You need virtual machine with following minimal configuration:
You need a virtual machine with the following minimal configuration:
* CPU: 8 cores
* Memory: 32GB
* Disk: 40GB
* Disk: 40GB
Software requirements are following:
* Minimal installation of CentOS7
* Set hostname for your Virtual Machine and create corresponding DNS record (will be needed later)
* Set a hostname for your Virtual Machine and create corresponding DNS record (will be needed later)
* Install Ansible
*`sudo yum -y install epel-release`
*`sudo yum -y install ansible git`
...
...
@@ -26,33 +26,33 @@ The configuration script will guide you through the quick start process
`./configure.sh`
First you need to fill in configuration file `access.ips`, which contains IP addresses and Networks that will be used to build access lists for services accessible from outside. By default, all services except OPENSEARCH are public!
First you need to fill in configuration file `access.ips`, which contains IP addresses and networks that will be used to build access lists for services accessible from outside. By default, all services except OPENSEARCH are public!
- If you want to skip over access list creation process and use default access list, on "Do you want to modify/edit this file now?", press [Enter] or type no and press [Enter]
Next, we are going to set Fully Qualified Domain Name (FQDN) for your SOCTools server. Tools will be accessed by using https://[FQDN]:[port]
Next, we are going to set Fully Qualified Domain Name (FQDN) for your SOCTools server. Tools will be accessed by using https://[FQDN]:[port]/
- On "set FQDN which will be used to access the soctools services (the DNS record should already be in place.)", you should already have set up hostname and DNS record, so type it here and press [Enter]
We also need the name of your chosen domain in the last step.
We also need the name of your organization in the last step.
- On "Name of your organization (it will be used as organization name in MISP, The Hive and Cortex)", type the name of your organization and press [Enter]
Following questions help us prepare your username and certificates that will be used to access various Tools in SOCTools. It also configures these parameters in `group_vars/all/variables.yml`. You should enter only one user account, and create all other user accounts by using Web Management GUI.
The following questions help us prepare your username and certificates that will be used to access various tools in SOCTools. It also configures these parameters in `group_vars/all/variables.yml`. You should enter only one user account, other accounts can be created later by using User Management Web GUI.
- On "username:" type the username you want to use and press [Enter]
- On "firstame:" type your name and press [Enter]
- On "lastname:" type your surname and press [Enter]
- On "email:" type the email you will be using and press [Enter]
Next few steps will help configure STMP account used by Web Management GUI to send information to newly created users. For testing purposes it may be left empty. We recommend using specifically made email address for this purpose.
In the next steps you can configure SMTP connection used by the User Management Web GUI to send emails to newly created users. For testing purposes it may be left empty. If password is set, it is stored in clear in a configuration file, so if anyone else has access to the server, we recommend to either use a special password just for this purpose, or use unauthenticated access, if possible.
- On "host:" type the FQDN of your SMTP server and press [Enter]
- On "sender:" type type the email address that will be used as the sender and press [Enter]
- On "sender:" type the email address that will be used as the sender and press [Enter]
- On "username:" type the user account (smtp username) and press [Enter]
- On "password:" type the password for the user account you will be using and press [Enter]
After entering this information, you will be prompted if all of the entered information is correct:
After entering this information, you will be prompted if all the entered information is correct:
- On "Correct? type 'yes' or 'no':", type yes and press [Enter]
...
...
@@ -64,7 +64,7 @@ After entering 'yes' and pressing [Enter], following files and folders will be m
-`group_vars/all/variables.yml`
-`roles/haproxy/files/`
Also, firstame, lastname, and username will be used in the future step, while building CA and certificates for user access
Also, firstame, lastname, and username will be used in the future step, while building CA and certificates for user access.
...
...
@@ -77,11 +77,12 @@ Following commands will let you configure the host, build docker images and buil
This playbook will generate some errors but this is normal as long as the playbook ignores them and finish without stopping. After the last step you can download and install certificates, doing following steps:
* Download and import the root certificate located in secrets/CA/ca.crt (On windows the CA certificate should be installed in the Trusted Root Certficiation Authorities store)
* Download and import in the browseer user certificate (for the user you have created) found in the directory secrets/certificates. To import user certificate, you will need password find in the directory secrets/passwords
This playbook will generate some errors but this is normal as long as the playbook ignores them and finishes without stopping.
After the last step you should download and install certificates to your OS or browser:
* Download and import the root certificate located in `secrets/CA/ca.crt` (On windows the CA certificate should be installed in the Trusted Root Certification Authorities store)
* Download and import the user certificate (for the user you have created) found in the directory `secrets/certificates`. To import the user certificate, you will need a password found in the directory `secrets/passwords`
At last you can start SOCTools containers and initialize them using you configuration:
At last, you can start SOCTools containers and initialize them using you configuration:
