RatticDB是一种基于开源的Django密码管理服务。
由它提供的API用于通过外部程序访问，审核日志以确保完全责任。
还有一个"更改队列"，以便跟踪需要更改哪些密码以及何时。

1.安装前列腺

更新系统并安装包含MySQL和Apache的所有准备工作。

root@demohost:~# apt-get update
root@demohost:~# apt-get install apache2 php git gcc mysql-server python-setuptools gcc openssl libxml2 python-dev libxml2-dev libxslt1-dev zlib1g-dev libldap2-dev python-ldap python-mysqldb gettext apache2-dev libmysqlclient-dev libsasl2-dev python-dev libldap2-dev libssl-dev pyflakes
root@demohost:~# easy_install pip

通过在/etc/hosts&/etc/hostname中添加主机和域名(可选)的主机和域名来为主机配置FQDN

root@demohost:~# cat /etc/hosts
127.0.0.1 localhost
172.31.24.18 demohost.com demohost
root@demohost:~# cat /etc/hostname
demohost

重启网络

root@demohost:~# service networking restart

现在检查主机的FQDN

root@demohost:~# hostname
demohost
root@demohost:~# hostname -f
demohost.com

2.下载ratticweb.

下载RatticWeb并使用pip安装Python所需的模块。

root@demohost:~# cd /opt
root@demohost:/opt# mkdir apps
root@demohost:/opt# cd apps
root@demohost:/opt/apps# git clone https://github.com/tildaslash/RatticWeb.git
Cloning into 'RatticWeb'...
remote: Counting objects: 6192, done.
remote: Total 6192 (delta 0), reused 0 (delta 0), pack-reused 6192
Receiving objects: 100% (6192/6192), 1.63 MiB | 707.00 KiB/s, done.
Resolving deltas: 100% (3553/3553), done.
Checking connectivity... done.
root@demohost:/opt/apps# cd RatticWeb/
root@demohost:/opt/apps/RatticWeb# /usr/local/bin/pip install -r requirements-mysql.txt -r requirements-dev.txt

3.创建MySQL数据库/用户

创建MySQL数据库/用户并授予权限。

root@demohost:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1807
Server version: 5.7.17-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names Jan be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database rattic CHARACTER SET utf8;
Query OK, 1 row affected (0.00 sec)
mysql> SET GLOBAL innodb_file_per_table = ON, innodb_file_format = Barracuda, innodb_large_prefix = ON;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON rattic.* TO 'rattic'@'localhost' identified by 'somepassword';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye

4.配置RatticWeb.

默认情况下，RatticWeb使用SQLite数据库在调试模式下运行。
要更改此并配置MySQL连接，请使用以下内容创建/opt/apps/ratticweb/conf/local.cfg文件。

root@demohost:~# cd /opt/apps/RatticWeb
root@demohost:/opt/apps/RatticWeb# vi conf/local.cfg
[ratticweb]
debug = False
secretkey = theitroad
hostname = demohost.com
[filepaths]
static = /opt/apps/RatticWeb/static
[database]
engine = django.db.backends.mysql
name = rattic
user = rattic
password = somepassword
host = localhost
port = 3306

指定TimeZone，密码到期日和主机名。

root@demohost:/opt/apps/RatticWeb# vim conf/defaults.cfg
timezone = Asia/Kolkata
passwordexpirydays = 90
hostname = demohost.com

5.迁移ratticweb.

我们可以在迁移中获得以下错误。

..................
..................
django.core.exceptions.ImproperlyConfigured:
For South support, customize the SOUTH_MIGRATION_MODULES setting
to point to the correct migrations module:
SOUTH_MIGRATION_MODULES = {
'kombu_transport_django': 'kombu.transport.django.south_migrations',
}

要纠正此功能，请复制正确的迁移模块。

root@demohost:# cd /usr/local/lib/python2.7/dist-packages
root@demohost:/usr/local/lib/python2.7/dist-packages# rm -rf kombu/transport/django/migrations djcelery/migrations
root@demohost:/usr/local/lib/python2.7/dist-packages# mv kombu/transport/django/south_migrations kombu/transport/django/migrations
root@demohost:/usr/local/lib/python2.7/dist-packages# mv djcelery/south_migrations djcelery/migrations

现在执行迁移

root@demohost:# cd /opt/apps/RatticWeb/
root@demohost:/opt/apps/RatticWeb# ./manage.py syncdb --noinput
root@demohost:/opt/apps/RatticWeb# ./manage.py migrate [ create and setup the database ]
root@demohost:/opt/apps/RatticWeb# mkdir static
root@demohost:/opt/apps/RatticWeb#  ./manage.py collectstatic -c --noinput [ populate the static files directory ]
root@demohost:/opt/apps/RatticWeb# ./manage.py demosetup [ to create an initial user account ]

6.编译/安装mod_wsgi

下载和编译mod_wsgi。
我们需要Python dev和apache2-dev来安装mod_wsgi。
这两个都安装在步骤1中。

root@demohost:~# wget https://github.com/GrahamDumpleton/mod_wsgi/archive/develop.zip
root@demohost:~# unzip develop.zip
root@demohost:~# cd mod_wsgi-develop
root@demohost:~/mod_wsgi-develop#./configure --with-python=/usr/bin/python3.5
root@demohost:~/mod_wsgi-develop# make
root@demohost:~/mod_wsgi-develop# make install
root@demohost:~/mod_wsgi-develop# cd /etc/apache2/mods-available
root@demohost:/etc/apache2/mods-available# vi wsgi.load
LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so
root@demohost:/etc/apache2/mods-available# cd /etc/apache2/mods-enabled
root@demohost:/etc/apache2/mods-enabled# ln -s ../mods-available/wsgi.load .
root@demohost:/etc/apache2/mods-enabled# service apache2 start

有关编译Mod_Wsgi的更多详细信息，请在此处查看。

7.配置Apache.

使用OpenSSL创建SSL证书和密钥。

root@demohost:~# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/demohost.com.key -out /etc/ssl/certs/demohost.com.crt

编辑Apache的默认配置文件并更改ServerName和ServerAlias。
确保将所有内容重定向到HTTP到HTTPS。
还要编辑Default-SSL.conf并添加SSL键/CERT路径，为RatticWeb添加别名和目录配置。

root@demohost# vi /etc/apache2/sites-available/000-default.conf
ServerAdmin [email protected]
DocumentRoot /var/www/html
ServerName demohost.com
ServerAlias demohost.com
Redirect permanent/https://demohost.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

现在编辑default-ssl.conf

root@demohost# vi /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /etc/ssl/certs/demohost.com.crt
SSLCertificateKeyFile /etc/ssl/private/demohost.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/
Alias /media//opt/apps/RatticWeb/media/
Alias /static//opt/apps/RatticWeb/static/
<Directory /opt/apps/RatticWeb/static>
Require all granted
</Directory>
<Directory /opt/apps/RatticWeb/media>
Require all granted
</Directory>
WSGIScriptAlias//opt/apps/RatticWeb/ratticweb/wsgi.py
WSGIPassAuthorization On
WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/python-path=/opt/apps/RatticWeb display-name=%{GROUP}
WSGIProcessGroup rattic
<Directory /opt/apps/RatticWeb/ratticweb>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
</VirtualHost>
</IfModule>

启用Apache模块

root@demohost:~# sudo a2enmod wsgi
root@demohost:~# a2enmod rewrite
root@demohost:~# a2ensite default-ssl
root@demohost:~# a2enmod ssl
root@demohost:~# service apache2 restart

8.配置防火墙

调整防火墙规则以允许流量到端口80和443

对于iptables用户

[root@demohost ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
[root@demohost ~]# iptables-save > /etc/iptables/rules.v4
[root@demohost ~]# service iptables-persistent restart

对于UFW用户

[root@demohost ~]# ufw allow 80/tcp
[root@demohost ~]# ufw allow 443/tcp
[root@demohost ~]# ufw reload

9.访问RatticdB.

要访问Rattic，请键入https：//fqdn_or_ip_address_of_your_server

使用默认用户名登录为admin和password作为rattic，我们将被重定向到密码仪表板。
更改用户admin的默认密码。

单击左侧列的"配置文件"以查看管理员档案页面。
单击"更改密码"

输入新密码，然后单击"更改密码"

点击"员工管理"，然后单击"添加组"

提供组名称并提交。

选择"员工管理"，然后点击"添加用户"。
填满用户详细信息，然后单击"提交"

要列出用户，请选择"员工管理"，所有用户和组将列出。

这就是rattic-db，我们现在可以更安全地管理用户/组和密码，并通过安全的API访问它