Installing Fortify on Linux (RHEL 5 32 bit)
Give valid entries for Rulepack Update and 360 Server Settings
Select 2 and proceed for changing settings. In Rulepack Update, give http address of your fortify 360 server for Update Server URL: field. In 360 Server Settings, give again http address of your fortify 360 server for Server URL: field and set Get Rulepack Updates from 360 Server: true
fortifyclient prompts for a password, type the password for [AccountName]. fortifyclient displays a token of the general form cb79c492-0a78-44e3-b26c-65c14df52e86. Copy the token returned by fortifyclient into a text file.
Updating rules in future
/usr/local/fortify//bin/rulepackupdate -import Se289787b-abd8-4ad6-a77d-f11d89e8ac60.zip
- Download Fortify archive Fortify-360-2.6.5-Analyzers_and_Apps-Linux-x86.tar.gz and extract it to a directory like /usr/local/fortify
- Get License file fortify.license and place it under root directory (/usr/local/fortify)
- Run utility scapostinstall under bin directory (/usr/local/fortify/bin) to perform some necessary post install activities.
[1] Migration...
[2] Settings...
[s] Display all settings
[q] Exit
Please select the desired action (1,2,s,q):
[2] Settings...
[s] Display all settings
[q] Exit
Please select the desired action (1,2,s,q):
Give valid entries for Rulepack Update and 360 Server Settings
Select 2 and proceed for changing settings. In Rulepack Update, give http address of your fortify 360 server for Update Server URL: field. In 360 Server Settings, give again http address of your fortify 360 server for Server URL: field and set Get Rulepack Updates from 360 Server: true
- Now update rules pack using tool rulepackupdate available at bin directory (/usr/local/fortify/bin)
- Generate Upload access token using utility fortifyclient under bin directory. The upload access token enable account and password information to be concealed during uploading of FPRs to Fortify 360 Server
fortifyclient prompts for a password, type the password for [AccountName]. fortifyclient displays a token of the general form cb79c492-0a78-44e3-b26c-65c14df52e86. Copy the token returned by fortifyclient into a text file.
Updating rules in future
- In case in future if you want to update rule packs, here is the process
- You may get rules pack in a zip file of the form Se289787b-abd8-4ad6-a77d-f11d89e8ac60.zip
/usr/local/fortify//bin/rulepackupdate -import Se289787b-abd8-4ad6-a77d-f11d89e8ac60.zip
- or if your F360 server is up to date with rules, then run the command
Awesome!
ReplyDeleteThank You :)
Thanks for the post man, but I have a little trouble after installing the rules
ReplyDeleteAfter updating the rules using fortifyupdate command (rulepackupdated is now deprectaed) the libraries on Fortify 360 console still shows the outdated ones.
Am I missing something?
thank you so much - it is much easy to read than manuals ;-)
ReplyDelete