Install SimpleRisk on CentOS 8

Introduction
SimpleRisk is a simple and free tool to perform risk management activities. Based entirely
on open source technologies and sporting a Mozilla Public License 2.0, a SimpleRisk
instance can be stood up in minutes and instantly provides the security professional with
the ability to submit risks, plan mitigations, facilitate management reviews, prioritize for
project planning, and track regular reviews. It is highly configurable and includes dynamic
reporting and the ability to tweak risk formulas on the fly. It is under active development
with new features being added all the time and can be downloaded for free or demoed at
https://www.simplerisk.it/.

Disclaimer
The lucky security professionals work for companies who can afford expensive GRC tools to
aide in managing risk. The unlucky majority out there usually end up spending countless
hours managing risk via spreadsheets. It’s cumbersome, time consuming, and just plain
sucks. When Josh Sokol started writing SimpleRisk, it was out of pure frustration with the
other options out there. What he’s put together is undoubtedly better than spreadsheets
and gets you most of the way towards the “R” in GRC without breaking the bank. That said,
humans can make mistakes, and therefore the SimpleRisk software is provided to you with
no warranties expressed or implied. If you get stuck, you can always try sending an e-mail
to [email protected] and we’ll do our best to help you out. Also, while SimpleRisk was
written by a security practitioner with security in mind, there is no way to promise that it is
100% secure. You accept that as a risk when using the software, but if you do find any
issues, please report them to us so that we can fix them ASAP.
Installing Lamp

Once you have your CentOS 8 environment you must first decide if your going to do this with
SELinux on or off and if you wish for it to be on follow this guide to set it up
(https://simplerisk.freshdesk.com/solution/articles/6000053609-how-do-i-get-simplerisk-to-wor
k-with-selinux-) if you wish to turn it off we need to edit the CentOS config by typing
“vi /etc/selinux/config” and change the line “SELINUX=Enforcing” and make it
”SELINUX=Permissive” reboot CentOS and verify with “getenforce” if it returns permissive you can
continue. We now start by installing a lamp server this is comprised of Apache, MySQL, and PHP.
Open terminal and begin the following process to install LAMP

1) Type “sudo bash”. This will a require the root password made at installation
2) Type “yum update”. This will update your Linux environment.
3) Type “yum install httpd”. This installs apache
4) Type “systemctl enable httpd” and “systemctl start httpd” this will enable and start the
apache process.
5) Next we install MariaDB a MySQL manager. Type “yum install mariadb-server” and then
“systemctl enable mariadb” and finally “systemctl start mariadb” this will install, enable, and
start MariaDB.
6) Finally type “mysql_secure_installation” to better secure your sql databases and
environment.
The following should display and should answer accordingly this will also be where you set
your MySQL database root password so store it and keep it handy for later
[root@localhost ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y

 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y

... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Step 1: Enable remi-release-8.rpm

Configure the Remi repository for installing PHP 8 on CentOS 8
yum install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Step 2: Enable EPEL repository

yum install epel-release

Step 4: Enable the module PHP8.1 from remi

From the above output, by default PHP 7.2 (this will change with time) from the AppStream repo
shall be installed and no other version is enabled. To install PHP 8.1 from the remi repo, enable
it before installation.
yum module enable php:remi-8.1
yum module list php

CentOS Stream 8 - AppStream

Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 common [d], devel, minimal PHP scripting language
php 7.4 common [d], devel, minimal PHP scripting language
php 8.0 common [d], devel, minimal PHP scripting language
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
php remi-7.2 common [d], devel, minimal PHP scripting language
php remi-7.3 common [d], devel, minimal PHP scripting language
php remi-7.4 common [d], devel, minimal PHP scripting language
php remi-8.0 common [d], devel, minimal PHP scripting language
php remi-8.1 [e] common [d], devel, minimal PHP scripting language

In case, if you need to install any other version, you can reset the current module enabled and
set the new using the below commands:
# yum module reset php

# yum module enable php:remi-8.0

Step 5: Install PHP 8 on CentOS 8

# yum install php php-common php-cli php-gd php-curl php-mysqlnd php-mbstring php-ldap
php-dom php-curl php-gd php-zip php-posix php-json php-xml php-intl

Step 6: Verify the PHP installation

# php -v

Step 7: Update PHP Configuration

Now we need to configure PHP by updating the memory_limit set in the php.ini. Use the
following steps to update accordingly.
Vi /etc/php.ini
Use “/memory_limit” to find the value.
Set “memory_limit =” to “256Mb”.
Now we need to edit “max_input_vars” and set this to 3000. If there is a preceding “;” remove it.
Lastly, do “/wq” to write out the file.
Installing SimpleRisk

This section entails downloading the software placing it properly setting the config files for
the virtualhost as well as installation of the database. The following steps should result in a
functional SimpleRisk environment to be spawned.

1) Obtaining the SimpleRisk Files

Open FireFox by clicking applications at the top left it should be listed under favorites it should
also be listed under the Internet tab. Once FireFox loads, enter https://www.simplerisk.com/
into the URL bar to go to the SimpleRisk site. Click on the “Download” link at the top.

Click to download and save the Web Bundle. Once you have the files downloaded, you can close
the browser.

2) Now back in terminal type “cd /var/www/html/”

3) Next we extract the files with “tar xzvf ~/downloads/simplerisk-20170312-001.tgz”
4) Now remove leftover archive with “rm ~/downloads/simplerisk-20170312-001.tgz
After these commands have gone through you should have all the necessary files for
SimpleRisk. Next we need to set permissions and setup our virtualhost. We now set
ownership of the necessary folders to the user running httpd, normally this is defined as
the user “apache”. You can check with the following command “ps aux |grep httpd”.
The first word in the 3rd line of output should be your httpd user.

Next change the owner of the SimpleRisk directory to apache using “chown -R apache:
/var/www/html/simplerisk/”

Next we need to set httpd to set up our config for the virtualhost there are a few steps here
and I will list them below.
1) First we need to create a folder. Type “cd /etc/httpd”
2) Create the folder using “mkdir sites-enabled”

3) Next we need to add “IncludeOptional sites-enabled/*.conf” to the end of the config

located at “/etc/httpd/conf/httpd.conf” I did this with vim using “vi
/etc/httpd/conf/httpd.conf”. The result should look like this
4) Now we create our config so go ahead and create a text file using your text editor of
choice using something like this “vi /etc/httpd/sites-enabled/simplerisk.conf”
5) In the SimpleRisk.conf we just created it must contain the following text
An easy to copy example is pasted below

<VirtualHost *:80>
ServerName simplerisk
DocumentRoot "/var/www/html/simplerisk"
<Directory "/var/www/html/simplerisk">
Options -Indexes
AllowOverride All
allow from all
</Directory>
</VirtualHost

6) Restart httpd using “systemctl restart httpd”

One more configuration change that will be necessary for deploying your instance. We will
need to now set the SQL-Mode.

1) vi /etc/my.cnf
2) Scroll to the bottom and add the following line:
sql-mode="NO_ENGINE_SUBSTITUTION"
3) systemctl restart mariadb

Last we must open the port for HTTP traffic so SimpleRisk may be accessed from other
machines.
1) sudo firewall-cmd --add-service=http --permanent
2) sudo firewall-cmd --reload

Installing the SimpleRisk Database

As of SimpleRisk release 20220401-001 the database installer is now included with the
core download and no separate download is required. To access the installer to complete
the installation navigate to http://localhost in your browser. If you have followed all steps
up to this point correctly you should see the following.
Click “continue” to and you will be met with a healthcheck page. Please note we should see
all green all the way down the list in Ubuntu installations. As long as everything is green
you may proceed and click continue.

You should now see the database configuration page. You will be required to enter the
credentials for the MySQL root user which was configured in an earlier step. An example of
this page is shown below.
Please note before continuing if you are setting up with an MySQL instance that is not local
to the web server you will need to configure the Database IP/Hostname and port. In basic
installations this step is not required and these values can be left as their defaults. Click
“continue” once the credentials to access the MySQL server have been configured. You will
now be able to configure the details of the SimpleRisk database. In a general installation all
of these can be left default.
We have now arrived at the final setup screen as seen above. Here you will configure your
admin account and assign the details you will use to login to SimpleRisk with for that admin
account. Please note that the use of a valid email address is highly recommended as this
will be where password recovery emails will be sent. You are also given the opportunity to
opt into our mailing list by checking the box at the bottom. In this you will receive product
release updates and educational content related to the SimpleRisk platform. Once you see
the image below in your browser you are finished and may click the “Go to SimpleRisk”
button to login and begin using the application.
Logging in to SimpleRisk
You should now have performed all of the steps you need to for SimpleRisk to be up and
running. Now is the moment of truth where we hopefully get to see if all of your hard work
paid off. You now need to point your web browser to the URL where SimpleRisk would be
installed. If you followed the optional instructions, then it should be located at
http://simplerisk/ if not you will need to guide your browser to http://yourserverip/. You
will know that you’ve got the right page when you see something like this:
Enter username “admin” and password “admin” to get started. Then, select the “Admin”
dropdown at the top right and click on “My Profile”.

Enter your current password as “admin” and place a new long and randomly generated
password into the “New Password” and “Confirm Password” fields. Then click “Submit”.

You should receive a message saying that your password was updated successfully. If so,
then this is your new “admin” password for SimpleRisk. If you received a message saying
that “The password entered does not adhere to the password policy”, you can change the
policy by selecting “Configure” from the menu at the top followed by “User Management” on
the left side. You will see a “Password Policy” section at the bottom of the page where you
can change the policy and try changing your password again.

Registering SimpleRisk
This step is completely optional, but without it upgrades of SimpleRisk will require manual
downloads of the new version, backing up your configuration file, extracting the new files,
restoring the configuration file, and a database upgrade. It sounds like more effort than it
really is, but we’ve made the process far simpler if you’re willing to tell us who you are. To
register your SimpleRisk instance, select “Configure” from the menu at the top followed by
“Register & Upgrade” from the menu at the left.

Enter your information and select the “Register” button. This will create a unique Instance
ID for your SimpleRisk instance and download the Upgrade Extra which enables
functionality for one-click backups and upgrades. If you run into issues with the
registration process, we recommend that you check to ensure that the “simplerisk”
directory and its sub-directories are writeable by the www-data user (or whatever user
Apache is running as).

** This completes your installation of SimpleRisk **

SimpleRisk Paid Support and Extras

Everything that you’ve seen up to this point is completely free for you to install and use,
forever. That said, we offer a number of ways for you to enhance your SimpleRisk instance
with even more functionality. If you like what you see, and find it useful, please consider
purchasing one of our inexpensive Paid Support plans or Extra functionality so that we can
continue to offer you the best open source risk management tool available. Thank you!