dylancwood/install_fips.sh

## install_fips.sh
#!/bin/bash

echo "installing updates"
sudo apt-get update
echo "installing build-essential"
sudo apt-get install build-essential

echo "moving to home dir"
cd ~

echo "getting openssl source"
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz

echo "getting fips object module source"
wget http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
echo "unpacking fips object module"
tar -xzvf openssl-fips-2.0.5.tar.gz
echo "moving into fips source dir"
cd openssl-fips-2.0.5
echo "configuring"
./config
echo "compiling"
make
echo "installing"
sudo make install
echo "moving back to home dir"
cd ~
echo "unpacking openssl source"
tar -xzvf openssl-1.0.1e.tar.gz
echo "moving into openssl source dir"
cd openssl-1.0.1e
echo "configuring with fips directive"
./config fips shared
echo "compiling"
make
echo "installing"
sudo make install
echo "moving old openssl binary to temporary /usr/bin/openssl_orig"
sudo mv /usr/bin/openssl /usr/bin/openssl_orig
echo "creating symlink to fips openssl in /usr/bin"
sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
echo "done"

echo "Building apache dependencies"
sudo apt-get build-dep apache2

echo "Retrieving Apache2 source files"
wget http://www.motorlogy.com/apache//httpd/httpd-2.4.6.tar.gz

echo "extracting Apache2 source"
tar -xzvf httpd-2.4.6.tar.gz


echo "entering httpd-2.4.6"
cd httpd-2.4.6

echo "adding shared library to ldconfig"
#for some reason, I can't write directly to /etc/ld.so.conf.d
#so I will write to the current dir, then move the file
echo '/usr/local/ssl/lib/' > fips_openssl.conf
sudo mv fips_openssl.conf /etc/ld.so.conf.d/.
sudo ldconfig

echo "configuring"
./configure \
--enable-so \
--enable-deflate \
--enable-expires \
--enable-headers \
--enable-rewrite \
--enable-ssl \
--with-ssl=/usr/local/ssl \
--enable-ssl-staticlib-deps \
--enable-mods-static=ssl

echo "making"
make

echo "make install"
sudo make install

echo "installation complete"
echo ""

echo "starting apache"
sudo /usr/local/apache2/bin/apachectl start

echo ""
echo "verify that apache is running"
ps aux | grep apache

echo ""

echo "creating self-signed ssl certs"
cd /usr/local/apache2/conf
sudo openssl genrsa -out server.key
sudo openssl req -new -x509 -key server.key -out server.crt

echo "removing simlink to fips openssl"
sudo rm /usr/bin/openssl

echo "moving original openssl back"
sudo mv /usr/bin/openssl_orig /usr/bin/openssl

echo "done"
echo ""
echo "do not forget to uncomment the following lines in httpd.conf:"
echo ""
echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"
echo "Include conf/extra/httpd-ssl.conf"
echo ""
echo "do not forget to add SSLFIPS on in /usr/local/apache2/conf/extras/httpd-ssl.conf"
	#!/bin/bash

	echo "installing updates"
	sudo apt-get update
	echo "installing build-essential"
	sudo apt-get install build-essential

	echo "moving to home dir"
	cd ~

	echo "getting openssl source"
	wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz

	echo "getting fips object module source"
	wget http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
	echo "unpacking fips object module"
	tar -xzvf openssl-fips-2.0.5.tar.gz
	echo "moving into fips source dir"
	cd openssl-fips-2.0.5
	echo "configuring"
	./config
	echo "compiling"
	make
	echo "installing"
	sudo make install
	echo "moving back to home dir"
	cd ~
	echo "unpacking openssl source"
	tar -xzvf openssl-1.0.1e.tar.gz
	echo "moving into openssl source dir"
	cd openssl-1.0.1e
	echo "configuring with fips directive"
	./config fips shared
	echo "compiling"
	make
	echo "installing"
	sudo make install
	echo "moving old openssl binary to temporary /usr/bin/openssl_orig"
	sudo mv /usr/bin/openssl /usr/bin/openssl_orig
	echo "creating symlink to fips openssl in /usr/bin"
	sudo ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
	echo "done"

	echo "Building apache dependencies"
	sudo apt-get build-dep apache2

	echo "Retrieving Apache2 source files"
	wget http://www.motorlogy.com/apache//httpd/httpd-2.4.6.tar.gz

	echo "extracting Apache2 source"
	tar -xzvf httpd-2.4.6.tar.gz


	echo "entering httpd-2.4.6"
	cd httpd-2.4.6

	echo "adding shared library to ldconfig"
	#for some reason, I can't write directly to /etc/ld.so.conf.d
	#so I will write to the current dir, then move the file
	echo '/usr/local/ssl/lib/' > fips_openssl.conf
	sudo mv fips_openssl.conf /etc/ld.so.conf.d/.
	sudo ldconfig

	echo "configuring"
	./configure \
	--enable-so \
	--enable-deflate \
	--enable-expires \
	--enable-headers \
	--enable-rewrite \
	--enable-ssl \
	--with-ssl=/usr/local/ssl \
	--enable-ssl-staticlib-deps \
	--enable-mods-static=ssl

	echo "making"
	make

	echo "make install"
	sudo make install

	echo "installation complete"
	echo ""

	echo "starting apache"
	sudo /usr/local/apache2/bin/apachectl start

	echo ""
	echo "verify that apache is running"
	ps aux \| grep apache

	echo ""

	echo "creating self-signed ssl certs"
	cd /usr/local/apache2/conf
	sudo openssl genrsa -out server.key
	sudo openssl req -new -x509 -key server.key -out server.crt

	echo "removing simlink to fips openssl"
	sudo rm /usr/bin/openssl

	echo "moving original openssl back"
	sudo mv /usr/bin/openssl_orig /usr/bin/openssl

	echo "done"
	echo ""
	echo "do not forget to uncomment the following lines in httpd.conf:"
	echo ""
	echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"
	echo "Include conf/extra/httpd-ssl.conf"
	echo ""
	echo "do not forget to add SSLFIPS on in /usr/local/apache2/conf/extras/httpd-ssl.conf"