Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :
  • * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
  • * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
  • * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Configuring the CentOS/ RedHat server

In order to install a fresh CentOS7 machine (virtual or physical) without graphical interface (choose minimal installation), please refer to official CentOS documentation. This documentation is also valid for Redhat7 initial installation.

Configuring network parameters

The different parameters presented below are not specific to WAPT; you may adapt them as required for your environment.

Modify the following files in order to get a proper naming (FQDN) and network addressing strategy.

In the following example:

  • the FQDN name is srvwapt.mydomain.lan;

  • the short-name of the WAPT Server is srvwapt;

  • the DNS suffix is mydomain.lan;

  • the IP address is 10.0.0.10/24;

Configuring the name of WAPT Server

Hint

The short name of the WAPT Server must not be longer than 15 characters (the limit is due to sAMAccountName restriction in Active Directory).

The name of the WAPT Server must be a FQDN, that is to say it has both the server name and the DNS suffix.

  • modify the /etc/hostname file and write the FQDN of the server;

# /etc/hostname du waptserver
srvwapt.mydomain.lan

  • configure the /etc/hosts file, be sure to put both the FQDN and the short name of the server;

# /etc/hosts du waptserver
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.10   srvwapt.mydomain.lan srvwapt

Hint

  • on the line defining the DNS server IP address, be sure to have the IP of the server (not 127.0.0.1), then the FQDN, then the short name;

  • do not change the line with localhost;

Configuring the IP address of the WAPT Server

  • modify the /etc/sysconfig/network-scripts/ifcfg-eth0 file and define a static IP address. The name of the file can be different, like ifcfg-ens0 for example;

# /etc/sysconfig/network-scripts/ifcfg-eth0 du serveur wapt
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth0"
ONBOOT="yes"
IPADDR=10.0.0.10
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=10.0.0.1
DNS2=10.0.0.2

  • apply the network configuration by rebooting the machine with a reboot;

    reboot

  • if it has not already been done, create the DNS entries for the WAPT Server in the Organization Active Directory;

  • after reboot, configure the system language in English in order to have non-localized logs for easier searching of common errors;

localectl set-locale LANG=en_US.utf8
localectl status

  • check that the machine clock is on time (with NTP installed), and that SELinux and the firewall are enabled;

    yum list installed | grep ntp
service ntpd status
date
sestatus
systemctl status firewalld

Hint

If the NTP package is not installed.

yum install ntp
systemctl enable ntpd.service
systemctl start ntpd

  • update CentOS7 and set up the EPEL repository;

yum update
yum install epel-release wget sudo

You may now go on to the next step and install WAPT on your CentOS/ RedHat.