install.md 3.03 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
# Installation
Arne Øslebø's avatar
Arne Øslebø committed
2
3
4
5
6
7
8
9
10
11
12
13

The current version of SOCTools only runs on a single server. A fully distributed versiob will be released soon.

## Hardware requirements
* CPU: 8 cores
* Memory: 32GB (It is possible to run on less but it is not recommended)
* Disk: >30GB (This depends entirely on how much data you want to collect and how long you want to keep the data. For just testing SOCTools, 30GB is enough.)

## Prerequisites

* Minimal installation of CentOS7
* Install Ansible
14
  * `sudo yum -y install epel-release`  
Arne Øslebø's avatar
Arne Øslebø committed
15
  * `sudo yum -y install ansible git`
16
  * `sudo ansible-galaxy collection install ansible.posix`
Arne Øslebø's avatar
Arne Øslebø committed
17

Arne Øslebø's avatar
Arne Øslebø committed
18
19
20
21
22
23
24
## Download SOCTools
* Download latest release from `https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools/-/releases`
* Unpack downloaded release
* `cd soctools`

To test the development version you can clone the repository instead of downloading the latest release:  
* git clone https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools.git
Arne Øslebø's avatar
Arne Øslebø committed
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
* `cd soctools`

## Install SOCTools
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it points to the FQDN of the server.
* `vi group_vars/all/main.yml`  

If you want to use MaxMind GeoLite2 database for enrichment, add the license key to the variable 'maxmind_key'  
Users can be configured in the file group_vars/all/users.yml
* `vi group_vars/all/users.yml` 

Configure the server running SOCTools:
* `ansible-playbook -i inventories soctools_server.yml`  

Build the Docker images:
* `ansible-playbook -i inventories buildimages.yml`

Build SOCTools CA needed for service and user certificates:
Arne Øslebø's avatar
Arne Øslebø committed
42
43
* `ansible-playbook -i inventories buildca.yml`  
This playbook will generate some errors but this is normal as long as the playbook ignores them and finish without stopping. 
Arne Øslebø's avatar
Arne Øslebø committed
44
45
46
47
48
49
50

Start SOCTools:
* `ansible-playbook -i inventories soctools.yml -t start`

Stop SOCTools:
* `ansible-playbook -i inventories soctools.yml -t stop`

Arne Øslebø's avatar
Arne Øslebø committed
51
52
53
## Errors building SOCTools
If there are any errors during building of SOCTools then it is often best to start from the top. The easiest way is to delete any existing Docker images that are already built and then restart the installation. To prune existing Docker images run `docker system prune -a`. This command will delete all images so it assumes that SOCTools is the only service running on the server.

Arne Øslebø's avatar
Arne Øslebø committed
54
55
56
57
58
59
60
61
62
63
64
65
## Certificates
To access the web interfaces of the various services in SOCTools, you need to import the root certificate located in `secrets/CA/ca.crt`. For windows the CA certificate should be installed in the Trusted Root Certficiation Authorities store.  
User authentication is done using client certificates. A certificate is generated automatically for all users specified in the file `group_vars/all/users.yml`and can be found in the directory `secrets/certificates`. Passwords for the certificates can be fdound in the directory `secrets/passwords`

## Web interfaces
All Web interfaces of the various services are access by going to `https://<server name>:<port>/`using the following port numbers:
* 9443 - NiFi
* 5601 - Kibana
* 6443 - Misp
* 9000 - The Hive
* 9001 - Cortex
* 12443 - Keycloak