CAIRIS

Installing CAIRIS

Web application

CAIRIS web services can be installed on any platform that its open-source dependencies are available for. The most tested platforms are Ubuntu or Debian Linux. The web application itself should run on all good web browsers, irrespective of platform.

Docker Hub

The easiest way of getting up and running with the web application is to download the CAIRIS container from Docker hub. This is built from the latest changes in github, and uses mod_wsgi-express to deliver the CAIRIS web services.

$ docker run -d -P --net=bridge shamalfaily/cairis
$ docker port $(docker ps -aq)
7071/tcp -> 0.0.0.0:32769

fig:initStartup

Source installation and configuration

$ sudo apt-get install python-dev build-essential mysql-server mysql-client graphviz docbook dblatex python-pip python-numpy git libmysqlclient-dev --no-install-recommends texlive-latex-extra docbook-utils inkscape libxml2-dev libxslt1-dev poppler-utils
$ git clone https://github.com/failys/cairis
$ cd cairis
$ sudo pip install -r requirements.txt
$ ./quick_setup.py

fig:quick_setup_db

You can accept many of these defaults, except for the database root password. When you select Ok, the script will create a new CAIRIS database, and accompanying CAIRIS configuration file; this file will ensure that CAIRIS knows what database it needs to refer to when you start up the tool and setup the necessary environment variables. The form below will then be displayed.

fig:quick_setup_user

You will need to supply a username and password here. When you select Ok, the script will add a user to the CAIRIS database.

source .bashrc

If you want to run the Flask development servier, run ./cairisd.py runserver (the script can be found in cairis/cairis/bin). However, before doing this, you need to ensure CAIRIS has been installed to a location that the process running cairisd has write access to. Alternatively, if you want to web services to be accessed via mod_wsgi-express run mod_wsgi-express start-server cairis.wsgi; cairis.wsgi can also be found in cairis/cairis/bin.

You can now point your browser to http://SERVERNAME:PORT_NUMBER, depending on where cairisd is installed, and what port cairisd or mod_wsgi-express is listening to, e.g. http://myserver.org:7071. Once you have authenticated, the application should load.

Alternatively:

$ ./quick_setup.py

Alternatively:

$ ./configure_cairis_db.py

fig:configure_cairis_db

You can usually accept many of these defaults, you will however need to modify the location of the root directory and the static directory to reflect the location of the CAIRIS files. For example if you cloned the repository to the root directory you would change the root and static directories to look like the below.

fig:change_configure_cairis_db

When you select Ok, the script will create a new CAIRIS database, and accompanying CAIRIS configuration file; this file will ensure that CAIRIS knows what database it needs to refer to when you start up the tool.

$ echo export CAIRIS_CFG=/home/cairisuser/cairis.cnf >> .bashrc
$ echo export PYTHONPATH=/home/cairisuser/cairis >> .bashrc
source .bashrc

Run the add_cairis_user script in cairis/cairis/bin (run add_cairis_user --help to check the parameters you need to provide).

./add_cairis_user test test

If you want to run the Flask development servier, run ./cairisd.py runserver (the script can be found in cairis/cairis/bin). However, before doing this, you need to ensure CAIRIS has been installed to a location that the process running cairisd has write access to. Alternatively, if you want to web services to be accessed via mod_wsgi-express run mod_wsgi-express start-server cairis.wsgi; cairis.wsgi can also be found in cairis/cairis/bin.

You can now point your browser to http://SERVERNAME:PORT_NUMBER, depending on where cairisd is installed, and what port cairisd or mod_wsgi-express is listening to, e.g. http://myserver.org:7071. Once you have authenticated, the application should load.

Desktop application

In theory, the desktop CAIRIS application can be installed on any platform that its open-source dependencies are available for. In practice, CAIRIS has found to be most stable when running on Ubuntu or Debian Linux.

PyPI

$ sudo apt-get install python-wxglade python-glade2 python-wxgtk3.0 python-dev build-essential mysql-server mysql-client graphviz docbook dblatex python-pip python-numpy git libmysqlclient-dev --no-install-recommends texlive-latex-extra docbook-utils inkscape libxml2-dev libxslt1-dev poppler-utils
$ sudo pip install cairis

fig:configure_cairis_db

Assuming you didn’t customise the installation location of CAIRIS when running pip, you can usually accept many of these defaults, except for the name and location of the CAIRIS configuration file. When you select Ok, the script will create a new CAIRIS database, and accompanying CAIRIS configuration file; this file will ensure that CAIRIS knows what database it needs to refer to when you start up the tool.

$ echo export CAIRIS_CFG=/home/cairisuser/cairis.cnf >> .bashrc

Open a terminal window and run cairis_gui.py.

cairis_gui.py

This main CAIRIS window is split in 2 halves. The bottom half is the taken up the requirements editor. The top half of the screen is taken up by the menu and tool-bar buttons.

fig:initStartup

All the information entered into CAIRIS is stored in a single MySQL database, but all or part of a complete CAIRIS model can be imported and exported in XML. CAIRIS comes with a several sample models; these can be found on github in the cairis/examples folder. This can be imported by clicking on the File/Import/Model menu, and selecting the model file to be imported.

Model files can also be imported from the command line by using cimport.py.

$ cimport.py --type all --overwrite 1 --image_dir . NeuroGrid.xml

The type all refers to a complete model file. Individual parts of models can also be imported. These might include models of individual personas, goal models, or risk analysis data. Use the –help option to get a detailed list of importable model types.

If the overwrite option is set then the import process will overwrite any existing data that might already be in the CAIRIS database. This can be useful if you want to cleanly import a new model file.

If the image_dir option is set then CAIRIS will look for somewhere other than the default_image_dir location (specified in cairis.cnf) for any image files associated with the model. Such image files include pictures for personas and attackers, or rich picture diagrams.

Source installation and configuration

This is identical to the PyPI installation, but instead of install CAIRIS from PyPI, you instead need to clone the latest version of the CAIRIS repository, and install the dependent PyPI packages manually.

$ git clone https://github.com/failys/cairis
$ cd cairis
$ sudo pip install -r requirements.txt

Once the packages have been installed, you can run configure_cairis_db.py, and follow the rest of the PyPI instructions. All the scripts you need to run can be found in cairis/cairis/bin.