Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • opensearch
  • master-wo-opendistro-plugins
  • dev-bartos
  • tag-modification
  • java-upgrade
  • ports
  • nifi-update
  • kiril.kjiroski-master-patch-71888
  • user-mgmt-ui
  • interactive
  • cluster-support
  • dev5
  • dev4
  • dev02
  • dev01b
  • dev1
  • dev3
  • dev2
  • v1.0
  • v0.7
21 results
Blame Permalink
quickstart.md 4.71 KiB

Hardware and software requirements

You need virtual machine with following minimal configuration:

  • CPU: 8 cores
  • Memory: 32GB
  • Disk: 40GB

Software requirements are following:

  • Minimal installation of CentOS7
  • Set hostname for your Virtual Machine and create corresponding DNS record (will be needed later)
  • Install Ansible
    • sudo yum -y install epel-release
    • sudo yum -y install ansible git
    • sudo ansible-galaxy collection install ansible.posix

Download SOCTools and prepare installation configuration

Download the current version using:

git clone --recurse-submodules https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools.git

cd soctools

The configuration script will guide you through the quick start process

./configure.sh

First you need to fill in configuration file access.ips, which contains IP addresses and Networks that will be used to build access lists for services accessible from outside. By default, all services except OPENSEARCH are public!

  • If you want to skip over access list creation process and use default access list, on "Do you want to modify/edit this file now?", press [Enter] or type no and press [Enter]

Next, we are going to set Fully Qualified Domain Name (FQDN) for your SOCTools server. Tools will be accessed by using https://[FQDN]:[port]

  • On "set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)" you should already have set up hostname and DNS record, so type it here and press [Enter]

We also need the name of your chosen domain in the last step.

  • On "Name of your organization (it will be used as organization name in MISP, The Hive and Cortex)", type the name of your organization and press [Enter]

Following questions help us prepare your username and certificates that will be used to access various Tools in SOCTools. It also configures these parameters in group_vars/all/variables.yml. You should enter only one user account, and create all other user accounts by using Web Management GUI.

  • On "username:" type the username you want to use and press [Enter]
  • On "firstame:" type your name and press [Enter]
  • On "lastname:" type your surname and press [Enter]
  • On "email:" type the email you will be using and press [Enter]

Next few steps will help configure STMP account used by Web Management GUI to send information to newly created users. For testing purposes it may be left empty. We recommend using specifically made email address for this purpose.

  • On "host:" type the FQDN of your SMTP server and press [Enter]
  • On "sender:" type type the email address that will be used as the sender and press [Enter]
  • On "username:" type the user account (smtp username) and press [Enter]
  • On "password:" type the password for the user account you will be using and press [Enter]

After entering this information, you will be prompted if all of the entered information is correct:

  • On "Correct? type 'yes' or 'no':", type yes and press [Enter]

IMPORTANT: If you enter 'no', the configuration will exit without making any changes, and you will have to start the process from the beginning.

After entering 'yes' and pressing [Enter], following files and folders will be modified:

  • access.ips
  • group_vars/all/variables.yml
  • roles/haproxy/files/

Also, firstame, lastname, and username will be used in the future step, while building CA and certificates for user access

Install and try SOCTools

Following commands will let you configure the host, build docker images and build CA for service and user certificates:

  • ansible-playbook -i inventories soctools_server.yml
  • ansible-playbook -i inventories buildimages.yml
  • ansible-playbook -i inventories buildca.yml

This playbook will generate some errors but this is normal as long as the playbook ignores them and finish without stopping. After the last step you can download and install certificates, doing following steps:

  • Download and import the root certificate located in secrets/CA/ca.crt (On windows the CA certificate should be installed in the Trusted Root Certficiation Authorities store)
  • Download and import in the browseer user certificate (for the user you have created) found in the directory secrets/certificates. To import user certificate, you will need password find in the directory secrets/passwords

At last you can start SOCTools containers and initialize them using you configuration:

  • ansible-playbook -i inventories soctools.yml -t start-docker-containers
  • ansible-playbook -i inventories soctools.yml -t init

After the whole process is finished, SOCTools can be accessed by going to https://:/ using the following port numbers:

  • 9443 - NiFi
  • 5601 - Kibana
  • 6443 - Misp
  • 9000 - The Hive
  • 9001 - Cortex
  • 12443 - Keycloak