install.md 2.39 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
# Installation
Arne Øslebø's avatar
Arne Øslebø committed
2
3
4
5
6
7
8
9
10
11
12
13

The current version of SOCTools only runs on a single server. A fully distributed versiob will be released soon.

## Hardware requirements
* CPU: 8 cores
* Memory: 32GB (It is possible to run on less but it is not recommended)
* Disk: >30GB (This depends entirely on how much data you want to collect and how long you want to keep the data. For just testing SOCTools, 30GB is enough.)

## Prerequisites

* Minimal installation of CentOS7
* Install Ansible
14
  * `sudo yum -y install epel-release`  
Arne Øslebø's avatar
Arne Øslebø committed
15
  * `sudo yum -y install ansible git`
16
  * `sudo ansible-galaxy collection install ansible.posix`
Arne Øslebø's avatar
Arne Øslebø committed
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

## Clone SOCTools
* `git clone https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools.git`
* `cd soctools`

## Install SOCTools
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it points to the FQDN of the server.
* `vi group_vars/all/main.yml`  

If you want to use MaxMind GeoLite2 database for enrichment, add the license key to the variable 'maxmind_key'  
Users can be configured in the file group_vars/all/users.yml
* `vi group_vars/all/users.yml` 

Configure the server running SOCTools:
* `ansible-playbook -i inventories soctools_server.yml`  

Build the Docker images:
* `ansible-playbook -i inventories buildimages.yml`

Build SOCTools CA needed for service and user certificates:
Arne Øslebø's avatar
Arne Øslebø committed
37
38
* `ansible-playbook -i inventories buildca.yml`  
This playbook will generate some errors but this is normal as long as the playbook ignores them and finish without stopping. 
Arne Øslebø's avatar
Arne Øslebø committed
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

Start SOCTools:
* `ansible-playbook -i inventories soctools.yml -t start`

Stop SOCTools:
* `ansible-playbook -i inventories soctools.yml -t stop`

## Certificates
To access the web interfaces of the various services in SOCTools, you need to import the root certificate located in `secrets/CA/ca.crt`. For windows the CA certificate should be installed in the Trusted Root Certficiation Authorities store.  
User authentication is done using client certificates. A certificate is generated automatically for all users specified in the file `group_vars/all/users.yml`and can be found in the directory `secrets/certificates`. Passwords for the certificates can be fdound in the directory `secrets/passwords`

## Web interfaces
All Web interfaces of the various services are access by going to `https://<server name>:<port>/`using the following port numbers:
* 9443 - NiFi
* 5601 - Kibana
* 6443 - Misp
* 9000 - The Hive
* 9001 - Cortex
* 12443 - Keycloak