Tutorial: Quickstart

If you are interested in stepping up your own evaluation instance of OpenFISMA as quickly as possible, then this guide is for you. This guide does make some asumptions about your knowledge of server concepts such as software installation and setting permissions. You should also know that this guide is only intented for setting up a non-production server. No security best-practices here, in other words. If you are setting up a production server, please contact us for recommendations on setting up a secure site. The basic OpenFISMA installation involves three steps; getting all the software packages, configuring the Apache and MySQL, installing OpenFISMA.

Contents

  1. Getting the packages
  2. Configure Apache and MySQL
  3. Install OpenFISMA
  4. Configure OpenFISMA

For more advanced setup, see the Tutorials page or check out the forum.

 

Install Apache, PHP, and MySQL

OpenFISMA requires Apache (or a compatible web server) as well as PHP 5.2, and MySQL 5. You will need to install these dependencies before installing OpenFISMA. Some operating systems may come with these items pre-installed. If you aren't sure if you have these programs installed, check with your administrator or IT professional. Installing Apache, PHP, and MySQL is beyond the scope of this quick start guide, but if you are trying to evaluate OpenFISMA, then we recommend that you use the XAMPP package. This is a user-friendly package that includes Apache, PHP, and MySQL and simplifies the process for individuals who do not have much experience setting up servers.

Installing XAMPP

The creators of XAMPP have installation guides for Linux and Windows but the basics will be covered here.

Linux

  1. Download XAMPP
  2. Extract the archive into the /opt directory
  3. Start XAMPP by running /opt/lampp/lampp start
  4. Test it out by going to http://localhost

Windows

  1. Download XAMPP
  2. Run the executable
  3. Use the "XAMPP Control Panel" to start/stop the servers
  4. Test it out by going to http://localhost
    XAMPP Control Panel

Getting OpenFISMA

To get OpenFISMA, please visit our downloads area and download the most recent release. Once you have downloaded the package, extract the files into a new directory called openfisma located in your webroot. In Linux this folder is usually /var/www/ while in Windows this location will depend on your XAMPP installation but by default is C:\xampp\htdoc

  • In Linux - tar -xzf openfisma-current-release.tgz /var/www/openfisma
  • In Windows - Use any archive utility such as 7zip or WinZip to extract the files to C:\pathtowebroot\openfisma

Configure Apache and MySQL

Once the dependencies are installed and OpenFISMA is extracted, you need to configure Apache to point towards OpenFISMA's /public directory.

  1. Open the httpd.conf file and edit DocumentRoot /pathtowebroot/openfisma/public or where ever OpenFISMA is located within your webroot.
  2. Make sure that your web server has permission to read and write files inside the OpenFISMA directory.
    • Make sure that your web server has permission to read and write files inside the OpenFISMA directory
    • You probably won't need to worry about this in Windows.
  3. Restart Apache
  4. Create a MySQL database for OpenFISMA
    • Click Admin... on your XAMPP control panel or go to http://localhost/phpmyadmin/ and use the GUI to create a new database called openfisma
      phpMyAdmin
    • Create an application account with full permissions and remember the password.
      phpMyAdmin

Install OpenFISMA

Now that our dependencies are configured, it's time to install OpenFISMA itself.
OpenFISMA installation Window

  1. Navigate to http://localhost
  2. Fill out the missing information
    • Database Username = application account name
    • Database Password = application account password
    • Database Name = openfisma
    • Admin(Root) Pwd = password for the super user log in to OpenFISMA
  3. Click next a few times to complete the installation.
  4. After the installation completes, find the app.conf file located at /openfisma/application/conf. Edit session.cookie_secure = false
  5. Restart Apache
  6. Log in using the Admin(Root) Pwd you gave during the installation.

Configure OpenFISMA

General Configuration

OpenFISMA is highly configurable out of the box to support a wide range of needs. This section will cover some of the basic configuration items.

To access the general configuration page, login as an administrator. Under the "Administration" menu, select "Configuration". You can set the following items on the general configuration page:

  • System Name: When the application displays messages or sends e-mails to users, it will refer to itself using this name.
  • Inactive Account Expiration: How many days it takes for an inactive account to expire
  • Session Timeout: How many minutes of inactivty are allowed before a user is automatically logged out.
  • Authentication Method: OpenFISMA can authenticate against an Active Directory (LDAP) or using its built-in database authentication module.
  • Rules Of Behavior Period: How often users need to review the Rules of Behavior. OpenFISMA will require users to read and accept the ROB periodically. This process is logged so that subsequent audits can determine when a particular user last accepted the ROB.
  • Warning Banner: The system use notification which is displayed on the login screen.
  • Rules of Behavior: The text of the Rules of Behavior. OpenFISMA will periodically require users to read and accept the ROB periodically. This process is logged so that subsequent audits can determine when a particular user last accepted the ROB.
  • Privacy Policy: The text of the privacy policy. OpenFISMA makes the privacy policy available to all users as a link in the footer of each page.
  • Technical Contact Information: The name, phone number, and e-mail address of the technical contact for your OpenFISMA implementation. When an error occurs, OpenFISMA will display this information to the user in order to help them get support from their administrator.
  • Notification Policies: Parameters for how e-mail notifications are sent to users.
  • Password Policies: OpenFISMA has a rich set of configurable password policies. You can specify parameters such as required password complexity, account lockout policies, and password expiration policies.

Administration Menu

Under the Administration menu, you can also create and modify the following data:

  • Finding Sources
  • Networks
  • Products
  • Roles
  • Organization
  • Systems
  • Users

See the Terminology page for details on what these items mean.