleRiskAPI1) Runthecommand“a2enmodrewrite”toenablemod_rewriteforApache.2) OpenthefilecontainingtheApachesiteconfiguration.Thisislikelyfoundunder

/etc/apache2/sites-enabled.3) Findthe“Directory”sectionforyoursimplerisksiteandaddalineatthetopfor“AllowOverride

all”.Itshouldlooksomethinglikethis:

4) RestartApachebyrunningthecommand“serviceapache2restart”.

ObtainingtheSimpleRiskFilesClickontheFireFoxlogointheUnitybarontheleft.OnceFireFoxloads,enterhttps://www.simplerisk.it/intotheURLbartogototheSimpleRisksite.Clickonthe“Download”linkatthetop.

ClicktodownloadandsaveboththeWebBundleandtheInstallerScript.Onceyouhavethefilesdownloaded,youcanclosethebrowser.

InstallingtheWebFilesChangetothenewApachewebrootbyrunningthecommand“cd/var/www/html”.

Removethedefaultindexpageusingthecommand“sudormindex.html”.Extractthewebbundleintothewebdirectoryusingthecommand“sudotarxvzf~/Downloads/simplerisk-20160612-001.tgz”(orwhateverthemostcurrentversionavailableis).

Thiswillextractthefilesintoadirectoryunderthewebrootnamed“simplerisk”.Youwillneedtoaccessthefileswitha“/simplerisk”appendedtotheURL.Optionally,youcanrunthefollowingcommandstomoveittothewebroot:

• sudomvsimplerisk/*.• sudormdirsimplerisk

Changetheownershippermissionsofthe“simplerisk”directoryandallitssub-directoriestobeownedbythewww-datauser(orwhateveruserApacheisrunningas)usingthecommand“sudochown–Rwww-data:/var/www/html”.

InstallingtheDatabaseExtractthecurrentSimpleRiskinstallertothe“simplerisk”directoryusingthecommand“sudotarxvzf~/Downloads/simplerisk-installer-20160612-001.tgz”(orwhateverthemostcurrentversionavailableis).Thiswillcreateanew“install”directory.Next,inyourwebbrowser,navigatetohttp://localhost/install

onyourSimpleRiskinstance.Ifeverythingworksasexpected,youwillseeaninstallerpagedesignedtoconfigurethedatabaseforyou.

UndertheDatabaseConnectionInformation,provideitwithyourdatabasehostname,port,username,andpassword.UndertheSimpleRiskInstallationInformation,provideitwiththeSimpleRiskdatabasehostname,databasename,andusernamethatyouwouldlikeSimpleRisktouse.ArandompasswordwillbegeneratedfortheBydefault,itwillgenerateastrong,randomlygenerateddatabasepasswordandwerecommendthatyoukeepthatvalue.UndertheSimpleRiskConfigurationInformation,youhavetheabilitytochoosethedefaultlanguage,sessiontimeouts,defaulttimezone,andotheroptions.Withtheexceptionofthedatabaseschemalanguageandtimezone,werecommendthatyoukeepthedefaultvalues.Whenthescriptcompletes,itwillaskifyouwouldliketoinstallanew/includes/config.phppage.Select“Update”tohaveitautomaticallyupdatedwiththeinstallerinformation.Ifitdoesnothavepermissiontowritetothefile,orcannotfindtheexistingconfig.phpfile,thenitwillprovideyouwiththecontentstoplaceinitinstead.Itisalwaysagoodideatodeletethe“install”directoryonceitisnolongerneededusingthecommand“sudorm–rinstall”.

LoggingintoSimpleRiskYoushouldnowhaveperformedallofthestepsyouneedtoforSimpleRisktobeupandrunning.Nowisthemomentoftruthwherewehopefullygettoseeifallofyourhardworkpaidoff.YounowneedtopointyourwebbrowsertotheURLwhereSimpleRiskwouldbeinstalled.Ifyoufollowedtheoptionalinstructions,thenitshouldbelocatedathttp://localhost/.Ifyoudidnot,thenitisprobablylocatedathttp://localhost/simplerisk.Youwillknowthatyou’vegottherightpagewhenyouseesomethinglikethis:

Enterusername“admin”andpassword“admin”togetstarted.Then,selectthe“Admin”dropdownatthetoprightandclickon“MyProfile”.

Enteryourcurrentpasswordas“admin”andplaceanewlongandrandomlygeneratedpasswordintothe“NewPassword”and“ConfirmPassword”fields.Thenclick“Submit”.

Youshouldreceiveamessagesayingthatyourpasswordwasupdatedsuccessfully.Ifso,thenthisisyournew“admin”passwordforSimpleRisk.Ifyoureceivedamessagesayingthat“Thepasswordentereddoesnotadheretothepasswordpolicy”,youcanchangethepolicybyselecting“Configure”fromthemenuatthetopfollowedby“UserManagement”ontheleftside.Youwillseea“PasswordPolicy”sectionatthebottomofthepagewhereyoucanchangethepolicyandtrychangingyourpasswordagain.

RegisteringSimpleRiskThisstepiscompletelyoptional,butwithoutitupgradesofSimpleRiskwillrequiremanualdownloadsofthenewversion,backingupyourconfigurationfile,extractingthenewfiles,restoringtheconfigurationfile,andadatabaseupgrade.Itsoundslikemoreeffortthanitreallyis,butwe’vemadetheprocessfarsimplerifyou’rewillingtotelluswhoyouare.ToregisteryourSimpleRiskinstance,select“Configure”fromthemenuatthetopfollowedby“Register&Upgrade”fromthemenuattheleft.

Enteryourinformationandselectthe“Register”button.ThiswillcreateauniqueInstanceIDforyourSimpleRiskinstanceanddownloadtheUpgradeExtrawhichenablesfunctionalityforone-clickbackupsandupgrades.Ifyourunintoissueswiththeregistrationprocess,werecommendthatyouchecktoensurethatthe“simplerisk”directoryanditssub-directoriesarewriteablebythewww-datauser(orwhateveruserApacheisrunningas).

**ThiscompletesyourinstallationofSimpleRisk**

SimpleRiskPaidSupportandExtrasEverythingthatyou’veseenuptothispointiscompletelyfreeforyoutoinstallanduse,forever.Thatsaid,weofferanumberofwaysforyoutoenhanceyourSimpleRiskinstancewithevenmorefunctionality.Ifyoulikewhatyousee,andfindituseful,pleaseconsiderpurchasingoneofourinexpensivePaidSupportplansorExtrafunctionalitysothatwecancontinuetoofferyouthebestopensourceriskmanagementtoolavailable.Thankyou!