SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Improve aggregator setup docs (#163)

Browse source 
* Improve aggregator setup docs

 * Add hints how to serve the aggregator output using nginx.
 * Add hint that the permission of the aggregator config file should be
   restricted.
 * Add a setuid bit to the aggregator integration test script
   to easy manual serving.

* Wording

Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
This commit is contained in:
Bernhard E. Reiter 2022-06-09 11:00:30 +02:00 committed by GitHub
parent 25cb3b2c10
commit 19d39b85d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
docs/csaf_aggregator.md
View file

@ -22,9 +22,13 @@ Usage example for a single run, to test if the config is good:
Once the config is good, you can run the aggregator periodically Once the config is good, you can run the aggregator periodically
in two modes. For instance using `cron` on Ubuntu and after placing in two modes. For instance using `cron` on Ubuntu and after placing
the config file in `/etc/csaf_aggregator.toml`: the config file in `/etc/csaf_aggregator.toml` and making sure
its permissions only allow the user `www-data` to read it:
```bash ```bash
chown www-data /etc/csaf_aggregator.toml
chmod go-rwx /etc/csaf_aggregator.toml
mkdir /var/log/csaf_aggregator mkdir /var/log/csaf_aggregator
mkdir ~www-data/bin mkdir ~www-data/bin
cp bin-linux-amd64/csaf_aggregator ~www-data/bin/ cp bin-linux-amd64/csaf_aggregator ~www-data/bin/
@ -48,6 +52,21 @@ SHELL=/bin/bash
``` ```
#### serve via web server
Serve the paths where the aggregator writes its `html/` output
by means of a webserver.
In the config example below place is configured by the path given for `web`.
The user running the aggregator has to be able to write there
and the web server must be able to read the files.
If you are using nginx, the setup instructions for the provider provide
and example. You can leave out the cgi-bin part,
potentially commend out the TLS client parts and
adjust the `root` path accordingly.
### config options ### config options
The following options can be used in the config file in TOML format: The following options can be used in the config file in TOML format:

2
docs/scripts/testAggregator.sh
View file

@ -13,7 +13,7 @@ set -e # to exit if a command in the script fails
# The same directory name used in the config-example file. # The same directory name used in the config-example file.
sudo mkdir /var/csaf_aggregator sudo mkdir /var/csaf_aggregator
sudo chgrp -R www-data /var/csaf_aggregator sudo chgrp -R www-data /var/csaf_aggregator
sudo chmod -R g+w /var/csaf_aggregator sudo chmod -R g+ws /var/csaf_aggregator
cd ~/csaf_distribution/ cd ~/csaf_distribution/
sudo ./bin-linux-amd64/csaf_aggregator -c docs/examples/aggregator.toml sudo ./bin-linux-amd64/csaf_aggregator -c docs/examples/aggregator.toml