Sicura Console
  1. Welcome to the SIMP Console Documentation


System Requirements

Notice: Hard drive specifications assume the database file is stored locally. If this is not the case, SIMP Console only requires 150MB of local storage.

SIMP console has currently been tested on Chrome version 50 and above, Safari version 12, and Microsoft Edge version 42.

At minimum your Linux system (or VM environment) should be able to utilize a dual-core CPU, 2GB of RAM and 500MB of local storage. We recommend a quad-core CPU with at least 6GB of RAM and 5GB of local storage to run SIMP Console comfortably.

SIMP Console Installation

License Key

The SIMP Enterprise repositories require a valid license key in order to install or upgrade any enterprise packages, including SIMP Enterprise and SIMP Console. Once you have received your license key file from your account executive, copy it to, or create it as a new file named /etc/simp/license.key on the server you are installing the SIMP Console to.

SIMP Release Package

The SIMP Release package provides the SIMP Enterprise Yum repository configuration and GPG keys needed to install SIMP Enterprise packages.

yum install

SIMP Console Package

Install the simp-console package via yum.

yum install simp-console

Configuring SIMP Console

Configuring the system is done by adding settings to the /etc/simp/simp-console.yml file.


SIMP Console comes pre-loaded with multiple plugins, including google_auth and gitlab(notifiations) support. By default all plugins are loaded. If this is not the desired behavior, setting main.load_all_plugins = false in the simp-console.yml file will turn off this feature. You can then add the plugins you’d like to load to the plugins array.

Configuring the Administrator Account

SIMP Console creates this default account with full admin privileges:

Username: admin
Password: password

It is highly recommended to change the default username and password. You can also set a default admin token for the default administrative user to better facilitate using the REST API from systems like Puppet.

Changing the Default Password

Passwords in the config file are only stored as crypt(3)-style salted hashes. In order to make it easier to generate, simp-console contains a helper flag that will take a plain text password and return the hash suitable for the configuration file:

simp-console -e ‘password’

And then add the output to the config file

main.default_admin_password: '$5$7c03659ec01eab77$RB.C4ovajCc9m/JL2.oGX02OlpgMqJmejI72FutgbM5'

Changing the Default Username

It is also best practice to change the default ‘admin’ username to be something site specific:

main.default_admin_username: "simp_root_admin"

Setting the Default Admin Token

The default authentication token is used to interact with the REST API without an account
Notice: The default admin token is set to null and will not be usable until set.

main.default_admin_token: "mYxiQo0JCoVdGCZOwLzs"

Notice: In order to update the default admin password and token, you must also update the default admin username.

Directory Service Configuration

Notice: Although possible to add directory services to SIMP Console using the yml configuration. It is highly recommended that they are implemeneted using the user interface.

The LDAP plugin is installed in SIMP Console by default.

Using The User Interface

A directory service can be added by clicking Create New Entry in the directory services page under the administration tab.

Using simp-console.yml

To configure a directory service in the simp-console.yml add main.directory_services.
Each directory service is added as an element to main.directory_services and take the following parameters.
name - The canonical name of the service, this is the name that is shown when listed as a domain on the SIMP Console login page
Example: name: "Vagrant LDAP Test Server"

auth_provider - The authentication provider to use
Example: auth_provider: "ldap"

create_user - Specifies whether or not to automatically create a new SIMP Console user on successful login with an unlinked account.
Example: create_user: true

settings - A hash of additional plugin specific options

LDAP Configuration

Using The User Interface

Simply click Create New Entry to add a new entry, select LDAP as the authentication provider, and fill in the relevant details

Using simp-console.yml

Example of two valid LDAP configurations

  - name: "Vagrant LDAP Test Server"
    auth_provider: 'ldap'
    create_user: true
      domain_component: "dc=jaeger,dc=local"
      organization_unit: "People"
      host: ""
      port: 9080
  - name: "Staging LDAP Test Server"
    auth_provider: 'ldap'
    create_user: true
      domain_component: "dc=staging,dc=local"
      organization_unit: "People"
      host: ""
      port: 9080

The following are specific settings relating to LDAP authentication, and are located in the settings hash of the file.
domain_component- The domain component string

organization_unit - The organization unit string

host - The IP or domain of the target LDAP server

port - The port to connect to the target LDAP server

Configuring Google Auth

Unlike other directory services, a Google Auth login must be configured in the simp-console.yml file.

The following parameters must be set in order for Google auth to correctly operate.


The first three parameters are provided by Google when registering an API to use for google auth. The final parameter can either be set to ‘true’ or ‘false’ and will have SIMP Console generate a new user if they successfully login but they do not have a SIMP Console account linked to their google login.

The following is a sample of what the configuration can look like:

googleauth.client_id: <clientid>
googleauth.client_secret: <client secret>
googleauth.create_new_user: true

Configuring the Database

Without any configuration, SIMP Console stores its settings in a SQLite database located in /var/db/simp/simp-console.db. While this is sufficient for small sites or demonstration purposes it is recommended to use PostgreSQL for larger sites.

Using SQLite

Make sure the SIMP Console user has read and write access to the file and its containing directory.

main.database: sqlite:///path/to/location/simp-console.db

Using PostgreSQL

Specify a full URL to the database you want to connect to, and the username and password to authenticate with:

main.database: 'postgres://user:password@localhost/my_db'

Changing the Database Table Prefix

By default the SIMP Console configures a table prefix for all tables it manages. This allows admins the capability to run multiple SIMP Console instances using the same underlying database, for example, having a production, staging, or dev tables all within the same database.

By default this is set to production, but it can be changed:

main.database_table_prefix: dev

Which will create all database tables with dev_ in front of them.

Setting the hashing algorithm for the database schema enginge

main.schema_engine.signature_hash: "SHA384"

Pruning Report Data

To keep the database from storing too many reports, the user can specify the maximum number of reports to store per node using the following setting. The default is 3

main.max_scans: 3

Configuring Security Settings

Changing Cryptographic Settings

Some cryptographic settings used by the SIMP Console have configuration options specified in the config file to meet some policy requirements.

To set the hashing algorithm for the webserver’s HMAC algorithm use the following setting

main.rack-session.hmac: "SHA384"

Configuring Listen Address and Port

The address and port can be specificed using the following parameters

main.listen_ip: localhost
main.listen_port: 6468

Using internal SSL termination

First, either self-generate or purchase an SSL certificate and key.

Place them in /etc/ssl/certs and /etc/ssl/private respectively.

In your simp-console.yml add the following configuration:

main.ssl.enabled = true
main.ssl.key = "/etc/ssl/private/mykey.key"
main.ssl.cert = "/etc/ssl/certs/mycert.pem"

# Enable SSL verify (Insecure if set to false)
main.ssl.verify = true

Configuring SIMP Console collector

The collector is the communication point between the SIMP Scanner and SIMP Console. The current version of the collector is v2 which all SIMP Scanners since console version 1.2.0 fully support. If for whatever reason you want to use a scanner from previous releases you will need to enable the legacy collector.

  "main.legacy_collector": true

Running SIMP Console

By default the simp-console RPM creates a user called simp-console, and sets permissions on its default files based on the SIMP Console user. Commands for SIMP Console should be run by the simp-console user.

There is also a Puppet module available for management of the simp-console service and configuration.

Running SIMP Console Manually

To run simp-console from the command line run: sudo -u simp-console simp-console.

Running SIMP Console at Boot

The simp-console RPM sets up a systemd unit file on el7, or a sysvinit service file on el6. You’ll need to enable the service, then start it.


chkconfig simp-console on
service simp-console start


systemctl enable simp-console
systemctl start simp-console

Running a DEMO of SIMP Console

First, ensure simp-console is running. The simp-console-demo command is configured to send the demo data to localhost:6468. Therefore, a demo of SIMP Console should be run on the same machine where SIMP Console is already running on the default port. To run the script, simply type simp-console-demo. The script will automatically start feeding demo data into simp-console.