Appliance installation


Note

  • The instruction is based on installation script that includes code for install docker images Alertflex applications and open-source third-party software.
  • You run the script and use installed software on own risk without WARRANTY. Please, before start of installation, check out licenses and term of use for open source third-party software. References to licences are listed in chapter “Copyright notices” of this manual.
  • Alertlex Management console and Worker are built with commercial third-party libraries and require confirmation EULA (end-user license agreement) during post-install configuration.

System requirements

The installation instruction was tested on a stand-alone server/virtual machine with installed Ubuntu version 16.04, Centos 7 and Amazon Linux 2. Memory should be not less 4GB


Pre-installation

Appliance components are running as docker containers, so a docker package should be installed on the server. For downloading installations files also need to install a git package. Below, just example installation of docker and git on Ubuntu:

sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io git

The appliance should be reachable for remote components of the solution via hostname (see file /etc/hosts or DNS service). Next TCP/UDP ports should be open for interaction between appliance components. Internal ports belong to a docker network inside of the host:

port application type
3306 MySQL clients
8080 Payara AS web
8161 ActiveMQ admin ui
55000 Wazuh altprobe
61613 ActiveMQ logstash
61616 ActiveMQ altprobe

External ports should be visible from other hosts:

port application type
22 SSH admin
80 HTTP web
443 SSL web
1514/udp Wazuh agents
4848 Payara AS admin ui
5044 Logstash beats
6379 Redis altprobe
8443 MISP admin ui
9000 Portainer admin ui
61617 ActiveMQ altprobe

Installation

  • Login to the appliance and download installation files
git clone git://github.com/olegzhr/appliance.git
cd ./appliance
  • Fill in appliance specific parameters in file env.sh, as an example configuration, please, use file env_example.sh in the installation directory
  • Start installation
chmod u+x install.sh
./install.sh
  • Check that installation has been completed successfully
sudo docker ps
CONTAINER ID        IMAGE                   STATUS              NAMES
9abbb259f34d        alertflex/logstash      Up 16 minutes       logstash
1e98fce8e4b9        alertflex/altprobe      Up 17 minutes       altprobe
26fd94355c30        alertflex/wazuh         Up 18 minutes       wazuh
8a3024d34147        redis                   Up 21 minutes       redis
d35cb99061a6        rmohr/activemq:5.15.9   Up 21 minutes       activemq
3ad566919198        nginx                   Up 21 minutes       nginx
cba28f8f2828        alertflex/misp          Up 21 minutes       misp
52d72e082e3f        alertflex/cnode         Up 28 minutes       cnode
1189e0d3f5d4        mysql:5.7.27            Up 30 minutes       mysql