Server Setup Instructions:
-
Create virtual machine:1GB RAM,2CPU,1NIC,Expanding 64GB HDD
-
Attach Ubuntu 13.04 x86_64 server ISO image
-
Boot and install default Ubuntu 13.04 x64 server image.
-
Log in and become root by executing "sudo su -"
-
Download the package fixes: https://github.com/x684867/nemesis/blob/master/src/deb/brokenPackageFix.tar.gz
-
Execute "apt-get update -y && apt-get upgrade -y && shutdown -r now" to update the system. NOTE: if it fails, use the package downloaded in #5. This includes a fixer script.
-
Install git: apt-get install git-core -y
-
Clone the nemesis repo to bring down the sources and dependencies
cd /srv git clone https://github.com/x684867/nemesis_server
-
Execute the installer script:
/srv/nemesis/bin/nemesis-install <broker,cipher,keys,audit>
Creating TLS Peer Relationships Using OpenSSL
Theory: 1. Each peer relationship is a two-way street Both peers are client AND server.
2. This means that each must have a private key
and a public key signed by the other peer.
3. Rather than a central CA, Nemesis uses peer-
based certificates so that a single host is
NOT the CA and therefore cannot compromise
the entire system.
-
Create the CA Key:
openssl ecparam -out /srv/nemesis/etc/tls/ca/store.ca.key
-
Create and sign the CSR for the CA key:
openssl req -new -x509 -days 365
-key /srv/nemesis/etc/tls/ca/store.ca.key
-out /srv/nemesis/etc/tls/ca/store.ca.crt -
Create the client certificate pair:
openssl