how to upgrade from simpleness 1.2 to 2.0

Last updated: August 21, 2007

These instructions are only for upgrading simpleness from v1.2 to v2.0. This upgrade will not modify any existing data in your MySQL database. All of your scan data will remain as well as any user accounts in the vauth user tables.

Create a directory to backup your existing simpleness installation.

cd {your root www folder}

mkdir simpleness1.2

mv audits.css audits/ jpgraph/ vAuthenticate.php vAuthenticate/ ./simpleness1.2/.

Download the simpleness.tar.gz file and copy to the root of your webserver. It will unzip the files into the proper file structure.

gunzip < simpleness.tar.gz | tar xvf -

This will unzip the following structure:

audits/

Copy back existing user and nessus files.

cp -r simpleness1.2/audits/users/ audits/

cp -r simpleness1.2/audits/ainfo/ audits/

cp -r simpleness1.2/audits/rcfiles/ audits/

chmod 644 {www root}/audits/rcfiles/.nessusrc.*

Move the perl scripts to proper locations. The importness.pl and nesupdate.pl scripts have not changed in version 2.0, so you will only need to move the scheduling script, run_nesjobs.pl. The run_nesjobs.pl script is new to version 2.0 and is used to monitor the database for scheduled Nessus jobs.

chmod 755 audits/scripts/*.pl

mv audits/scripts/run_nesjobs.pl {path to cgi-bin}

You will need to re-edit vars.php. Do NOT copy from the old install. This file have been changed. Edit {www root}/audits/includes/vars.php and change all of the appropriate variables, including the username and password to be able to connect to the nessus and vauth databases.

Edit the config.xml file, which is also new to version 2.0. This file is used to pass some initial values to the Flex application. At a minimum, you will need to change the value in the "baseurl" tags. This should be the same value as "$rooturl" in the vars.php file.

Edit the run_nesjobs.pl script and change the database connection settings, at a minium define a new password. Then add a cron job to allow for scheduling of jobs with simpleness, you can add the following line to your crontab (to run once a minute):

* * * * * /srv/www/cgi-bin/run_nesjobs.pl

The audits/ainfo and audits/users folders need to be modified to allow Apache to write the Nessus reports to the drive and store customer nessusrc files. (For my installs, my "apache user" is "wwwrun".)

#chown {apache user} audits/ainfo

#chown {apache user} audits/users

#chmod 700 audits/ainfo

#chmod 700 audits/users

Update the Nessus MySQL database for version 2.0:

mysql -u root -pPASSWORD nessus < ./audits/sql/upgrade1.2_to_2.0.sql

Create a new user to allow for database backups:

mysql>grant select, lock tables on nessus.* to 'dbbackup'@'localhost' identified by 'PASSWORD';

mysql>grant select, lock tables on vauth.* to 'dbbackup'@'localhost';

mysql>flush privileges;

If you have any comments or suggestions, just let me know at: { sawall -[at]- gmail -[dot]- com }.