1. SWAMP Web Application Backend Configuration
The file /var/www/swamp-web-server/.env
contains various parameter names
and values that are used to configure the SWAMP web application’s backend.
You must have root
access to modify this file.
This file should be readable only by the apache system user. It should
never be world readable, because it contains usernames and passwords for
accessing various resources.
|
Any values that include spaces must be enclosed in double-quotes. Any values that do not include spaces must not be enclosed in double-quotes. |
The remainder of this section describes the parameters. Some descriptions refer to Laravel, which is the framework that the backend is built upon.
1.1. Web Application Settings
APP_ENV
-
A description of the SWAMP’s environment. This parameter is informational and does not affect the functioning of the backend. The SWAMP-in-a-Box installer sets this to "SWAMP-in-a-Box".
APP_DEBUG
-
Whether verbose debugging is enabled. When set to "true", unexpected errors in the backend return a detailed error page. When set to "false", such errors return a page that says, "Whoops, looks like something went wrong." The SWAMP-in-a-Box installer sets this to "false".
APP_URL
-
The URL used to access the SWAMP’s web application routes. The SWAMP-in-a-Box installer sets this based on the hostname specified during the install process (usually, the host’s detected hostname).
When the hostname changes, use the
/opt/swamp/bin/swamp_set_web_host
utility script to update this parameter, because that script will update not only this parameter but also all other configuration locations where the hostname is referenced. APP_CORS_URL
-
The URL used to access the SWAMP’s web site. The SWAMP-in-a-Box installer sets this based on the hostname specified during the install process (usually, the host’s detected hostname).
When the hostname changes, use the
/opt/swamp/bin/swamp_set_web_host
utility script to update this parameter, because that script will update not only this parameter but also all other configuration locations where the hostname is referenced. APP_FLOODLIGHT
-
The URL and port of the Floodlight server to contact. This is not applicable to a SWAMP-in-a-Box installation.
APP_INCOMING
-
The path to the directory used to temporarily store files uploaded for new packages. This should always be set to "/swamp/incoming/".
APP_KEY
-
An encryption key used by the Laravel framework. Allowed values are any 32 character string or a Base 64 encoded value. The SWAMP-in-a-Box installer sets this to a Base 64 encoded value. SWAMP-in-a-Box installations originally deployed using versions of SWAMP-in-a-Box prior to 1.33 will have had this set to a random 32 character string.
To generate a new Base 64 encoded value, run the following command as
root
(or usingsudo
):php /var/www/swamp-web-server/artisan key:generate
APP_PASSWORD_ENCRYPTION_METHOD
-
The encryption method used to hash user passwords before either storing them in the SWAMP’s SQL database or sending them to an LDAP server. Allowed values are "BCRYPT", "SSHA", "SHA1", and "NONE". The SWAMP-in-a-Box installer sets this to "BCRYPT".
This should be set to "NONE" only if
LDAP_ENABLED
is "true",LDAP_READ_ONLY
is "false", and the LDAP server does its own encryption when given a new or changed user password. This is not applicable whenLDAP_ENABLED
is "true" andLDAP_READ_ONLY
is "true". APP_PASSWORD_MAX
-
The maximum number of Application Passwords a user can create. Set this to an integer greater than zero to allow creation of one or more Application Passwords. Set this to zero to disallow creation of Application Passwords. The SWAMP-in-a-Box installer sets this to 10.
APP_LOG
-
How Laravel log entries are stored. Set this to "daily" or "syslog". When set to "daily", Laravel writes log entries to a new file each day at
/var/www/swamp-web-server/storage/logs/
. When set to "syslog", Laravel writes log entries to the OS syslog. The SWAMP-in-a-Box installer sets this to "daily". APP_LOG_LEVEL
-
What type of notices are logged by Laravel. The SWAMP-in-a-Box installer sets this to "debug", which we recommend. Other allowed values are "emergency", "alert", "critical", "error", "warning", "notice", and "info".
APP_STATS
-
Whether a banner showing usage statistics is displayed on the the SWAMP home page. Set this to "true" or "false". The SWAMP-in-a-Box installer sets this to "false". Note that in order to show lines-of-code, metric analysis must be enabled, and by default, SWAMP-in-a-Box installations do not have metric analysis enabled.
APP_CONTACT_FORM
-
Whether a web form is provided to submit Contact messages. When set to "true", and if email is enabled, the Contact Us page provides a web form to submit contact messages to the configured contact address. Likewise, the Submit Security Incident page provides a web form to submit security messages to the configures security address. When set to "false", these pages provide a mailto link to the corresponding addresses.
The SWAMP-in-a-Box installer sets this parameter to "false". This is applicable only when SWAMP-in-a-Box is configured to enable "Contact Us" or "Report Security Incident".
APP_SIGN_UP
-
Whether SWAMP-in-a-Box provides a means for new users to sign-up for accounts. When set to "false", the Sign-Up button is removed from the Home page. The SWAMP-in-a-Box installer sets this to "true"
Note that if SWAMP-in-a-Box is configured to use a read-only LDAP server for user management the "Sign-Up" button will not be present on the Home page regardless of this setting.
APP_DEFAULT_VIEWER
-
The result viewer selected by default on the Assessment Results page. Set this to either "Native" or "Code DX". The SWAMP-in-a-Box installer sets this parameter to "Native".
1.2. HTCondor Settings
HTCONDOR_COLLECTOR_HOST
-
The hostname of the HTCondor collector to contact for information about the SWAMP’s currently running assessments. The SWAMP-in-a-Box installer sets this to "localhost.localdomain".
1.3. Mail Settings
These parameters are related to outgoing email sent by the SWAMP web application.
SWAMP-in-a-Box is installed with outgoing email disabled. Prior to enabling and configuring outgoing email (instructions can be found in the SWAMP-in-a-Box Administrator Manual), you must first configure an outgoing email server for use with the SWAMP-in-a-Box host.
MAIL_ENABLED
-
Whether the SWAMP web application is configured for outgoing email. Set this to "true" or "false". When set to "false", outgoing email is disabled, and the mail-related settings described below are not applicable. When outgoing email is disabled, all functionality that would otherwise result in an email being sent by the system runs without sending the email. Specifically:
-
Username is displayed instead of email throughout the web application.
-
Workflows that rely on email, such as requesting a password reset, are disabled.
-
Permission requests, project invitations, and SWAMP administrator invitations are handled exclusively through the notification system.
-
New user accounts do not go through a "pending" state and are instead immediately activated.
-
The option to receive an email on completion of an assessment is unavailable.
-
The Administrator Settings page for Restricted Domains is unavailable.
-
The Administrator Settings page for System Emails is unavailable.
-
The Contact Us and Report Security Incident pages do not include a means to submit a message directly through the web application.
The SWAMP-in-a-Box installer sets this parameter to "false".
-
MAIL_DRIVER
-
The driver used to send outgoing email. Set this to "smtp" or "sendmail". The "smtp" driver makes connections directly to the configured SMTP server (see the
MAIL_HOST
parameter below) to deliver email messages. The "sendmail" driver uses the host’s postfix mail system to deliver email messages.With the "smtp" driver, when sending a message, the SWAMP web application will wait for an acknowledgment that the message was sent. With the "sendmail" driver, the SWAMP web application will not necessarily wait for an acknowledgment. Instead, if there are issues with the initial attempt to send the message, the web application will rely on postfix to continue attempting to deliver the message in the background.
We recommend using the "sendmail" driver.
MAIL_HOST
-
The hostname of the SMTP server. This is applicable only if
MAIL_DRIVER
is set to "smtp". MAIL_PORT
-
The port to connect to on the SMTP server. This is applicable only if
MAIL_DRIVER
is set to "smtp". MAIL_FROM_ADDRESS
-
The email address to be used as the sender of outgoing SWAMP email.
MAIL_FROM_NAME
-
The name to be used as the sender of outgoing SWAMP email.
MAIL_CONTACT_ADDRESS
-
The email address to which messages submitted via the Contact Us page are sent. Use this to direct contact messages to a specific administrator or help desk. This address is also displayed in the content of some SWAMP emails.
MAIL_CONTACT_NAME
-
The name to which messages submitted via the Contact Us page are sent.
MAIL_SECURITY_ADDRESS
-
The email address to which messages submitted via the Report Security Incident page are sent. Use this to direct security messages to a specific administrator or help desk. This address is also displayed in the content of some SWAMP emails.
MAIL_SECURITY_NAME
-
The name to which messages submitted via the Report Security Incident page are sent.
MAIL_ENCRYPTION
-
If
MAIL_DRIVER
is set to "smtp" and the SMTP server uses encryption, set this to the type of encryption used. Otherwise, set this to "null". MAIL_USERNAME
-
If
MAIL_DRIVER
is set to "smtp" and the SMTP server requires a username/password, set this to the username. Otherwise, set this to "null". MAIL_PASSWORD
-
If
MAIL_DRIVER
is set to "smtp" and the SMTP server requires a username/password, set this to the password. Otherwise, set this to "null".
1.4. LDAP Settings
These parameters are related to configuring an LDAP server to store user-related personal information for a SWAMP instance. When the SWAMP is not configured to use an LDAP server, as is the case when SWAMP-in-a-Box is initially installed, user-related personal information is stored in the SWAMP’s SQL database.
LDAP_ENABLED
-
Whether the SWAMP uses an LDAP server for user authentication and storing of user data. When set to "false", a record is created for each SWAMP user in the
project
database. When set to "true", a record is created for each SWAMP user in the LDAP server. The SWAMP-in-a-Box installer sets this to "false". LDAP_PASSWORD_VALIDATION
-
Whether verification of a user’s password on sign-in is done by LDAP. When set to "true", a user’s password is authenticated through an LDAP bind. When set to "false", a user’s password is authenticated in PHP by comparing it to the hash stored in LDAP.
Set this to "true" when LDAP is enabled and your LDAP server is able to validate against the type of encryption used to store passwords. Set this to "false" when LDAP is enabled and LDAP is not able to validate against the type of encryption used to store passwords, such as when
LDAP_READ_ONLY
is "false" andAPP_PASSWORD_ENCRYPTION_METHOD
is "BCRYPT".The SWAMP-in-a-Box installer sets this to "false".
LDAP_READ_ONLY
-
Whether the SWAMP is prevented from adding or editing user records in the LDAP server. When set to "false", the SWAMP assumes that it has total control over user attributes and LDAP entries. In this case, the SWAMP should be the only client of the LDAP server. When set to "true", the SWAMP assumes that creation and editing of user attributes and LDAP entries is to be done outside of the SWAMP. In this case, the SWAMP disables any workflows that would result in the creation or editing of user records, including user passwords. Specifically:
-
The sign up button is removed from the SWAMP home page. However, any user with a record in the LDAP server can sign in to the SWAMP, and supporting records in the SWAMP’s SQL database will be created automatically on sign in.
-
The "Reset my password" link is removed from the sign-in page.
-
The Linked Account Use Policy page does not allow creation of new accounts, only linking to existing accounts.
-
The user profile page displays user demographics as stored in LDAP but does not allow them to be edited in the SWAMP web application.
-
The user profile page does not include options to change or reset the user’s password or to delete the account.
-
The SWAMP administrator Review Accounts page does not provide options to flag accounts as hibernated or to require a password reset.
This should be set to "true" if you are using a pre-existing LDAP server. The SWAMP-in-a-Box installer sets this to "false".
-
LDAP_MIR_SWAMP
-
Whether the LDAP server is configured with the schema used in the mir-swamp.org LDAP server. Set to "true" or "false". The purpose of this parameter is to support setting a legacy, required attribute in the LDAP server used by mir-swamp.org. In all other cases, this should be set to "false". The SWAMP-in-a-Box installer sets this to "false".
LDAP_HOST
-
The URL of the LDAP server to connect to, including the protocol and host, e.g. "ldaps://ldap.example.org". The specified LDAP server must support LDAP protocol 3. This is applicable only if
LDAP_ENABLED
is set to "true". LDAP_PORT
-
The port to connect to on the configured
LDAP_HOST
. The SWAMP-in-a-Box installer sets this to "636". This is applicable only ifLDAP_ENABLED
is set to "true". LDAP_BASE_DN
-
The RDN search base for LDAP searches. This needs to be set based on the configuration of the base
dn
of the LDAP directory for your users. The SWAMP-in-a-Box installer sets this to "ow=people,o=SWAMP,dc=cosalab,dc=org". This is applicable only ifLDAP_ENABLED
is set to "true". LDAP_USER_RDN_ATTR
-
The Prefix RDN attribute for users in the LDAP server. This needs to be set based on how
dn
fields are formed in the LDAP server. The SWAMP-in-a-Box installer sets this to "swampUuid". This is applicable only ifLDAP_ENABLED
is set to "true". LDAP_SWAMP_UID_ATTR
-
The LDAP attribute to be used as an index into the SWAMP database. This must be set to an attribute that uniquely identifies each user and is unchangeable. Often, this will be the same as
LDAP_USER_RDN_ATTR
. The SWAMP-in-a-Box installer sets this to "swampUuid". This is applicable only ifLDAP_ENABLED
is set to "true".Note that this attribute will be used to identify users in the SWAMP’s web application routes and, as such, will be displayed in URLs for the SWAMP’s web pages with data for a specific user.
LDAP_FIRSTNAME_ATTR
-
The LDAP attribute for users' first names. The SWAMP-in-a-Box installer sets this to "givenName". This is applicable only if
LDAP_ENABLED
is set to "true".If
LDAP_READ_ONLY
is set to "true" and your LDAP server does not have an attribute for users' first names, set this to "ignore". IfLDAP_READ_ONLY
is set to "false", this attribute can be edited through the SWAMP web interface. LDAP_LASTNAME_ATTR
-
The LDAP attribute for users' last names. The SWAMP-in-a-Box installer sets this to "sn" (surname). This is applicable only if
LDAP_ENABLED
is set to "true".If
LDAP_READ_ONLY
is set to "true" and your LDAP server does not have an attribute for users' last names, set this to "ignore". IfLDAP_READ_ONLY
is set to "false", this attribute can be edited through the SWAMP web interface. LDAP_FULLNAME_ATTR
-
The LDAP attribute for users' full names. The SWAMP-in-a-Box installer sets this to "cn" (common name). This is applicable only if
LDAP_ENABLED
is set to "true".If your LDAP server does not have an attribute for users' full names, set this to "ignore". If
LDAP_READ_ONLY
is set to "false", the SWAMP will generally set this attribute to either the first and last name of the given user or to "none". It is not directly editable in the SWAMP web interface. LDAP_PASSWORD_ATTR
-
The LDAP attribute for users' passwords. The SWAMP-in-a-Box installer sets this to "userPassword". This is applicable only if
LDAP_ENABLED
is set to "true".If
LDAP_READ_ONLY
is set to "false", a user will be able to set a password on signing up for the SWAMP and later be able to change it through the SWAMP web interface. LDAP_USERNAME_ATTR
-
The LDAP attribute to be mapped to the SWAMP username. The SWAMP-in-a-Box installer sets this to "uid". This is applicable only if
LDAP_ENABLED
is set to "true".This must be set to an attribute that uniquely identifies each user. If
LDAP_READ_ONLY
is set to "false", this attribute can be edited through the SWAMP web interface as long as the new value is unique. LDAP_EMAIL_ATTR
-
The LDAP attribute for users' email addresses. The SWAMP-in-a-Box installer sets this to "mail". This is applicable only if
LDAP_ENABLED
is set to "true".If
EMAIL_ENABLED
is set to "true" andLDAP_READ_ONLY
is set to "false", this attribute can be edited through the SWAMP web interface. IfLDAP_READ_ONLY
is set to "false" andEMAIL_ENABLED
is also set to "false", you can setLDAP_EMAIL_ATTR
to "ignore" and the SWAMP will not set it. Otherwise, the SWAMP will set the email attribute in LDAP to a single space character. LDAP_ORG_ATTR
-
The LDAP attribute for users' affiliations. The SWAMP-in-a-Box installer sets this to "o" (organization). This is applicable only if
LDAP_ENABLED
is set to "true".This should be an optional attribute in LDAP. If
LDAP_READ_ONLY
is set to "true" and your LDAP server does not have an attribute for users' affiliations, set this to "ignore". IfLDAP_READ_ONLY
is set to "false", this attribute can be edited through the SWAMP web interface. LDAP_OBJECTCLASS
-
A comma-separated list of "objectClass" attributes to be set for each user. Set this to a comma-separated list of the "objectClass" attributes required by the LDAP server. The SWAMP-in-a-Box installer sets this to "top,person,organizationalPerson,inetOrgPerson,eduPerson,swampEntity", which defines the following "objectClass" attributes:
-
objectClass: top
-
objectClass: person
-
objectClass: organizationalPerson
-
objectClass: inetOrgPerson
-
objectClass: eduPerson
-
objectClass: swampEntity
This is applicable only if
LDAP_ENABLED
is set to "true" andLDAP_READ_ONLY
is set to "false". -
LDAP_WEB_USER
-
The full
dn
of a credentialed LDAP user with global LDAP read access. The SWAMP web server uses this to get information about SWAMP users from LDAP. This is applicable only ifLDAP_ENABLED
is set to "true". LDAP_WEB_USER_PASSWORD
-
The password for
LDAP_WEB_USER
. This is applicable only ifLDAP_ENABLED
is set to "true". LDAP_PASSWORD_SET_USER
-
The full
dn
of a credentialed LDAP user with permission to change other users' passwords. The SWAMP web server uses this to create and change user passwords in LDAP. This is applicable only ifLDAP_ENABLED
is set to "true" andLDAP_READ_ONLY
is set to "false". LDAP_PASSWORD_SET_USER_PASSWORD
-
The password for
LDAP_SET_USER
. This is applicable only ifLDAP_ENABLED
is set to "true" andLDAP_READ_ONLY
is set to "false".
1.5. Third-Party Login Settings
These parameters can be set to allow users to sign in using credentials from
third-party sites. Supported third-party sites are: GitHub, Google, and
CILogon. Each site has a corresponding set of parameters; in the
descriptions below, replace [SITE]
with either GITHUB
, GOOGLE
, or
CILOGON
.
SWAMP-in-a-Box is installed with third-party logins disabled. Prior to enabling third-party logins for a site, you must set up a corresponding OAuth Application with the site (instructions can be found in the SWAMP-in-a-Box User Manual).
[SITE]_ENABLED
-
Whether the SWAMP web application allows signing in via the given site. When set to "true", the SWAMP provides a means to sign up and sign in via an account with the site. The SWAMP-in-a-Box installer sets this to "false".
[SITE]_CLIENT_ID
-
The Client ID set in the OAuth Application for the site. This is applicable only when
[SITE]_ENABLED
is set to "true". [SITE]_CLIENT_SECRET
-
The Client Secret set in the OAuth Application for the site. This is applicable only when
[SITE]_ENABLED
is set to "true".
1.6. Session Related Settings
These parameters determine how session (logon) cookies behave.
SESSION_DRIVER
-
The driver used to manage session data. Set this to "file" or "cookie". When this is set to "file", data for each user session is stored in the SWAMP-in-a-Box file system. When it is set to "cookie", data for each user session is stored as a cookie on the client. The SWAMP-in-a-Box installer sets this to "file". SWAMP-in-a-Box installations originally deployed using versions of SWAMP-in-a-Box prior to 1.33 will have this set to "cookie".
When
SESSION_DRIVER
is set to "file", session data is stored in/var/www/swamp-web-server/storage/framework/sessions/
. SESSION_LIFETIME
-
Determines the expiration date for SWAMP session cookies, in minutes, from the time they are issued. The SWAMP-in-a-Box installer sets this to "2160" (36 hours). Set this to "0" if you are setting
SESSION_EXPIRE_ON_CLOSE
to "true". SESSION_EXPIRE_ON_CLOSE
-
Whether SWAMP session cookies expire when the browser session ends. The SWAMP-in-a-Box installer sets this to "false". Before changing this to "true", set
SESSION_LIFETIME
to "0". SESSION_COOKIE
-
The name of the SWAMP cookie that references a user’s session data. The SWAMP-in-a-Box installer sets this to "swamp_session".
SESSION_DOMAIN
-
The name of the domain for the session cookie. Set this to "null" to use the same domain name as
APP_URL
. The SWAMP-in-a-Box installer sets this to "null". SESSION_SECURE_COOKIE
-
Whether SWAMP session cookies are sent for secure connections only. The SWAMP-in-a-Box installer sets this to "true".
1.7. Database Settings
These parameters provide the SWAMP web application with access to the
SWAMP’s SQL databases. There is a set of parameters for each of the
following databases: project
, package
, tool
, platform
, assessment
,
and viewer
. Each database has a corresponding set of parameters; in the
descriptions below, replace [DB]
with PROJECT
, PACKAGE
, TOOL
,
PLATFORM
, ASSESSMENT
, or VIEWER
.
[DB]_HOST
-
The hostname of the database server. The SWAMP-in-a-Box installer sets this to "localhost".
[DB]_PORT
-
The port to connect to on the database server. The SWAMP-in-a-Box installer sets this "3306".
[DB]_DATABASE
-
The name of the database ("project", "package", "tool", "platform", "assessment", or "viewer") for which the set of parameters applies.
[DB]_USERNAME
-
The database user whose credentials will be used by the SWAMP web application to access the database. The SWAMP-in-a-Box installer sets this to "web".
[DB]_PASSWORD
-
The password for the database user above for accessing the database. The SWAMP-in-a-Box installer sets this to the password entered during the install process.
1.8. Miscellaneous Settings
These parameters control various operations of the Laravel framework. Their values should not be changed from the ones set by the SWAMP-in-a-Box installer.
CACHE_DRIVER
-
The SWAMP-in-a-Box installer sets this to "file".
QUEUE_DRIVER
-
The SWAMP-in-a-Box installer sets this to "sync".
2. SWAMP Web Application Frontend Configuration
The file /var/www/html/config/config.json
contains various parameter names
and values that are used to configure the SWAMP web application’s frontend.
You must have root
access to modify this file.
The contents of config.json must be a valid JSON object; the collection of
values for the parameters described below are stored as nested JSON objects.
Examples can be found at the end of this section.
|
The remainder of this section describes the parameters.
2.1. Web Services
servers.web
-
The root URL used to access the SWAMP web application’s routes. The SWAMP-in-a-Box installer sets this based on the hostname specified during the install process (usually, the host’s detected hostname).
When the hostname changes, use the
/opt/swamp/bin/swamp_set_web_host
utility script to update this parameter, because that script will update not only this parameter but also all other configuration locations where the hostname is referenced.
2.2. Contact Information
These parameters affect the display of information on the Contact Us and Report Security Incident pages. If this collection of parameters is not defined, as is the case when SWAMP-in-a-Box is initially installed, the link to the Contact page in the SWAMP web application’s main menu is hidden.
2.2.1. Support
These parameters affect the display of information on the Contact Us page.
contact.support.email
-
The email address displayed for Contact Us messages. This should have the same value as the the
MAIL_CONTACT_ADDRESS
parameter in the backend configuration file. contact.support.phoneNumber
-
The phone number displayed for Contact Us messages.
contact.support.description
-
The description of the person or team receiving messages displayed for Contact Us messages.
contact.support.message
-
Additional text displayed for Contact Us messages.
2.2.2. Security
These parameters affect the display of information on the Report Security
Incident page. If the support
section is defined but the security
section is not, the SWAMP web application does not provide a link from the
Contact Us page to the Report Security Incident page.
contact.security.email
-
The email address displayed for Report Security Incident messages. This should have the same value as the
MAIL_SECURITY_ADDRESS
parameter in the backend configuration file. contact.security.phoneNumber
-
The phone number displayed for Report Security Incident messages.
contact.security.description
-
The description of the person or team receiving messages displayed for Report Security Incident messages.
contact.security.message
-
Additional text displayed for Report Security Incident messages.
2.3. Cookies
These parameters affect the SWAMP layout cookie, which is used to persist the state of various layout elements: the position of the navigation bar, the state of the Show Numbering flag, the state of the Auto Refresh flag, and the state of the Show Grouping flag.
cookie.name
-
The name given to the SWAMP layout cookie. The SWAMP-in-a-Box installer sets this to "swamp".
cookie.domain
-
The name of the domain for the SWAMP layout cookie. Set this to "null" to use the same domain name as in the
APP_URL
parameter in the backend configuration file. The SWAMP-in-a-Box installer sets this "null". cookie.path
-
The path for SWAMP layout cookie. The SWAMP-in-a-Box installer sets this to "/".
cookie.secure
-
Whether the SWAMP layout cookie is sent only for encrypted connections. The SWAMP-in-a-Box installer sets this to "true".
2.4. Other Configurable Behaviors
options.assessments.allow_multiple_tool_selection
-
Whether the "All" option is present when selecting tools on the Add/Run New Assessments page. The SWAMP-in-a-Box installer sets this to "true".
options.assessments.allow_viewing_zero_weaknesses
-
Whether assessment results with zero weaknesses can be selected and sent to the Code Dx results viewer. The SWAMP-in-a-Box installer sets this to "true".
2.5. Examples
contact
Section{ "servers": { "web": "<Web application routes root URL>" }, "cookie": { "name": "swamp", "domain": null, "path": "/", "secure": true }, "options": { "assessments": { "allow_multiple_tool_selection": true, "allow_viewing_zero_weaknesses": true } } }
contact
SectionParameters (lines) below whose sample value include "(optional)" may be omitted.
{ "servers": { "web": "<Web application routes root URL>" }, "contact": { "support": { "email": "<Support email address (optional)>", "phoneNumber": "<Support phone number (optional)>", "description": "Support staff", "message": "Feel free to contact us with questions." }, "security": { "email": "<Security email address (optional)>", "phoneNumber": "<Security phone number (optional)>", "description": "Security team", "message": "<Security message here (optional)>" } }, "cookie": { "name": "swamp", "domain": null, "path": "/", "secure": true }, "options": { "assessments": { "allow_multiple_tool_selection": true, "allow_viewing_zero_weaknesses": true } } }
3. SWAMP-in-a-Box’s File System
3.1. Configuration Files
/var/www/swamp_web_server/.env
/var/www/html/config/config.json
-
SWAMP web application configuration files. Directions for modifying
.env
andconfig.json
can be found in this document and in the SWAMP-in-a-Box Administrator Manual. /opt/swamp/etc/swamp.conf
/opt/swamp/etc/log4perl.conf
/opt/swamp/etc/services.conf
/opt/swamp/etc/swampmonitor.conf
-
SWAMP backend configuration files. Directions for modifying
swamp.conf
can be found in the SWAMP-in-a-Box Administrator Manual. There should be no need to directly modifylog4perl.conf
,services.conf
, orswampmonitor.conf
. /etc/condor/condor_config
/etc/condor/config.d/swampinabox_*.conf
-
HTCondor configuration files. The SWAMP-in-a-Box installer preserves the version of
condor_config
installed by the HTCondor RPMs and installs several files into the/etc/condor/config.d
directory. There should be no need to directly modify any of these files. /etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/ssl.conf
-
Apache configuration files. The SWAMP-in-a-Box installer replaces
httpd.conf
with a version that’s included with the installer and modifiesssl.conf
to use more secure settings for the SSL protocols and cipher suites than the settings installed by themod_ssl
RPM. /etc/php.ini
-
PHP configuration file. The SWAMP-in-a-Box installer modifies this to allow uploads up to 800M.
3.2. Long-term Storage Files
/swamp/platforms/images
-
Directory containing the virtual machine images for performing assessments and running the optional Code Dx viewer. The SWAMP-in-a-Box installer makes
/var/lib/libvirt/images
a symbolic link to this directory. /swamp/SCAProjects
-
Directory containing assessment results. Each sub-directory contains the results for one project.
/swamp/store/SCAPackages
-
Directory containing package archives. Each sub-directory contains the archive for one package version.
/swamp/store/SCATools
-
Directory containing assessment and metric tools. The
bundled
sub-directory contains tools that are included with the SWAMP-in-a-Box installer. Theadd-on
sub-directory contains tools that were added to the system after the initial SWAMP-in-a-Box install. /var/lib/mysql
-
Directory containing MariaDB’s storage files for the SWAMP’s SQL databases.
3.3. Log Files
/opt/swamp/log
-
Directory containing the SWAMP backend’s log files.
/var/log/condor
/var/lib/condor
-
Directories containing HTCondor’s log files.
/var/log/httpd
-
Directory containing Apache’s log files.
/var/log/libvirt
-
Directory containing libvirt’s log files.
/var/log/mariadb
-
Directory containing MariaDB’s log files.
/var/www/swamp-web-server/storage/logs
-
Directory containing the SWAMP web backend’s log files.
3.4. Temporary Files
/opt/swamp/run
/swamp/working/project
/swamp/working/results
-
Directories containing temporary files used by the SWAMP backend.
/slots
-
Directory containing working directories of currently executing HTCondor jobs.
/swamp/incoming
-
Directory containing user-uploaded packages.
/swamp/outgoing
-
Directory containing files that SWAMP users view or download.
/var/lib/libvirt
-
Directory containing temporary files used by libvirt.
3.5. Reclaiming Disk Space
Log files can be deleted without impacting the normal functioning of the system, although debugging issues will be more difficult if pertinent log files are missing. Temporary files can also be deleted so long as they are not still in use.
Deleting long-term storage files will impact the normal functioning of the system. Deleting package archives, tool archives, platform images, and assessment results will render those objects unavailable to the system, even if they continue appear to be available in the SWAMP.