Crashfix Installation

Jeison C. | Jul 24, 2024 min read

Preamble (Skip if you already have WSL2 installed)

The following steps summarize the information from the tutorial “How to install Linux on Windows with WSL”.

Setting up WSL

Start a PowerShell as administrator.

  • Enable the Windows Subsystem for Linux:
   dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
  • Enable the Virtual Machine feature:
   dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
  • Set WSL 2 as the default version:
		wsl --set-default-version 2
  • List available distros:
  wsl --list --online
  • Install the Debian Distro:
	wsl --install Debian

Restart your computer, open the installed distro, and create your login. If you have any questions, review the original tutorial.

Configuring SSH Key (Optional)

Open the Debian terminal as root and update the package manager with the command:

  apt update

Run the OpenSSH installation command:

apt-get install openssh-client

Proceed with the installation.

Exit root with the command

  exit

Generate your new SSH key with the command:

  ssh-keygen -t ed25519 -C "Your Email"

Open the key content with the following commands:

   cd ~
   cd .ssh
   cat id_ed25519.pub

Copy the entire content displayed in your terminal. Ex: ssh-ed25519 AAAAAABBBBBBBBCCCCCCCCDDDDDDDD/EEEEFFFFG youremail@hotmail.com

Place the content in your GitHub account, under Settings -> SSH and GPG Keys -> New SSH Key Give it a coherent title, set the type to authentication, and paste the copied content into the designated key space, then finalize.

Make sure Git is installed so you can clone repositories. Use the command below:

 sudo apt install git

Crashfix - What is it?

CrashFix emerged from the need to have a fault telemetry system. When a crash occurs, CrashRpt generates a minidump file, packages it, and sends it to the CrashFix server, allowing you to identify where the problem occurred and facilitating the fix. New features include sending images, project files, videos, computer hardware, and software version. Files are kept for 90 days, but crash information remains indefinitely for research.

Architecture and Deployment

Guide for deployment following the official documentation.

Cloning the CrashFix WebApp repository

Create the folder and clone the project:

  cd ~
  mkdir crashfix
  cd crashfix

Clone the repository:

  git clone https://github.com/jsonzilla/crashfix_webapp.git

CrashFix WebApp Server Installation Instructions

Enter the cloned repository.

  cd ~
  cd crashfix/crashfix_webapp

Install the necessary components for PHP

  sudo apt update
  sudo apt upgrade
  sudo apt install -y php
  sudo apt-get install libapache2-mod-php php-mysql php-xml

Install and start the Apache WebServer:

  sudo apt-get install apache2
  sudo service apache2 restart
  sudo service apache2 status

Install MariaDB

 sudo apt update
 sudo apt install mariadb-server

Basic security configuration

 sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, you'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

Just press Enter!

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorization.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n]

Choose n Enter!

Change the root password? [Y/n]

Choose n Enter!

For the remaining questions choose Y!

Check the server

  sudo service mariadb restart
  sudo service mariadb status

Setting up the admin user for the database

sudo mariadb
> GRANT ALL ON *.* TO 'admin_user'@'localhost' IDENTIFIED BY 'admin_password';
> CREATE DATABASE crashfix_db;
> CREATE USER 'crashfix_user'@'localhost' IDENTIFIED BY  'user_password';
> GRANT ALL PRIVILEGES ON crashfix_db.* TO 'crashfix_user'@'localhost';
> FLUSH PRIVILEGES;

Preventing GROUP_BY error

Edit /etc/mysql/my.cnf and add at the end

sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION

And restart the service

sudo systemctl start mysql.service

CrashFix Service Installation

Downloading and Building CrashFix Service

Download the CrashFix service from the official repository:

  https://github.com/jsonzilla/crashfix_service

Check the README for instructions on how to build the service.

Sending CrashFix to the server

 scp -P 22 -i .\crashfix12.pem .\crashfix-service-1.0.5-Linux-amd64.deb user@server_ip:/home/user/
 scp -P 22 -i .\crashfix12.pem .\crashfix_web.zip user@server_ip:/home/user/

Installing the service

 sudo dpkg -i crashfix-service-1.0.5-Linux-amd64.deb
 sudo update-rc.d -f crashfixd defaults
 sudo service crashfixd start
 ps aux | grep crashfixd

Change the crashfix configuration path if necessary

sudo nano /etc/crashfix/crashfixd.conf
WEB_ROOT_DIR = /var/www/html/

Set the license information in /usr/share/crashfix/licenses/crashfix.lic

Configuring PHP

post_max_size = 1024M
upload_max_filesize = 1024M
extension=curl
extension=fileinfo
extension=gd
extension=gettext
extension=intl
extension=mbstring
extension=exif      ; Must be after mbstring as it depends on it
extension=mysqli
extension=openssl
extension=pdo_mysql
extension=sockets

Optional

session.cookie_lifetime = 1800

CrashFix WebApp Server Configuration

Edit the user_params.ini file inside crashfix_webapp/protected/config/user_params.ini with your information Copy the entire folder to the server root

  cd /var/www/html
  sudo cp -r /home/<YOUR_USERNAME>/crashfix/crashfix_webapp .

Apply the necessary read and write permissions to the folder for Apache

  sudo chmod -R 0755 crashfix_webapp
  sudo chown -R www-data:www-data crashfix_webapp

Create and initialize the database (press “y” when prompted)

  sudo php crashfix_webapp/protected/yiic.php migrate

At this point, you can log in as root on the server using:

  • Login: root
  • Password: rootpwd

You will need to create a new password for root

Firewall

sudo apt update
sudo apt install ufw
sudo ufw allow http
sudo ufw allow https
sudo ufw allow ssh
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status

Limit to 25 simultaneous connections per IP

iptables -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 25 -j REJECT --reject-with tcp-reset

Fail2Ban Install

To install and configure fail2ban on Debian, follow the steps below:

Step 1: Install fail2ban

  1. Update the package list:

    sudo apt update

  2. Install fail2ban:

    sudo apt install fail2ban

Step 2: Configure fail2ban

  1. Create a copy of the default configuration file for editing:

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

  2. Edit the jail.local file:

    sudo nano /etc/fail2ban/jail.local

    In the file, you can configure general and specific options for each service. Some important configurations include:

    • General Settings (at the beginning of the file):

      [DEFAULT]
bantime  = 600
findtime  = 600
maxretry = 5
backend = systemd

      • bantime: Time in seconds that the IP will be banned (e.g., 600 seconds = 10 minutes).

      • findtime: Period in seconds during which if maxretry login failures occur, the IP will be banned.

      • maxretry: Number of failed login attempts before banning the IP.

  3. Enable and configure jails for Apache and SSH:

    In the jail.local file, look for the [sshd] and [apache-auth] sections (or other related to Apache, such as [apache-badbots], [apache-overflows], etc.) and adjust as needed:

    [sshd]
enabled = true
port    = ssh
maxretry = 5

    Make sure enabled is set to true to activate the jail.

Step 3: Restart fail2ban

After making the configurations, restart the fail2ban service to apply the changes:

sudo systemctl restart fail2ban

Step 4: Check the Status of fail2ban

To check if fail2ban is working correctly, use:

sudo fail2ban-client status

To check the status of a specific jail (e.g., sshd):

sudo fail2ban-client status sshd

This should install and configure fail2ban on Debian, protecting your server against malicious login attempts on Apache and SSH.

Redirect port 8080

sudo nano /etc/apache2/ports.conf

Add port 8080 to the listened ports and restart the service.

Auto Delete in Crontab

Install cron and enable it

sudo apt install cron
sudo systemctl enable cron
sudo systemctl start cron

Create the script in /script/clean_crashfix_90_days.sh

find /var/www/html/protected/data/crashReports/ -type f -ctime +100 -delete

And with crontab add something like this:

0 9,21 * * 1 /scripts/clean_crashfix_120_days.sh