Tutorial: Quickstart

If you are interested in stepping up your own evaluation instance of OpenFISMA as quickly as possible, then this guide is for you. This guide does make some asumptions about your knowledge of server concepts such as software installation and setting permissions. You should also know that this guide is only intented for setting up a non-production server. No security best-practices here, in other words. If you are setting up a production server, please contact us for recommendations on setting up a secure site. The basic OpenFISMA installation involves three steps; getting all the software packages, configuring the Apache and MySQL, installing OpenFISMA. This tutorial is based on the Linux distribution Debian version 5 which you may download here. Installing Debian is beyond the scope of this tutorial.

For more advanced setup, see the Tutorials page or check out the forum.

OpenFISMA requires Apache (or a compatible web server) as well as PHP 5.2, and MySQL 5. You will need to install these dependencies before installing OpenFISMA. From the command line run the following to install the required packages:

$> apt-get install php5 php5-xmlrpc php5-ldap php5-mysql apache2 mysql-server

Next we will create a new directory for the OpenFISMA installation, download the necessary files, and unpack them to our directory of choice. Be sure the change the RELEASENUMBER to the current release number to download the correct files.  

$> mkdir /opt/openfisma
$> cd /opt/openfisma
$> wget http://openfisma.org/sites/default/files/openfisma-REALSEANUMBER.tgz
$> tar -xzvf http://openfisma.org/sites/default/files/openfisma-RELEASENUMBER.tgz

By default when installing Apache2 in Debian the Rewrite and Expires module are not active, both of these are required for OpenFISMA to function properly, you can enable these module by running the following commands. We will also want to disable the default apache website and install and customize our own website configuration file for OpenFISMA.

$> a2enmod rewrite expires
$> a2dissite default
$>cp /opt/openfisma/NAMEOFRELEASE/scripts/bin/apache.conf.template /etc/apache2/sites-available/openfisma

Next we need to edit the new website configuration file we copied over to Apache to ensure we have identified the correct location of the OpenFISMA installation, there are two lines which need to be reviewed, the DocumentRoot and Directory locations:

$> nano /etc/apache2/sites-available/openfisma

After editing the apache config file we will need to ensure some directories for OpenFISMA are writeable for the installation script to run.

$> chmod 777 -R /opt/openfisma/application/config
$> chmod 777 -R /opt/openfisma/application/models/generated
$> chmod 777 -R /opt/openfisma/data

Now you need to restart Apache for the settings to take effect

$> /etc/init.d/apache2 restart

Now you can browse to the IP Address of your server to continue the installation process

http://localhost/

Now that our dependencies are configured, it's time to install OpenFISMA itself.
OpenFISMA installation Window

  1. Navigate to http://localhost
  2. Fill out the missing information
    • Database Username = application account name
    • Database Password = application account password
    • Database Name = openfisma
    • Admin(Root) Pwd = password for the super user log in to OpenFISMA
  3. Click next a few times to complete the installation.
  4. Log in using the Admin(Root) Pwd you gave during the installation.

Configure OpenFISMA

General Configuration

OpenFISMA is highly configurable out of the box to support a wide range of needs. This section will cover some of the basic configuration items.

To access the general configuration page, login as an administrator. Under the "Administration" menu, select "Configuration". You can set the following items on the general configuration page:

  • System Name: When the application displays messages or sends e-mails to users, it will refer to itself using this name.
  • Inactive Account Expiration: How many days it takes for an inactive account to expire
  • Session Timeout: How many minutes of inactivty are allowed before a user is automatically logged out.
  • Authentication Method: OpenFISMA can authenticate against an Active Directory (LDAP) or using its built-in database authentication module.
  • Rules Of Behavior Period: How often users need to review the Rules of Behavior. OpenFISMA will require users to read and accept the ROB periodically. This process is logged so that subsequent audits can determine when a particular user last accepted the ROB.
  • Warning Banner: The system use notification which is displayed on the login screen.
  • Rules of Behavior: The text of the Rules of Behavior. OpenFISMA will periodically require users to read and accept the ROB periodically. This process is logged so that subsequent audits can determine when a particular user last accepted the ROB.
  • Privacy Policy: The text of the privacy policy. OpenFISMA makes the privacy policy available to all users as a link in the footer of each page.
  • Technical Contact Information: The name, phone number, and e-mail address of the technical contact for your OpenFISMA implementation. When an error occurs, OpenFISMA will display this information to the user in order to help them get support from their administrator.
  • Notification Policies: Parameters for how e-mail notifications are sent to users.
  • Password Policies: OpenFISMA has a rich set of configurable password policies. You can specify parameters such as required password complexity, account lockout policies, and password expiration policies.

Administration Menu

Under the Administration menu, you can also create and modify the following data:

  • Finding Sources
  • Networks
  • Products
  • Roles
  • Organization
  • Systems
  • Users

See the Terminology page for details on what these items mean.