Skip to content

Installation on GNU/Linux

Installation on the following distributions is currently supported:

  •  Debian version 11 (“bullseye”) and 12 (“bookworm”).

Important

All commands in the instructions are run by a user with the “admin” role.

Overview

The installation consists of several steps.

  1. Preliminary steps:

    1. Preparing for installation.
    2. Add a repository.
    3. Install and configure S3 storage.
    4. Install and configure PostgreSQL.

  2. The installation of packages is carried out in accordance with architecture and includes the following components:

    1. Control node.
    2. Console Client (CLI).
    3. Scanning node (after installation it must be connected to the control node).
    4. Report generation node.

Preparing for installation

Add the paths to the standard directories with executable files to the $PATH variable in the $HOME/.profile file.

export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Install the curl package.

apt install curl

Add a repository

When adding a repository, enter your secret token to gain access.

curl -fsSL repo.solidpoint.net | sh -

When adding a repository, enter your secret token to gain access.

curl -fsSL repo.solidpoint.net | CHANNEL=edge sh -

Go to the distribution directory and run the script for adding the repository.

./debian/add-local-repository.sh

Install and configure S3 storage

Important

Each individual scan node must have its own S3 storage deployed. It is allowed to share one instance of the S3 storage with different scan nodes.

apt install minio

Add a user

Replace the values of the MINIO_ROOT_USER and MINIO_ROOT_PASSWORD variables with your custom ones.

cat > /etc/default/minio << EOF
MINIO_VOLUMES=/var/lib/minio
MINIO_OPTS=-C /etc/minio --address 127.0.0.1:9000
MINIO_ROOT_USER=${MINIO_USER}
MINIO_ROOT_PASSWORD=${MINIO_PASSWORD}
EOF

mkdir /var/lib/minio
useradd minio-user
chown -R minio-user /var/lib/minio
systemctl enable --now minio

Check the S3 storage status

systemctl status minio

Install and configure PostgreSQL

apt install postgresql
su postgres -c psql

In the following steps, replace the values of the POSTGRESQL_PASSWORD variables with your custom ones.

Create a database and user for the scanner

> CREATE USER fuchsia WITH PASSWORD '${POSTGRESQL_PASSWORD}';
> CREATE DATABASE fuchsia;
> GRANT ALL PRIVILEGES ON DATABASE fuchsia TO fuchsia;
> \c fuchsia;
> GRANT ALL ON SCHEMA public TO fuchsia;

Create a database and user for the server part

> CREATE USER backend WITH PASSWORD '${POSTGRESQL_PASSWORD}';
> CREATE DATABASE solidpoint_backend;
> GRANT ALL PRIVILEGES ON DATABASE solidpoint_backend TO backend;
> \c solidpoint_backend;
> GRANT ALL ON SCHEMA public TO backend;
> quit

Upgrade PostgreSQL version

For PostgreSQL version 15 or lower, follow the steps from the PostgreSQL upgrade instruction.

Install the TimescaleDB extension

  1. Install TimescaleDB. Instead of the “*” symbol, specify the required versions for the command below.

    apt install timescaledb-2-postgresql-* postgresql-client-*

  2. Run the PostgreSQL setup for TimescaleDB.

    apt install timescaledb-tools
timescaledb-tune

  3. Restart PostgreSQL.

    systemctl restart postgresql

Install packages

For the dashboard

apt install solidpoint-dashboard

During installation, you will be prompted to configure the database connection address:

  • Enter the connection string in the following format:

    postgresql://backend:${POSTGRESQL_PASSWORD}@127.0.0.1:5432/solidpoint_backend
  • Replace the POSTGRESQL_PASSWORD value with a custom one.
  • Replace the IP address, port, and username if they do not have a default value.

After completing these steps the dashboard should be accessible at http://localhost:8100.

The nginx web server configuration of the dashboard can be found in the /etc/nginx/conf.d/solidpoint-frontend.conf file.

For the console client

apt install solidpoint-cli

If multi-user mode is used, authenticate using the following command. Authentication is not required for single-user mode.

solidpoint-cli auth login -i

For the scanner

Note

It is possible to deploy more than one scanning node for a single control node. To do this, follow the steps in this section of the instructions for each machine designated as a scanning node.

apt install fuchsia-full

During the installation process, you will be prompted to perform several configuration steps.

PostgreSQL connection string step

  • Enter the connection string in the format:

    postgresql://fuchsia:${POSTGRESQL_PASSWORD}@127.0.0.1:5432/fuchsia
  • Replace the POSTGRESQL_PASSWORD value with your custom one.
  • Replace the IP address, port, and username if they do not have a default value.

S3 storage address step

  • Specify the S3 storage address in the ip:port format (default: 127.0.0.1:9000). If the TLS protocol is used for connection, use the https:// scheme before the address.
  • Specify the previously set custom value of the MINIO_ROOT_USER variable.
  • Specify the previously set custom value of the MINIO_ROOT_PASSWORD variable.

The listen address step

  • Enter the address for listening to the connection (e.g., tcp://0.0.0.0:7075).

Interactsh server step

  • Specify the domain of the personal configured interactsh server. Skip it to use the internal pre-configured interactsh server.
  • Specify the authentication token of the personal interactsh server, if authentication is set up on it. Skip it if it is not configured or if an internal interactsh server is used.

Setting up the fuchsiactl configuration

The server address must match the one specified in the listen address step.

cat > /etc/fuchsia/fuchsiactl.yml << EOF
server_address: "127.0.0.1:7075"
EOF

Check that the scanner was installed correctly

systemctl status fuchsia

Connecting the scanning node to the control node

You can connect using any of the following methods.

solidpoint-cli scanner new -i
You will see a prompt to enter values:

Scanner name: > scanner_name
Scanner address: > 127.0.0.1:7075

solidpoint-cli scanner new -n "scanner_name" -a "127.0.0.1:7075"

curl -sSX POST \
https://solidpoint.local/api/scan-endpoints \
-H 'Content-Type: application/json' \
-d '{"name": "scanner_name","address": "127.0.0.1:7075"}'

For the report generation node

apt install solidpoint-scan-report-generator