Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

TheHiveDocs / installation / install-guide.md To-om Update Elasticsearch config

TheHiveDocs / installation / install-guide.md To-om Update Elasticsearch config for docker 6d76f99 on 27 Apr 7 contributors 585 lines (435 sloc) 23.4 KB Installation Guide Before installing TheHive, you need to choose the installation option which suits your environment as described below. Once you have a chosen an option and installed the software, read the Configuration Guide. We also advise reading the Administration Guide. Table of Contents Installation Options RPM DEB Docker Binary Build it Yourself Elasticsearch Installation System Package Start the Service Elasticsearch inside a Docker Blame TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 1 de 18 19/6/2020 12:22:a.m. Installation Options TheHive is available as: an RPM package a DEB package a Docker image a binary package In addition, TheHive can be also be built from the source code. RPM RPM packages are published on a Bintray repository. All packages are signed using our GPG key 562CBC1C. Its fingerprint is: 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C First install the RPM release package: yum install https://dl.bintray.com/thehive-project/rpm-stable/thehive-project-release-1.1.0 This will install TheHive Project's repository in /etc/yum.repos.d/thehive- rpm.repo and the corresponding GPG public key in /etc/pki/rpm-gpg/GPG- TheHive-Project . Then you will able to install the package using yum : yum install thehive Once the package is installed, proceed to the configuration using the Configuration Guide. For additional configuration options, please refer to the Administration Guide. Pre-release versions TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 2 de 18 19/6/2020 12:22:a.m. The RPM release package installs two repositories: thehive-project-stable and thehive-project-beta . The latter contains pre-release, beta versions and is disabled by default. If you want to install them and help us find bugs to the benefit of the whole community, you can enable it by editing /etc/yum.repos.d /thehive-rpm.repo and set enable value to 1 for thehive-project-beta repository. DEB Debian packages are published on a Bintray repository. All packages are signed using our GPG key 562CBC1C. Its fingerprint is: 0CD5 AC59 DE5C 5A8E 0EE1 3849 3D99 BB18 562C BC1C To install the x Debian package, use the following commands: echo 'deb https://dl.bintray.com/thehive-project/debian-stable any main' | sudo tee -a /etc sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-key 562CBC1C sudo apt-get update sudo apt-get install thehive Some environments may block access to the pgp.mit.edu key server. As a result, the command sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-key 562CBC1C will fail. In that case, you can run the following command instead: curl https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP- PUBLIC-KEY | sudo apt-key add - Once the package is installed, proceed to the configuration using the Configuration Guide. For additional configuration options, please refer to the Administration Guide. Pre-release versions If you want to install pre-release, beta versions of TheHive packages and help us find bugs to the benefit of the whole community, you can add the pre-release repository with the command: echo 'deb https://dl.bintray.com/thehive-project/debian-beta any main' | sudo tee -a /etc/a Docker TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 3 de 18 19/6/2020 12:22:a.m. To use the Docker image, you must use Docker (courtesy of Captain Obvious). TheHive requires Elasticsearch to run. You can use docker-compose to start them together in Docker or install and configure Elasticsearch manually. Use Docker-compose Docker-compose can start multiple dockers and link them together. The following docker-compose.yml file starts Elasticsearch and TheHive: version: "2" services: elasticsearch: image: elasticsearch:6.8.8 environment: - http.host=0.0.0.0 - discovery.type=single-node ulimits: nofile: soft: 65536 hard: 65536 cortex: image: thehiveproject/cortex:latest depends_on: - elasticsearch ports: - "0.0.0.0:9001:9001" thehive: image: thehiveproject/thehive:latest depends_on: - elasticsearch - cortex ports: - "0.0.0.0:9000:9000" command: --cortex-port 9001 Put this file in an empty folder and run docker-compose up . TheHive is exposed on 9000/tcp port and Cortex on 9001/tcp. These ports can be changed by modifying the docker-compose file. You can specify a custom TheHive configuration file ( application.conf ) by adding the following lines in the thehive section of your docker-compose file: volumes: TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 4 de 18 19/6/2020 12:22:a.m. - /path/to/application.conf:/etc/thehive/application.conf To take effect, be sure that: '/path/to/application.conf' is readable for the user who runs the docker daemon (typically 644) you specified command: --no-config in your docker-compose.yml file You should define where the data (i.e. the Elasticsearch database) will be located on your operating system by adding the following lines in the elasticsearch section of your docker-compose file: volumes: - /path/to/data:/usr/share/elasticsearch/data Running ElasticSearch in production mode requires a minimum vm.max_map_count of 262144. ElasticSearch documentation provides instructions on how to query and change this value. If you want to make Cortex be available on TheHive, you must create an account on Cortex, define an API key for it and provide that key to TheHive container using parameter --cortex-key or environment TH_CORTEX_KEY . Manual Installation of Elasticsearch Elasticsearch can be installed on the same server as TheHive or on a different one. You can then configure TheHive according to the documentation and run TheHive docker as follow: docker run --volume /path/to/thehive/application.conf:/etc/thehive/application.conf thehive You can add the --publish docker option to expose TheHive HTTP service. Customize the Docker Image By default, the TheHive Docker image has minimal configuration: choose a random secret ( play.http.secret.key ) search for the Elasticsearch instance (host named elasticsearch ) and add it to configuration TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 5 de 18 19/6/2020 12:22:a.m. search for a Cortex instance (host named cortex ) and add it to configuration This behavior can be disabled by adding --no-config to the Docker command line: docker run thehiveproject/thehive:latest --no-config Or by adding the line command: --no-config in the thehive section of docker- compose file. It is possible to start database migration at startup with the parameter --auto- migration . If the initial administrator doesn't exist yet, you can request its creation with --create-admin followed by the user login and its password. You can also create a normal user with --create-user followed by the user login and its roles and its password. The image accepts more options. All options are available using environment variables. For boolean variable, 1 means true and other value means false. For multivalued variables, values are separated by coma. This is possible only with --create-admin . Option Env variable Description --no- config TH_NO_CONFIG Do not try to configure TheHive (add the secr and Elasticsearch) --no- config- secret TH_NO_CONFIG_SECRET Do not add the random secret to the configuration --secret <secret> TH_SECRET Cryptographic secret needed to secure sessio --show- secret TH_SHOW_SECRET Show the generated secret --no- config-es TH_NO_CONFIG_ES Do not add the Elasticsearch hosts to configuration --es-uri <uri> TH_CONFIG_ES Use this string to configure elasticsearch host (format: http(s)://host:port,host:port(/prefix)?querystrin TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 6 de 18 19/6/2020 12:22:a.m. Option Env variable Description --es- hostname <host> TH_ES_HOSTNAME Resolve this hostname to find Elasticsearch instances --no- config- cortex TH_NO_CONFIG_CORTEX Do not add Cortex configuration --cortex- proto <proto> TH_CORTEX_PROTO Define the protocol to connect to Cortex (default: http ) --cortex- port <port> TH_CORTEX_PORT Define the port to connect to Cortex (default: 9001 ) --cortex- url <url> TH_CORTEX_URL Add the Cortex connection --cortex- hostname <host> TH_CORTEX_HOSTNAME Resolve this hostname to find the Cortex instance --cortex- key <key> TH_CORTEX_KEY Define Cortex key --auto- migration TH_AUTO_MIGRATION Migrate the database, if needed --create- admin <user> <password TH_CREATE_ADMIN_LOGIN TH_CREATE_ADMIN_PASSWORD Create the first admin user, if not exist yet --create- user <user> <role> <password> TH_CREATE_USER_LOGIN TH_CREATE_USER_ROLE TH_CREATE_USER_PASSWORD Create a user, only in conjunction with admin creation Note: please remember that you must install and configure Elasticsearch. TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 7 de 18 19/6/2020 12:22:a.m. What to Do Next? Once the Docker image is up and running, proceed to the configuration using the Configuration Guide. For additional configuration options, please refer to the Administration Guide. Pre-release Versions If you would like to use pre-release, beta versions of our Docker images and help us find bugs to the benefit of the whole community, please use thehiveproject/thehive:version-RCx . For example thehiveproject/thehive:3.1.0-RC1 . Binary The following section contains the instructions to manually install TheHive using binaries on Ubuntu 18.04 LTS. 1. Minimal Ubuntu Installation Install a minimal Ubuntu 18.04 system with the following software: Java runtime environment 1.8+ (JRE) Elasticsearch 5.x Make sure your system is up-to-date: sudo apt-get update sudo apt-get upgrade 2. Install a Java Virtual Machine You can install either Oracle Java or OpenJDK. The latter is recommended. sudo apt-get install openjdk-11-jre-headless 3. Install Elasticsearch To install Elasticsearch, please read the Elasticsearch Installation section below. 4. Install TheHive TheHiveDocs/install-guide.md at master · TheHive-Project/TheHiveDocs... https://github.com/TheHive-Project/TheHiveDocs/blob/master/installatio... 8 de 18 19/6/2020 12:22:a.m. Binary packages can be downloaded from Bintray. The latest version is called thehive-latest.zip. Download and unzip the chosen binary package. TheHive files can be installed wherever you want on the filesystem. In this guide, we assume you have chosen to install them under /opt . cd /opt wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip unzip thehive-latest.zip ln -s thehive-x.x.x thehive Note: if you would like to use pre-release, beta versions of and help us find bugs to the benefit of the whole community, please download https://dl.bintray.com/thehive-project/binary/thehive-version-RCx.zip . For example https://dl.bintray.com/thehive-project/binary/thehive-3.1.0- RC1.zip . 5. First start It is recommended to use a dedicated, non-privileged user account to start TheHive. If so, make sure that the chosen account can create log uploads/s1/ installation-guide 21 .pdf