This document describes the steps required to setup the Nanitor server on-premise.
Nanitor Server is distributed as an OVA image which can be downloaded here. The username and password are the on-premise credentials . Please consult your system administrator as to how to import the OVA into the hypervisor of choice. Once that is done please boot into the image.
On the console login as user nanadmin and password m4ssFussBall-01
Edit /etc/yum.repos.d/nanitor-server-centos-stable.repo and replace user:pass with the username and password allocated by Nanitor.
Run the following commands to set the hostname and re-seed the SSH keys. New ones will be generated on reboot:
sudo hostnamectl set-hostname nanitor
Change nanitor to a hostname that suits your organisation or to the hostname allocated by your system/network administrator.
You will want to change the password for the nanadmin and the root user, please run:
passwd root passwd nanadmin
Now set the correct static IP address. Please edit /etc/sysconfig/network-scripts/ifcfg-eth0. For example for IP address 192.168.1.90/24 with default gateway 192.168.1.254 the file would look like:
DEVICE="eth0" BOOTPROTO="static" ONBOOT="yes" IPV6INIT="yes" IPV6_AUTOCONF="yes" NM_CONTROLLED="no" PEERDNS="no" GATEWAY=192.168.1.254 IPADDR0=192.168.1.90 PREFIX0="24"
Then you might want to change the DNS servers by editing /etc/resolve.conf. The image uses the Google DNS servers by default.
Then restart the networking to make sure everything is working as expected:
sudo service network restart
The image comes with pre-generated SSH keys. We will want to remove these and have reboot regenerate them.
rm -f /etc/ssh/*key*
Then reboot the system by running:
sudo shutdown -r now
Once the system is back up and running and should be reachable via SSH. Once logged in via SSH run the following commands to bring the operating system up to date:
sudo yum clean metadata sudo yum -y update
If you are running on top on VMware, you should install VMware tools:
sudo yum -y install open-vm-tools sudo systemctl enable vmtoolsd sudo systemctl start vmtoolsd
Edit /etc/postfix/main.cf and set the relayhost to the smart host to relay through.
Nginx needs a valid SSL certificate which is trusted by all clients (Servers, Desktops etc.). Please copy them into a location nginx can read.
sudo mkdir -p /etc/ssl/local sudo cp nanitor-server.crt nanitor-server.key /etc/ssl/local
For example purposes we use /etc/ssl/local to store the SSL certificate.
Run these commands:
sudo /usr/lib/nanitor-server/bin/nanitor-server-ctl clean_oem_install sudo rm -f /etc/nginx/conf.d/* sudo cp -f /usr/lib/nanitor-server/share/nginx.conf /etc/nginx/conf.d/nanitor.conf
Now edit /etc/nginx/conf.d/nanitor.conf and change the path to the SSL certificates and make sure they are referencing an SSL certificate that is trusted by all devices on the network. When this is done run these commands:
sudo systemctl enable nginx.service sudo service nginx restart
After the installation has been run there should be a file called nanitor_oem_install.out which got created as part of the installation. This includes the username and password for the administrator user that was created as part of the installation process. Please keep this for your records.
Now the server should be up and running at https://hostname.domain.com and the URL should be showing up as trusted in the browser. Please enter the URL and log in as the administrator. Once that is done we need to configure the server. Configuration is necessary before creating organizations. After logging in you will get asked to create an organization, please fill in the relevant fields and continue. Next you should be redirected to the organization you created. Please click the wheel icon in the top right corner to enter the admin page. Please navigate to the "System Management" section near the bottom. Please click Settings in that section and fill in Portal and API URL fields, for example:
Feel free to alter other settings, except the mail server as it needs to be localhost:25 as we use the local mail server which then relays through a smarthost. Click save when finished changing the settings.
Benchmarks from Nanitor come in a .zip format and need to be imported into the system. The Benchmark page under System Administration is the place to upload benchmarks. Benchmarks can be downloaded from https://packages.nanitor.com/benchmarks
An agent needs to be distributed to servers and workstations. The agents from Nanitor come in a as product .zip format and need to be imported into the system. The Products page under System Administration is the place to upload products. Products can be downloaded from https://packages.nanitor.com/products
For Linux it is not strictly required to download the bundle as one can use the yum and apt repositories directly. However for the remote agent update feature it is required to import the products into the system.
After the Portal URL, API URL has been set correctly, Benchmarks and Agents have been uploaded the Nanitor Server is ready for use and the User Guide applies on how to use the system.