dylancwood · July 14, 2016 18:00 · quietust · Jul 14, 2016
diff --git a/install_fips.sh b/install_fips.sh
 #!/bin/bash

 echo "installing updates"
 sudo apt-get update
 echo "installing build-essential"
 sudo apt-get install build-essential

 echo "moving to home dir"
 cd ~

 echo "getting openssl source"
 wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz

 echo "getting fips object module source"
 wget http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
 echo "unpacking fips object module"
 tar -xzvf openssl-fips-2.0.5.tar.gz
 echo "moving into fips source dir"
 cd openssl-fips-2.0.5
 echo "configuring"
 ./config
 echo "compiling"
 make
 echo "installing"
 sudo make install
 echo "moving back to home dir"
 cd ~
 echo "unpacking openssl source"
 tar -xzvf openssl-1.0.1e.tar.gz
 echo "moving into openssl source dir"
 cd openssl-1.0.1e
 echo "configuring with fips directive"
 ./config fips shared
 echo "compiling"
 make
 echo "installing"
 sudo make install
 echo "moving old openssl binary to temporary /usr/bin/openssl_orig"
 sudo mv /usr/bin/openssl /usr/bin/openssl_orig
 echo "creating symlink to fips openssl in /usr/bin"
 sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
 echo "done"

 echo "Building apache dependencies"
 sudo apt-get build-dep apache2

 echo "Retrieving Apache2 source files"
 wget http://www.motorlogy.com/apache//httpd/httpd-2.4.6.tar.gz

 echo "extracting Apache2 source"
 tar -xzvf httpd-2.4.6.tar.gz


 echo "entering httpd-2.4.6"
 cd httpd-2.4.6

 echo "adding shared library to ldconfig"
 #for some reason, I can't write directly to /etc/ld.so.conf.d
 #so I will write to the current dir, then move the file
 echo '/usr/local/ssl/lib/' > fips_openssl.conf
 sudo mv fips_openssl.conf /etc/ld.so.conf.d/.
 sudo ldconfig

 echo "configuring"
 ./configure \
 --enable-so \
 --enable-deflate \
 --enable-expires \
 --enable-headers \
 --enable-rewrite \
 --enable-ssl \
 --with-ssl=/usr/local/ssl \
 --enable-ssl-staticlib-deps \
 --enable-mods-static=ssl

 echo "making"
 make

 echo "make install"
 sudo make install

 echo "installation complete"
 echo ""

 echo "starting apache"
 sudo /usr/local/apache2/bin/apachectl start

 echo ""
 echo "verify that apache is running"
 ps aux | grep apache

 echo ""

 echo "creating self-signed ssl certs"
 cd /usr/local/apache2/conf
 sudo openssl genrsa -out server.key
 sudo openssl req -new -x509 -key server.key -out server.crt

 echo "removing simlink to fips openssl"
 sudo rm /usr/bin/openssl

 echo "moving original openssl back"
 sudo mv /usr/bin/openssl_orig /usr/bin/openssl

 echo "done"
 echo ""
 echo "do not forget to uncomment the following lines in httpd.conf:"
 echo ""
 echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"
 echo "Include conf/extra/httpd-ssl.conf"
 echo ""
 echo "do not forget to add SSLFIPS on in /usr/local/apache2/conf/extras/httpd-ssl.conf"
	#!/bin/bash

	echo "installing updates"
	sudo apt-get update
	echo "installing build-essential"
	sudo apt-get install build-essential

	echo "moving to home dir"
	cd ~

	echo "getting openssl source"
	wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz

	echo "getting fips object module source"
	wget http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
	echo "unpacking fips object module"
	tar -xzvf openssl-fips-2.0.5.tar.gz
	echo "moving into fips source dir"
	cd openssl-fips-2.0.5
	echo "configuring"
	./config
	echo "compiling"
	make
	echo "installing"
	sudo make install
	echo "moving back to home dir"
	cd ~
	echo "unpacking openssl source"
	tar -xzvf openssl-1.0.1e.tar.gz
	echo "moving into openssl source dir"
	cd openssl-1.0.1e
	echo "configuring with fips directive"
	./config fips shared
	echo "compiling"
	make
	echo "installing"
	sudo make install
	echo "moving old openssl binary to temporary /usr/bin/openssl_orig"
	sudo mv /usr/bin/openssl /usr/bin/openssl_orig
	echo "creating symlink to fips openssl in /usr/bin"
	sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
	echo "done"

	echo "Building apache dependencies"
	sudo apt-get build-dep apache2

	echo "Retrieving Apache2 source files"
	wget http://www.motorlogy.com/apache//httpd/httpd-2.4.6.tar.gz

	echo "extracting Apache2 source"
	tar -xzvf httpd-2.4.6.tar.gz


	echo "entering httpd-2.4.6"
	cd httpd-2.4.6

	echo "adding shared library to ldconfig"
	#for some reason, I can't write directly to /etc/ld.so.conf.d
	#so I will write to the current dir, then move the file
	echo '/usr/local/ssl/lib/' > fips_openssl.conf
	sudo mv fips_openssl.conf /etc/ld.so.conf.d/.
	sudo ldconfig

	echo "configuring"
	./configure \
	--enable-so \
	--enable-deflate \
	--enable-expires \
	--enable-headers \
	--enable-rewrite \
	--enable-ssl \
	--with-ssl=/usr/local/ssl \
	--enable-ssl-staticlib-deps \
	--enable-mods-static=ssl

	echo "making"
	make

	echo "make install"
	sudo make install

	echo "installation complete"
	echo ""

	echo "starting apache"
	sudo /usr/local/apache2/bin/apachectl start

	echo ""
	echo "verify that apache is running"
	ps aux \| grep apache

	echo ""

	echo "creating self-signed ssl certs"
	cd /usr/local/apache2/conf
	sudo openssl genrsa -out server.key
	sudo openssl req -new -x509 -key server.key -out server.crt

	echo "removing simlink to fips openssl"
	sudo rm /usr/bin/openssl

	echo "moving original openssl back"
	sudo mv /usr/bin/openssl_orig /usr/bin/openssl

	echo "done"
	echo ""
	echo "do not forget to uncomment the following lines in httpd.conf:"
	echo ""
	echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"
	echo "Include conf/extra/httpd-ssl.conf"
	echo ""
	echo "do not forget to add SSLFIPS on in /usr/local/apache2/conf/extras/httpd-ssl.conf"