V 3.

InvGate Insight
Proxy Installation
Versión en español disponible aquí.

Table of Contents
Table of Contents 2

Introduction 4

1. Why use the proxy? 4

1.1 Agent Deployment 4
1.2 Agent Reporting 4
1.3 Device Discovery 4

2. Proxy Installation 4
2.1 Requirements 4
2.1.1 Connectivity 4
2.1.2 Hardware 5
2.1.3 Software 5
2.2 Browsers approved for the proxy setup 5

3. Steps for Proxy Installation and Configuration 6

3.1 Proxy Installation 6
3.1.1 Windows 6
3.1.2 CentOS 7 9
3.1.2.1 Script Installation 9
3.1.2.2 Manual Installation 9
The application will be installed in /usr/share/invgate/neoassets/. 10
3.2 Proxy Configuration 10

4. Updating the Proxy 14

4.1 Windows 14
4.2 CentOS 7 14

5. Steps to uninstall the proxy 15

2
 5.1 CentOS 7 15
5.2 Windows 15

6. Useful Information for CentOS 7 15

7. Network proxy settings 16

7.1 Windows 16
7.2 CentOS 7 16

8. HTTPS Configuration 16
8.1 Windows 16
8.1.1 VirtualHost Configuration 16
8.2 CentOS 7 18
8.2.1 Requirements installation 18
8.2.2 Proprietary Certificates generation 18
8.2.3 VirtualHost Configuration 18

9. Change the location of the database 20

9.1 Windows 20

3
Introduction
This document describes the steps necessary to install the InvGate Insight proxy on a
Linux or Windows server.

1. Why use the proxy?

The purpose of the proxy is to provide a means of communication between the agents
that will be installed on the computers and the server where the application will be
installed.

1.1 Agent Deployment

The proxy will be necessary to remotely distribute the agents to any machine that is
not visible by the application server. For example, those in closed or protected
networks.

1.2 Agent Reporting

If the installed agents do not have visibility to the application server, the proxy
installation is also required. Otherwise, they will not be able to report to InvGate
Insight.

1.3 Device Discovery

The proxy will analyze the network and identify any devices connected to it.

2. Proxy Installation

2.1 Requirements
These are the minimum requirements the InvGate Insight proxy needs.

2.1.1 Connectivity
● Visibility to the InvGate Insight central server.

4
 ● Visibility from the agents to the proxy server (if the agents are going to report to
it).

● Visibility from the proxy server to the machines where the agents will be installed
(if you want to use the proxy to install them remotely).

2.1.2 Hardware
● RAM: 8 GB.

● Processor: 4 core (64 bits).

● 50 GB of hard drive space.

2.1.3 Software
● For Linux servers:

○ CentOS 7 (64 bits).

○ User with sudo privileges.

● For Windows servers:

○ Windows 10 operating system or Windows Server 2016 or 2019

2.2 Browsers approved for the proxy setup

● Mozilla Firefox version 34 or higher

● Google Chrome version 42 or higher

● Edge version 41 or higher

5
3. Steps for Proxy Installation and Configuration
The first thing to do is install the proxy on a network machine with Internet access.

The process consists of two stages. The first one is the installation and the second one
is the configuration, that is done from a web interface in a browser.

3.1 Proxy Installation

3.1.1 Windows

1. Download the ZIP with the latest stable version of the proxy from:
https://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-windo
ws-latest.zip

2. Extract the ZIP and run the installer.

3. Accept the License Agreement of the InvGate Insight proxy:

6
4. Select the directory where it will be installed:

5. Then, indicate the port number by which the agents will connect to the proxy.

7
6. Start the installation process by pressing Install.

7. Once the installation process finishes, pressing “Close” will open your default web
browser.

8
3.1.2 CentOS 7
For CentOS you have two options, the Script Installation or a Manual Installation.

3.1.2.1 Script Installation

First you must check the content of the script:

curl -sSL https://download.invgate.net/insight/insight_proxy_install.sh

To run the installation script:

curl -sSL https://download.invgate.net/insight/insight_proxy_install.sh | sudo
bash

3.1.2.2 Manual Installation

Run the following script on CentOS 7:

1. Update CentOS:
yum update

2. Install useful tools:

yum install nano -y
yum install wget -y
yum install unzip -y

3. Add EPEL repository for other dependencies:

yum install epel-release

4. Software Collection Installation:

yum install centos-release-scl

5. Allow access to HTTP and HTTPS ports and Postgres port. It is highly
recommended to have a firewall to protect the server.

a. To enable the firewalld service, run the following command as root:

9
 systemctl enable firewalld

b. To start the firewalld service run:

systemctl start firewalld

c. To open the required ports for the InvGate Insight proxy:

firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent
--add-port=443/tcp && firewall-cmd --reload

6. Disable SELINUX:
setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/selinux/config

7. Unzip and install the rpm:

wget
http://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-centos-lat
est.zip
unzip neo_assets_proxy-centos-latest.zip
yum install invgate-neo-assets-proxy-<version>.el7.centos.x86_64.rpm

*Note: replace in the previous step the version number with the parameter
corresponding to "rpm_version" of the info file of the downloaded ZIP.

The application will be installed in /usr/share/invgate/neoassets/.

3.2 Proxy Configuration

Access the application from the browser, on the computer IP, and follow the
Installation Wizard.

1. This is where the proxy setup wizard begins. Press the button: "Yes, I already
installed all requirements".

10
2. Enter the URL of the central InvGate Insight server, with which the proxy will
exchange data. Then, enter a name with which the proxy will be identified from
the InvGate Insight interface, and the URL that the agents will use to connect
with the proxy, which can be the IP and port where the proxy was installed (i.e:
http://192.168.0.1:80) or a previously configured domain name. Then press
"Register Proxy"

3. In the next screen, press the "Set up Database" button that will carry out the
necessary settings for the database (SQLite) required by the proxy.

11
4. Run the creation of migrations for the proxy data models by pressing the "Run
migrations" button. Once the process is finished, the message “All Migrations
Applied. Continue” will be displayed. Press it to continue.

12
 5. After the configuration process, click on the button "Great!" to end.

6. The interface provided by the proxy will be shown below, where you can
download the latest versions of the agents for the different operating systems
(Windows, GNU / Linux and macOS).

If the agents for the different platforms were uploaded to the central server, the proxy
will download them by displaying them on the main screen.

13
 Note: this process could take a couple of minutes.

4. Updating the Proxy

4.1 Windows

1. Download the ZIP with the latest stable version of the proxy from:
https://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-wind
ows-latest.zip.

2. Extract the ZIP and run the installer.

3. Follow the steps from the installer.

4.2 CentOS 7
Run the following commands:

1. Download the ZIP with the latest stable version, extract it, and install the rpm:

sudo yum install unzip -y

wget
http://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-centos-lat
est.zip
unzip neo_assets_proxy-centos-latest.zip
sudo yum install invgate-neo-assets-proxy-<version>.el7.centos.x86_64.rpm

Note: Replace the version number with the “rpm_version” parameter in the “info” file from the
downloaded ZIP.

14
5. Steps to uninstall the proxy

5.1 CentOS 7
Run the following command:
sudo yum remove invgate-neo-assets-proxy

5.2 Windows
1. Navigate to C:\Program Files (x86)\InvGate\Insight Proxy
2. Run “uninstall.exe”

6. Useful Information for CentOS 7

These are the directories that are created during the installation process:

● InvGate Insight Proxy installation Path:

/usr/share/invgate/neoassets/neo-assets-proxy/

● The InvGate Insight proxy logs will be located in the path:

/usr/share/invgate/neoassets/neo-assets-proxy/debug.log

● The Apache logs for the InvGate Insight proxy will be located in the path:

/var/log/httpd/access_neo_assets_proxy.log
/var/log/httpd/error_neo_assets_proxy.log

● To see the status of the proxy services (apache and huey), run:

systemctl status httpd24-httpd

systemctl status huey-proxy

● To see the logs of these services with journalctl:

journalctl -u httpd24-httpd
journalctl -u huey-proxy

15
7. Network proxy settings
If the network where the Insight proxy was installed uses a proxy to access the
Internet, you must set up the configuration of this webproxy, so that the Insight proxy
can report to the server that is in the cloud.

7.1 Windows
In the case of Windows, the webproxy to be used must be configured within the
browser and then within a terminal we execute the following command:

netsh winhttp import proxy source =ie

7.2 CentOS 7
To configure the proxies that must be used in CentOS, it is enough to define the
environment variables HTTP_PROXY and HTTPS_PROXY on the server where the
Insight proxy was installed. For example, if the webproxy has the address proxy.server:
8080, you must modify the configuration file /etc/environment with:
sudo nano /etc/environment

And then add the following lines:

http_proxy="http://my.proxyserver.net:8080/"
https_proxy="http://my.proxyserver.net:8080/"

8. HTTPS Configuration

8.1 Windows

8.1.1 VirtualHost Configuration

Now you must inform Apache that your instance may receive requests through the
433 port, and redirect to that port all the requests arriving to the 80 port.

For this, modify the following file in your text editor of choice:
C:\Program Files (x86)\InvGate\Insight Proxy\Apache\conf\insight-proxy.conf

16
Add the next configuration, being discover.crt, chain.crt and discover.key the
certificate files.

Listen 80
Listen 443

<VirtualHost *:80>
Servername localhost
RewriteEngine On
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [END,NE,R=308]
</VirtualHost>

<VirtualHost *:443>
ServerName insight-proxy
Alias /static "C:\Program Files (x86)\InvGate\Insight Proxy\steg\static"
Alias /media "C:\Program Files (x86)\InvGate\Insight Proxy\steg\media"
WSGIScriptAlias / "C:\Program Files (x86)\InvGate\Insight
Proxy\steg\wsgi.py"

<Directory "C:\Program Files (x86)\InvGate\Insight Proxy\steg">

Order deny,allow
Allow from all
</Directory>

SSLEngine On
SSLProtocol all
SSLCertificateFile "C:\discover.crt"
SSLCertificateChainFile "C:\chain.crt"
SSLCertificateKeyFile "C:\discover.key"
</VirtualHost>

17
8.2 CentOS 7

8.2.1 Requirements installation

To generate and install the SSL certificates on the Apache Server, it will be necessary to
install the openssl and mod_ssl packages. Use yum to obtain them.
sudo yum install httpd24-mod_ssl openssl

8.2.2 Proprietary Certificates generation

Use OpenSSL to generate your own SSL certificates.

1. Generate the private key:

sudo openssl genrsa -out discover.key 2048

2. Generate CSR:
sudo openssl req -new -key discover.key -out discover.csr

3. Sign the key:

sudo openssl x509 -req -days 365 -in discover.csr -signkey discover.key -out
discover.crt

4. Now copy the generated files to the following path: /etc/pki/tls/

sudo cp discover.crt /etc/pki/tls/certs

sudo cp discover.key /etc/pki/tls/private/discover.key

sudo cp discover.csr /etc/pki/tls/private/discover.csr

8.2.3 VirtualHost Configuration

Now you must inform Apache that your instance may receive requests through the
433 port, and redirect to that port all the requests arriving to the 80 port.

For this, modify the next file:

18
 sudo vi
/usr/share/invgate/neoassets/neo-assets-proxy/config/invgate-neo-assets-proxy.co
nf

Add the following configuration and then save it:

<VirtualHost *:80>
Servername localhost
RewriteEngine On
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [END,NE,R=308]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName localhost.localdomain
DocumentRoot /usr/share/invgate/neoassets/neo-assets-proxy
WSGIPassAuthorization On
WSGIScriptAlias /
/usr/share/invgate/neoassets/neo-assets-proxy/steg/wsgi.py
WSGIDaemonProcess localhost.localdomain
python-path=/usr/share/invgate/neoassets/neo-assets-proxy
python-home=/usr/share/invgate/ neoassets/neo-assets-proxy/.venv
<Location/>
WSGIProcessGroup localhost.localdomain
</Location>
<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>

Alias /static/ /usr/share/invgate/neoassets/neo-assets-proxy/steg/static/

<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/static>
Require all granted
</Directory>

Alias /media/ /usr/share/invgate/neoassets/neo-assets-proxy/steg/media/

<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/media>
Require all granted
</Directory>

Addtype text/css .css

ErrorLog /var/log/httpd/error_neo_assets_proxy.log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
combined
TraceEnable Off

19
 CustomLog /var/log/httpd/access_neo_assets_proxy.log combined

SSLEngine On
SSLProtocol all
SSLCertificateFile /etc/pki/tls/certs/discover.crt
SSLCertificateKeyFile /etc/pki/tls/private/discover.key

# Continue with the configuration that generates the rpm

</VirtualHost>
</IfModule>

9. Change the location of the database

9.1 Windows
To change the location of the database of the proxy, once the installation is complete, it
will be necessary to follow the next steps:

1. Stop the services related to the proxy:

2. Move the file db.sqlite3 located in the folder “C:\Program Files

(x86)\InvGate\Insight Proxy\db” to the new location.

3. Modify the parameter DATABASE_URL, in the file “C:\Program Files

(x86)\InvGate\Insight Proxy\.env” with the new path of the database. The
parameter should end up like this:

DATABASE_URL=sqlite:///[folder_path]\db.sqlite3

4. Start once again the services from step 1.

20