This operation guide is intended to provide assistance and instruction for the operation of hosted IMPEX systems. The document gives general and specific information regarding the operation of stations and the ICC. This document does not describe the system or application structure which is described in a separate document.
word | Definition |
---|---|
ICC | IMPEX Control Center |
Station | IMPEX scanning kiosk |
Repo | Update service, included in ICC or a separate server |
Customers with a valid support contract can send emails to
support@sysctl.se
System for scanning USB-devices in a kiosk solution with an central ICC server. The stations scan USB-devices and clears the content by different rules and technologies. The stations initiate all communications to the ICC server on port TCP/443 and use TLS1.2 for encryption during transit. The stations will get time, and configuration from the ICC and they will push logs and results from scans to the ICC. The station will get AV-signatures and patches from the Repo server.
The ICC server exposes a REST API that requires authentication. The stations use the REST API but it is also possible to use the interface for other integrations. The Repo will sync AV-singatures and updates from updates.sysctl.se on port TCP/443 over TLS and expose them to the stations.
All systems use CentOS 7 as the base OS. The stations are not supposed to be logged in to, all configuration is done from the ICC. The ICC and Repo has local accounts, but can be connected to Active Directory, Redhat Identity manager, FreeIPA or other LDAP service. Administrators can log in with SSH or from the console. The application on the ICC has local accounts.
+-------------------+ +--------------+
| updates.sysctl.se | | Lets Encrypt |
+---^---------------+ +---^----------+
| |
Internet | |
| +----------------+
| |
+------------------------------------------------------------+
| |
DMZ +---+-----+---+
| Firewall <------+
+-------------+ |
|
+-----+----+
+-------------> Proxy |
| | if used |
| +----------+
|
|
+----+----+
| |
| ICC <------------------+
| | |
+-------^-+ |
| |
| |
| |
+------------------------+--------------------+---------------+
| |
Peripheral Network | |
+----+----------+ +------+--------+
| IMPEX STATION | | IMPEX STATION |
+---------------+ +---------------+
Data | Delivers to | Receives from | Tool | Short Description |
---|---|---|---|---|
smtp.tld | ICC | Mail Relay | information from system to end users | |
Time | ICC | ntp.tld | ntp | Time source to system |
DNS | ICC | resolver.dns | DNS resolver | DNS lookup |
Log | syslog.tld | ICC | syslog | Sending syslog to log collector |
A modern web browser
Description of different tasks that may be needed
The stations are self maintained and no operations is needed.
Login can be done from the console or by using SSH
The servers have one root account with a password. Personal accounts are possible to use, and operations can be done from a user account with privilege escalations.
Use the following command to get root permissions
sudo su -
systemctl stop impex-server
systemctl start impex-server
systemctl poweroff
systemctl reboot
The servers will check for updates and update the system automatic every day at 01:00 with a random delay of 1 hour. The servers will reboot if needed. The stations will always reboot every night. All tasks on the stations will be cached.
Snapshots of the servers can be done to create backups.
The repo server can always resync data from upstream providers. No need to backup any data.
The ICC store all application data in a SQLite database
/etc/opt/sysctl/impex-server/django-app/db/db.sqlite3
To backup the database, the following command can be used
sqlite3 /opt/sysctl/impex-server/django-app/db/db.sqlite3 .dump > new_backup_file
The ICC can enable Station online monitoring and send email if a station is offline.
The following should be monitored on the ICC and Repo
The ICC will generate a syslog message when a station has uploaded a scan report that contains malware. The following format is used for the message
Dec 24 15:00:00 icc journal: [24/Dec/2020 15:00:00] ICC WARNING [ICC:14] \
Station detected malware (https://icc.domain.tld/#!/scans/2)
The message will include a link to the actual scan report on the ICC. It will not include any sensitive information.
There are many more syslog messages specified and described in the ICC manual.