Operation Guide

This operation guide is intended to provide assistance and instruction for the operation of hosted IMPEX systems. The document gives general and specific information regarding the operation of stations and the ICC. This document does not describe the system or application structure which is described in a separate document.

Definitions

word Definition
ICC IMPEX Control Center
Station IMPEX scanning kiosk
Repo Update service, included in ICC or a separate server

Contacts

Customers with a valid support contract can send emails to

support@sysctl.se

System overview

System for scanning USB-devices in a kiosk solution with an central ICC server. The stations scan USB-devices and clears the content by different rules and technologies. The stations initiate all communications to the ICC server on port TCP/443 and use TLS1.2 for encryption during transit. The stations will get time, and configuration from the ICC and they will push logs and results from scans to the ICC. The station will get AV-signatures and patches from the Repo server.

The ICC server exposes a REST API that requires authentication. The stations use the REST API but it is also possible to use the interface for other integrations. The Repo will sync AV-singatures and updates from updates.sysctl.se on port TCP/443 over TLS and expose them to the stations.

All systems use CentOS 7 as the base OS. The stations are not supposed to be logged in to, all configuration is done from the ICC. The ICC and Repo has local accounts, but can be connected to Active Directory, Redhat Identity manager, FreeIPA or other LDAP service. Administrators can log in with SSH or from the console. The application on the ICC has local accounts.

System drawing

                     +-------------------+  +--------------+
                     | updates.sysctl.se |  | Lets Encrypt |
                     +---^---------------+  +---^----------+
                         |                      |
    Internet             |                      |
                         |     +----------------+
                         |     |
+------------------------------------------------------------+
                         |     |
    DMZ              +---+-----+---+
                     |  Firewall   <------+
                     +-------------+      |
                                          |
                                    +-----+----+
                      +------------->  Proxy   |
                      |             | if used  |
                      |             +----------+
                      |
                      |
                 +----+----+
                 |         |
                 |   ICC   <------------------+
                 |         |                  |
                 +-------^-+                  |
                         |                    |
                         |                    |
                         |                    |
+------------------------+--------------------+---------------+
                         |                    |
    Peripheral Network   |                    |
                    +----+----------+  +------+--------+
                    | IMPEX STATION |  | IMPEX STATION |
                    +---------------+  +---------------+

Interactions with other systems

Data Delivers to Receives from Tool Short Description
Mail smtp.tld ICC Mail Relay information from system to end users
Time ICC ntp.tld ntp Time source to system
DNS ICC resolver.dns DNS resolver DNS lookup
Log syslog.tld ICC syslog Sending syslog to log collector

Client software requirements

A modern web browser

Operation description

Description of different tasks that may be needed

Station

The stations are self maintained and no operations is needed.

ICC and Repo

Login

Login can be done from the console or by using SSH

Service accounts

The servers have one root account with a password. Personal accounts are possible to use, and operations can be done from a user account with privilege escalations.

Use the following command to get root permissions

sudo su -

Termination procedures

Application shutdown

systemctl stop impex-server

Application start

systemctl start impex-server

System shutdown

systemctl poweroff

Server reboot

systemctl reboot

Service window

The servers will check for updates and update the system automatic every day at 01:00 with a random delay of 1 hour. The servers will reboot if needed. The stations will always reboot every night. All tasks on the stations will be cached.

Backup

Snapshots of the servers can be done to create backups.

Repo

The repo server can always resync data from upstream providers. No need to backup any data.

ICC

The ICC store all application data in a SQLite database

/etc/opt/sysctl/impex-server/django-app/db/db.sqlite3

To backup the database, the following command can be used

sqlite3 /opt/sysctl/impex-server/django-app/db/db.sqlite3 .dump > new_backup_file

Monitoring

The ICC can enable Station online monitoring and send email if a station is offline.

The following should be monitored on the ICC and Repo

Syslog

The ICC will generate a syslog message when a station has uploaded a scan report that contains malware. The following format is used for the message

Dec 24 15:00:00 icc journal: [24/Dec/2020 15:00:00] ICC WARNING [ICC:14] \
Station detected malware (https://icc.domain.tld/#!/scans/2)

The message will include a link to the actual scan report on the ICC. It will not include any sensitive information.