CASB Local Run Instruction - Theresa

# CASB Local Run Instruction - Theresa 🕐2022-08-12、2022-08-15上傳至HackMD ## Environment setup (Windows) - **Install Java and Maven** - **Java** [[Download](https://www.oracle.com/java/technologies/downloads/#java8-windows)] - **Java SE Development Kit 8u341** - **Maven** [[Download](https://maven.apache.org/download.cgi)] - Download **Binary zip archive** and unzip - Set environment variables - **M2_HOME** Set the path where you unzip your Maven - **PATH** Add the following path to **PATH**: ``` %M2_HOME%\bin ``` - **Install IntelliJ IDEA** [[Download](https://www.jetbrains.com/idea/download/#section=windows)] > 建議使用此IDE來進行開發 ## CASB Local-Run [toc] ### Run Solr #### 在windows上run Solr (2021/3/12) - `%localappdata%` 為windows 上的路徑位子，直接在filepath 打`%localappdata%` - Run ```shell ## Start Solr cd %localappdata%\CASB\solr\example java -server -Duser.timezone=UTC \ -Djava.net.preferIPv4Stack=true \ -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Djetty.port=8983 \ -Dsolr.solr.home=${%localappdata%}\\CASB\\solr\\example\\solr \ -Dsolr.install.dir=${%localappdata%}\\CASB\\solr \ -jar start.jar ##example java -server -Duser.timezone=UTC \ -Djava.net.preferIPv4Stack=true \ -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Djetty.port=8983 \ -Dsolr.solr.home=C:\\Users\\A60144.ITRI\\AppData\\Local\\CASB\\solr\\example\\solr \ -Dsolr.install.dir=C:\\Users\\A60144.ITRI\\AppData\\Local\\CASB\\solr -jar start.jar ## Stop Solr solr.cmd stop -p 8983 ``` - Address ``` http://localhost:8983/solr ``` ![](https://i.imgur.com/Pviw7Bn.png) #### On Ubuntu - Run ```shell= ## workdir solr/bin cd ~/solr/bin ## Start solr bash ./solr start ## Stop solr bash ./solr stop -p 8983 ``` - Address ``` http://localhost:8983/solr ``` --- ### Run H2DB - 記得先將 `casb.mv.db`放到`%localappdata%\CASB\h2db` 底下 - example: `C:\Users\<username>\AppData\Local\CASB\h2db\casb.mv.db` #### Start H2DB Server > 注意，要記得先產生一個jks檔，可以沿用剛剛產生的casb.jks ```shell git clone git@github.com:ITRI-ICLX-DNN/casb.git cd casb\docker\casb\h2db java -Djavax.net.ssl.keyStore="${%localappdata%}\CASB\casb.jks" \ -Djavax.net.ssl.keyStorePassword=changeit \ -classpath h2.jar org.h2.tools.Server \ -tcp -tcpPort 9092 -tcpAllowOthers -tcpSSL ## example java -Djavax.net.ssl.keyStore="C:\Users\A20365\AppData\Local\CASB\casb.jks" \ -Djavax.net.ssl.keyStorePassword=changeit \ -classpath h2.jar org.h2.tools.Server \ -tcp -tcpPort 9092 -tcpAllowOthers -tcpSSL ``` ![](https://i.imgur.com/Ch1kjKt.png) #### Start H2DB Web > 注意，要記得先產生一個jks檔，可以沿用剛剛產生的casb.jks。 > 也要記得把憑證匯入"%JAVA_HOME%\jre\lib\security\cacerts"唷! ```shell git clone git@github.com:ITRI-ICLX-DNN/casb.git cd casb\docker\casb\h2db java -Djavax.net.ssl.keyStore="${%localappdata%}\casb.jks" \ -Djavax.net.ssl.keyStorePassword=changeit \ -Djavax.net.ssl.trustStore="%JAVA_HOME%\jre\lib\security\cacerts" \ -Djavax.net.ssl.trustStorePassword=changeit \ -classpath h2.jar org.h2.tools.Console -web ## example java -Djavax.net.ssl.keyStore="C:\Users\A20365\AppData\Local\CASB\casb.jks" \ -Djavax.net.ssl.keyStorePassword=changeit \ -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_231\jre\lib\security\cacerts" \ -Djavax.net.ssl.trustStorePassword=changeit \ -classpath h2.jar org.h2.tools.Console -web ``` ```shell http://localhost:8983/solr ``` - login 資訊 - **Driver Class**: org.h2.Driver - **JDBC URL**: jdbc:h2:ssl://127.0.0.1:9092/~/AppData/Local/CASB/h2db/casb;mode=MySQL;CIPHER=AES; - **User Name**: root - **Password**: `123 123` ![](https://i.imgur.com/ivatUqm.png) ![](https://i.imgur.com/NrdDqQE.png) ### Set up the Server (Windows) - **Import Dependencies** - **Run Miro-1.2** ```shell git clone git@github.com:ITRI-ICLX-DNN/casb.git cd casb\artifact mvn install:install-file \ -DgroupId=org.itri.byoc \ -DartifactId=Miro -Dversion=1.2 \ -Dpackaging=jar -Dfile=./Miro-1.2.jar ``` ![](https://i.imgur.com/3wk39sn.png) - **RLM** ```shell git clone git@github.com:ITRI-ICLX-DNN/casb.git cd casb\RLM mvn install:install-file \ -DgroupId=com.reprisesoftware.rlm \ -DartifactId=Rlm -Dversion=1421 \ -Dpackaging=jar -Dfile=./rlm1421.jar ``` ![](https://i.imgur.com/x0zN1YA.png) - **RUN Server** - Go to the the directory that contains `pom.xml` and execute the following command: ```shell git clone git@github.com:ITRI-ICLX-DNN/casb.git cd casb\ mvn idea:idea ``` ![](https://i.imgur.com/KSnE8TO.png) It will create the `ipr` file. ```shell ls casb.iml casb.ipr casb.iws ``` - open casb.ipr(use IntelliJ IDEA open) - **IDEA** Run/Debug Configurations - Main class: org.itri.casb.Main - Program arguments : ``` --properties=${%localappdata%}\CASB\s3proxy.conf \ --dbpw=<db password> ## example --properties=C:\Users\A20365\AppData\Local\CASB\s3proxy.conf \ --dbpw=123 ``` ![image-20220809090646179](https://i.imgur.com/YqvJkN6.png) - check ![Uploading file..._9kmb7h0w9]() - **Required Files** - Create a folder named `target` if not exists. - Put `casb/RLM/rm1421.dll` under `target`. - Modify the configuration file `s3proxy.conf` and put it under `%localappdata%\CASB`. Please create the folder if it does not exists. Please check the default setting of `s3proxy.conf` [here](https://github.com/ITRI-ICLX-DNN/casb/wiki/Set-up-CASB-configuration-file#s3proxyconf) . - Create `casb.jks` and put it under `%localappdata%\CASB`. - Check the steps [here](#Generate a KeyStore with Keytool) to generate `casb.jks` - Export the certificate file and import it into your Java keystore. - Put `casb.mv.db` under `%localappdata%\CASB\h2db` - The DB file will be generated when you run `CASB Admin` or `RunServices`. - Put the license file under `%localappdata%\CASB` if it does not exist. - **Extract from the "lic.zip" using password "pdlg5584fd"** - The license file is generated by RLM-embedded. (The license of RLM-embedded is expired) - Please obtain pre-generated license files from Amber. - The information of the license - 1.0 permanent uncounted hostid=ANY - Unzip `solr.zip` to`%localappdata%` - **Working directory**: `casb\target` - 之後會把一些相關的檔案放在這裡 - 例如，`rlm1421.dll` --- ### Set up the Client #### CloudBerry > You can download CloudBerry from [here](https://www.msp360.com/explorer/windows/amazon-s3/) > Make sure you have created a CASB user account using CASB Admin. - Step1. Create a new account. `File -> Add new account -> S3 Compatible` ![updated_image-20200207141917082](https://i.imgur.com/PDPl3oY.png) ![updated_image-20200207151631469](https://i.imgur.com/Qhefn4l.png) - **Display name**: Use the name you want. - **Service point**: CASB Server's IP and Port. - **Access Key**: CASB User's username. - **Secret Key**: CASB User's CASB Key. - Step2. Connect to a bucket. For example, we can connect to a bucket named `hacked-bucket`. ![image-20200207151730754](https://i.imgur.com/64EEr2b.png) --- #### SimpleS3Client ## CASB Admin ### Prerequisites (Windows) > 主要用途是用來製作Windows安裝檔，請先根據給DRC的那份`勒索軟體雲端備份解決方案-程式編譯與安裝檔產製手冊`將必要檔案複製到指定位置，再執行runServices。 - **Set up the IDEA Project** - Go to the the directory that contains `pom.xml` and execute the following command: ``` mvn idea:idea ``` It will create the `ipr` file. - **IDEA** Run/Debug Configurations - **Main Class** ``` org.itri.App ``` - **Program arguments** ``` <db password> ``` - **Working directory**: 無須修改 **Required Files** - 把`casb.jks`複製到CASB Admin的目錄底下 ### Run - 啟動H2 Server - 開啟 IDEA Project - 執行程式 ### URL - https://127.0.0.1:8443/login --- ## Search Console (CASB Client) ### Prerequisites (Windows) - **Set up the IDEA Project** - Go to the the directory that contains `pom.xml` and execute the following command: ``` mvn idea:idea ``` It will create the `ipr` file. - **IDEA** Run/Debug Configurations ![image](https://user-images.githubusercontent.com/44458778/185021066-e25c66d5-823e-4f83-af51-0d1d33d06ae4.png) - **Main Class** ``` org.itri.byoc.App ``` - **Program arguments**: 可以不設定 ``` --ip=<CASB server IP> --id=<username> --password=<userpassword> ``` - **Working directory**: 無須修改 - **Required Files** - Set Icon - Copy `casb\CASBClient\src\main\resources\ITRI_icons\logo20.png` to `casb\CASBClient\src\main\resources\default_icons` - Copy `casb\CASBClient\innoSetup\config.prop` to `%localappdata\CASBClient` - Remember to create `%localappdata\CASBClient`if it does not exist. - 備註: CASB Client 在發現沒有`config.prop`時(拋出exception)，會自動產生並填入預設值(`ransomware.aware=false`)，這個值會影響: - True: 標題名稱顯示為「Search Console」，不顯示「Rclone Mount」的選項 - False: 標題名稱顯示為「CASB Client」，顯示「Rclone Mount」的選項 - 目前建議將`ransomware.aware`設成True。 ### Run - 開啟 IDEA Project - 執行程式 --- ## runServices ### Prerequisites (Windows) > 主要用途是用來製作Windows安裝檔，請先根據給DRC的那份`勒索軟體雲端備份解決方案-程式編譯與安裝檔產製手冊`將必要檔案複製到指定位置，再執行runServices。 - **Set up the IDEA Project** - Go to the the directory that contains `pom.xml` and execute the following command: ``` mvn idea:idea ``` It will create the `ipr` file. - **IDEA** Run/Debug Configurations - **Main Class** ``` org.itri.Main ``` - **Program arguments**: 無須修改 - **Working directory**: 無須修改 ### Run - 開啟 IDEA Project - 執行程式 --- ## Appendix ### Generate casb.jks with Keytool - Generate `casb.jks` ```shell keytool -genkeypair -alias casb -keystore casb.jks -keyalg RSA -validity 365 -storepass changeit -keypass changeit ----- 您的名字與姓氏為何？ [Unknown]: 127.0.0.1 您的組織單位名稱為何？ [Unknown]: 您的組織名稱為何？ [Unknown]: 您所在的城市或地區名稱為何？ [Unknown]: 您所在的州及省份名稱為何？ [Unknown]: 此單位的兩個字母國別代碼為何？ [Unknown]: CN=127.0.0.1, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 正確嗎？ [否]: y ``` - Export the Public Key Certificate ```shell keytool -export -keystore casb.jks -alias casb -file casb.cer -storepass changeit ``` - Import the certificate to the JRE TrustStore ```shell keytool -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -importcert -alias casb -file casb.cer -trustcacerts -keypass changeit -storepass changeit ``` - (Optional) Delete the certificate from the JRE TrustStore ```shell keytool -delete -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -alias casb -storepass changeit ``` ###### tags: `CASB`