How to Install Sandstorm on Ubuntu 16.04

To Install Sandstorm on Ubuntu 16.04

Sandstorm is an open source hosting platform for web apps and this improves privacy and control, this is the only way to make Open Source web apps viable. A few examples of the apps that can be installed using Sandstorm are WordPress, GitLab, MediaWiki, Apache Wave, and RoundCube webmail. Users can upload and install arbitrary software. It is so simple to install Sandstorm and this tutorial covers the method to install Sandstorm on Ubuntu 16.04.


Installing Sandstorm

First, you need to download the installation script for Sandstorm by making use of the following command.

root@linuxhelp11:~# curl https://install.sandstorm.io >  install.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 78791  100 78791    0     0  30651      0  0:00:02  0:00:02 --:--:-- 30646

Once it is downloaded, execute the script to install Sandstorm as follows.

root@linuxhelp11:~# bash install.sh

Sandstorm makes it easy to run web apps on your own server. You can have:

1. A typical install, to use Sandstorm (press enter to accept this default)
2. A development server, for working on Sandstorm itself or localhost-based app development

How are you going to use this Sandstorm install? [1] 
We' re going to:

* Install Sandstorm in /opt/sandstorm
* Automatically keep Sandstorm up-to-date
* Configure auto-renewing HTTPS if you use a subdomain of sandcats.io
* Create a service user (sandstorm) that owns Sandstorm' s files
* Configure Sandstorm to start on system boot (with systemd)
* Listen for inbound email on port 25.

Rest assured that Sandstorm itself won' t run as root.
OK to continue? [yes] 
Note: Sandstorm' s storage will only be accessible to the group ' sandstorm' .
As a Sandstorm user, you are invited to use a free Internet hostname as a subdomain of sandcats.io,
a service operated by the Sandstorm development team.
...
Sandcats.io protects your privacy and is subject to terms of use. By using it,
you agree to the terms of service &  privacy policy available here:
https://sandcats.io/terms https://sandcats.io/privacy

Choose your desired Sandcats subdomain (alphanumeric, max 20 characters).
Type the word none to skip this step, or help for help.
What *.sandcats.io subdomain would you like? [] none
URL users will enter in browser: [http://linuxhelp11.com:6080] 
Sandstorm requires you to set up a wildcard DNS entry pointing at the server. 
This allows Sandstorm to allocate new hosts on-the-fly for sandboxing purposes.
Please enter a DNS hostname containing a ' *'  which maps to your server. For 
example, if you have mapped *.foo.example.com to your server, you could enter
" *.foo.example.com" . You can also specify that hosts should have a special
prefix, like " ss-*.foo.example.com" . Note that if your server' s main page
is served over SSL, the wildcard address must support SSL as well, which
implies that you must have a wildcard certificate. For local-machine servers,
we have mapped *.local.sandstorm.io to 127.0.0.1 for your convenience, so you
can use " *.local.sandstorm.io"  here. If you are serving off a non-standard
port, you must include it here as well.
Wildcard host: [*.linuxhelp11.com:6080] 

Config written to /opt/sandstorm/sandstorm.conf.
Finding latest build for dev channel...
Downloading: https://dl.sandstorm.io/sandstorm-221.tar.xz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 32.0M  100 32.0M    0     0   668k      0  0:00:49  0:00:49 --:--:--  957k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   310  100   310    0     0    250      0  0:00:01  0:00:01 --:--:--   250
GPG signature is valid.

Created symlink from /etc/systemd/system/multi-user.target.wants/sandstorm.service to /etc/systemd/system/sandstorm.service.
Your server is coming online. Waiting up to 90 seconds...

Your server is now online! Visit this link to start using it:

  http://linuxhelp11.com:6080/setup/token/69a4a2a8662ab4698bc89a958a67974bbabdc8eb

NOTE: This URL expires in 15 minutes. You can generate a new setup URL by running
' sudo sandstorm admin-token'  from the command line.

To learn how to control the server, run:
  sandstorm help

The installation is now complete. Copy the Highlighted URL and open your browser and paste it into the URL field. The Welcome page of Sandstorm will appear now. Click Begin Sandstorm Setup.

Once it is done, you need to configure your login provider by click configure, after that click next.

Now, fill organization details, and then click save and then continue further.


Now, you need to fill email detail and click save to continue further.

The pre-installation app gets downloaded, once you click Next.


Give the email and click send login mail. In your mail, you got mail from sandstorm with login token. Use that token to open the admin panel.

Admin panel of sandstorm looks like the one in the following image.
With this, the installation of Sandstorm on Ubuntu 16.04 comes to an end.

Tag : Ubuntu Sandstorm
FAQ
Q
What is the expected latency for Sophos Sandstorm cloud-based sandboxing?
A
For files that are present in the cache or have been previously analyzed this will be seconds.
Files which will need to be uploaded and fully analyzed, will take up to 20 minutes with an average of 5 minutes.
Q
What are the steps before a file is sent for analysis to Sophos Sandstorm?
A
Not all files are sent to the Sandstorm sandbox. There are multiple decision steps taken before a file is uploaded for analysis:

Anti-virus engine(s) scan files using multiple technologies to determine if there is already knowledge about the file.
The file is determined as known good, known bad or unknown.
Known bad files are blocked, known good files are released to the end-user.
For unknown files, depending on the file type (determined using true file type detection) Sophos anti-virus will determine if the file has any active content (e.g. Macros in Office documents or JavaScript in pdfs).
If there is no active content the file is considered safe and released to the end-user.
Q
Does Sophos Sandstorm scan files received in both directions inbound/outbound and refer for sandboxing?
A
For SWA, UTM and XG Web proxy, only downloaded files will be scanned and possibly sent to Sandstorm. For SEA, XG and UTM Email Protection both received and sent emails file attachments will be inspected by Sandstorm if suspicious.
Q
Can the administrator create exclusions in Sandstorm?
A
Yes, the existing anti-virus exclusion options in Sophos Web Appliance (SWA) and Sophos UTM also applies to Sandstorm. However, this option is not available in Sophos Email Appliance (SEA).
Q
What file types are supported by Sophos Sandstorm?
A
Sandstorm supports the file types listed below, determined by true filetype detection.
If there is a specific file type you are looking for, which isn’t on the list please open a ticket with support.

PE and EXE files, including 32 or 64-bit programs, and 32 and 64-bit DLLs
Microsoft Office Word Documents with file extensions of .doc, .docx, .docm, or .rtf
Microsoft Office Excel Documents with file extensions of .xls, .xlsx, or .xlsm
Microsoft Office PowerPoint documents with file extensions of .ppt, .pptx, or .pptm
PDF documents (.pdf)
PDF XML documents (.xpf)
ActiveMime
Archives (ZIP, BZIP, GZIP, RAR, TAR, LHA/LZH, XZ)