Apache Install

Some tCell features are not available

OS Commands, Local Files, Account Takeover, and Packages & Vulnerabilities features are not available on Apache.

Supported Technologies

Confirm that the tCell agent supports your Apache configuration, as shown below:

VersionOS
2.4.xCentOS 6+
Ubuntu 14+
Debian 8+
Alpine 3.7.1+

CentOS 6.0 End of Life Announcement

As of December 31, 2021, Rapid7 will End-of-Life (EOL) tCell Agents on CentOS 6.0. The Agent documentation and support requirements will reflect this change at the same time. See the CentOS end-of-life announcement to see if you are affected and what actions you can take.

Recommendations and Requirements

  • We strongly recommend a recent Apache server version to ensure a minimum of vulnerabilities in the base server.
  • If using a significantly different Linux distribution, contact tCell Support to discuss adding your target environment to our builds.
  • For Debian and Ubuntu, Environment Variables must be set in the envvars file, located at /etc/apache2/envvars.

Prerequisites

  • A working tCell login & account
  • A tCell Application to hold configuration for the Apache agent (Admin -> Applications)
  • Allow outbound HTTPS connections to the tCell cloud: What IPs do tCell agents connect to?
  • Download the agent and the config file:
    1. Click on "tCell Admin" in top nav bar.
    2. Click "Download Agent".
    3. Click on “Web Server Agent”.
    4. Select "Apache HTTPD" agent.
    5. Select "Create New API Key" (default).
    6. Download the .tgz file.
    7. Click "Download Config File" to download the agent's config file (which is prepopulated with the application and key information).

Installation

  1. Determine your Apache HTTPD_ROOT directory:

    OS

    Command

    Ubuntu/Debian

    run /path/to/apache2 -V | grep HTTPD_ROOT

    centOS

    run /path/to/httpd -V | grep HTTPD_ROOT

    Official Docker httpd image

    run /path/to/httpd -V | grep HTTPD_ROOT

  2. Determine your Apache modules directory.
    1. Review your conf file:

      OS

      Conf file

      Ubuntu/Debian

      $HTTPD_ROOT/apache2.conf

      centOS

      $HTTPD_ROOT/conf/httpd.conf

      Official Docker httpd image

      $HTTPD_ROOT/conf/httpd.conf

    2. Identify the target location of pre-existing LoadModule directives. Typically the directives are in apache2.conf or httpd.conf, but depending on how Apache was installed, they may be in a subdirectory. For example, in a common Ubuntu setup, the $HTTPD_ROOT directory and configuration are in /etc/apache2, but the LoadModule directives are in the subdirectory /etc/apache2/mods-available and individual .load files like ssl.load. If you can't find the LoadModule directives in the master apache2.conf or httpd.conf, look in the $HTTPD_ROOT subdirectories.
  3. Extract the downloaded Apache HTTPD agent .tgz file.
  4. Identify the module matching your Linux type, and copy (or move) it to your Apache modules directory.
  5. Ensure the file permissions and ownership resemble those of the other Apache modules to be sure the Apache user will be able to load the file.
  6. Edit the Apache httpd.conf or apache2.conf file and add a LoadModule directive near the top similar to:
    LoadModule directive
    1
    LoadModule apache_agent_tcell_module modules/mod_agenttcell.so;

Depending on how Apache was installed, you may have to put the LoadModule directive in a .load file in a subdirectory. When a mods-available subdirectory is used, there's normally a corresponding $HTTPD_ROOT/mods-enabled subdirectory. See mods-enabled for more information.

  1. Place the tcell_agent.config you downloaded earlier in the HTTPD_ROOT directory, and ensure its ownership and permissions permit the Apache user to read it.
  2. Set your Apache user as owner of the logs folder:

    OS

    Command

    Ubuntu/Debian

    chown www-data /etc/apache2/logs

    centOS

    chown apache /etc/httpd/logs

    Official Docker httpd image

    chown daemon /usr/local/apache2/logs

  3. Restart Apache: sudo apache2ctl restart

Verification

To verify that data is being sent to tCell go to your tCell console and ensure that the number of web server agents listed for the application you just created is more than 0.

Logging

Log files will be found in the $HTTPD_ROOT/tcell/logs/tcell.log directory. However, if the agent cannot log to this directory, it might log to /tmp/tcell.log .

To change log_dir (and have Apache log to a specific location, for example: /etc/apache/logs) set the Environment Variable TCELL_AGENT_LOG_DIR by using:

cURL
1
chown apache /etc/apache/logs
2
chmod u+rwx/etc/apache/logs

You can customize the log level in the tcell_agent.config file by adding a block such as the following:

json
1
"logging_options": {
2
"enabled": true,
3
"level": "INFO"
4
}

See tcell/tcell_agent.config.template for an example.

Valid log levels are:

ERRORWARNINFO (default) DEBUGTRACE

The preceding list indicates the precedence among the levels, from top to bottom. When you enable a log level, the higher log levels are also enabled. For example, if you enable WARN, then ERROR is also enabled.

When a log file becomes full, logging continues in a new log file. See Log Rolling for more information.

Apache user information

If you are using CentOS, then the Apache user is apache

  • If you are using Ubuntu or Debian, then the Apache user is www-data
  • If you are using an official httpd Docker (Debian & Alpine), then the Apache user is daemon