Difference between revisions of "Cyber Security: thehive install"

From OnnoWiki
Jump to navigation Jump to search
Line 160: Line 160:
 
Menggunakan
 
Menggunakan
  
  username admin
+
  username admin@thehive.local
password sesuai dengan /etc/thehive/secret.conf
+
  password secret
  password PxiESt3Vl5cQdtfv8KXuK1shGQwidKG9DQP25Os1DYAL9KDkTgu6SL8akgnhAH2
 
  
Use a dedicated server#
 
TheHive can be used on virtual or physical servers.
 
 
Our step-by-step guide let you prepare, install and configure TheHive and its prerequisites for Debian and RPM packages based Operating Systems, as well as for other systems and using our binary packages.
 
 
TheHive supports beeing installed in virtualized environments:
 
 
Using VMware
 
Using Proxmox  virtual machines or containers (lxc)
 
Use Docker #
 
An Official Docker image publicly available. Follow our installation guide for Docker to use it in production.
 
 
Use Kubernetes #
 
TheHive is now compatible with Kubernetes - follow the related guide here.
 
 
Configuration Guides#
 
The configuration files are stored in the /etc/thehive folder:
 
 
application.conf contains all parameters and options
 
logback.xml is dedicated to log management
 
/etc/thehive
 
├── application.conf
 
├── logback.xml
 
└── secret.conf
 
 
A separate secret.conf file is automatically created by DEB or RPM packages. This file contains a secret that should be used by one instance.
 
 
The configuration should only contain the necessary information to start the application:
 
 
database and indexing
 
File storage
 
Connectors enabled
 
Other service parameters
 
All other settings are available in the application WebUI.
 
  
  

Revision as of 07:32, 17 July 2023

Overview# Application StackTheHive can be deployed on a standalone server or as a cluster. The application relies on:

  • Apache Cassandra to store data (Supported version: 4.x).
  • Elasticsearch as indexing engine (Supported version: 7.x).
  • A file storage solution is also required ; the local filesystem of the server hosting the application is adequate in the standalone server scenario ; S3 MINIO otherwise.


Architecture# Each layer, TheHive application, the Database & index engine, and file storage, is independant and can be set up as a standalone node or cluster. As a result, TheHive could be setup and work in a complex clustered archicteture, using virtual IP addresses and load balancers.


Standalone server Cluster or hybrid architecture

Standalone server

All applications are installed on the same server.

  • Cassandra
  • Elasticsearch
  • Files are store on the filesystem (or MinIO if desired)

TheHive NGINX (optional): to manage HTTPS communications

Instructions included in the step-by-step installation guide ends up to install a standalone server.


Requirements# Hardware requirements depends on the number of concurrent users (including integrations) and how they use the system. The following table diplays safe thresholds when hosting all services on the same machine: 

Number of users	TheHive	Cassandra	ElasticSearch
 < 10	2  / 2 GB 	2  / 2 GB 	2  / 2 GB 
 < 20	2-4  / 4 GB 	2-4  / 4 GB 	2-4  / 4 GB 
 < 50	4-6  / 8 GB 	4-6  / 8 GB 	4-6  / 8 GB

Spec yang aman

  • 4 core CPU
  • 16 G RAM


Tip

If you are installing everything on the same server, we recommend at least 4 cores and 16 GB of RAM. And don't forget to set up jvm.options at least for Elasticsearch.

Operating systems# TheHive has been tested and is supported on the following operating systems:

  • Ubuntu 20.04 LTS & 22.04 LTS
  • Debian 11
  • RHEL 8
  • Fedora 35 & 37

StrangeBee also provides an official Docker image.

Installation guides# Too much in a hurry to read ?


If you are using one of the supported operating systems, use our all-in-one installation script: 

apt update
wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh

This script helps with the installation process on a fresh and supported OS ; the program also run successfully if the conditions in terms of hardware requirements are met.

Akan tampil pada layar, informasi berikut, 

TheHive & Cortex installation script, for Linux operating systems with DEB or RPM packages.
This script supports the installtion of TheHive on x86_64 and ARM servers, and Cortex on x86_64 only. 

Following install options are available:
  - Configure proxy settings
  - Install TheHive 5.1 (x86_64 or ARM)
  - Install Cortex (running Analyzers and Responders with Docker) (x86_64 only)
  - Install Cortex (running Analyzers and Responders on the host -- Not recommended, supported on Ubuntu and Debian ONLY) (x86_64 only)

This script has sucessfully been tested on freshly installed Operating Systems:
  - Fedora 35 & 37
  - RHEL 8.5
  - Ubuntu 20.04 LTS & 22.04 LTS
  - Debian 11

Requirements: 
  - 4vCPU
  - 16 GB of RAM

Usage:
 
   $ wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh

Maintained by: ©StrangeBee - https://www.strangebee.com

---

1) Setup proxy settings
2) Install TheHive
3) Install Cortex (run Neurons with docker)
4) Install Cortex (run Neurons locally)
5) Quit
Select an option:


Pilih no 2. Kita perlu menunggu beberapa jam sampai proses instalasi selesai.

Cek status 

systemctl status cassandra
systemctl status elasticsearch
systemctl status thehive

Pastikan semua kondisi active running.

Edit konfigurasi 

vi /etc/thehive/application.conf

Pastikan localhost:9000 diubah menjadi IP address:9000, misalnya, 

# Service configuration
# application.baseUrl = "http://localhost:9000"
# application.baseUrl = "http://0.0.0.0:9000"
application.baseUrl = "http://192.168.0.192:9000"
play.http.context = "/"

Restart cassandra, elasticsearch dan thehive 

systemctl restart cassandra
systemctl restart elasticsearch
systemctl restart thehive

Tunggu beberapa saat sampai thehive stabil dan sudah beroperasi pada port 9000. Cek menggunakan 

netstat -ntlp

Pastikan ada aplikasi yang beroperasi di port 9000 

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:35261         0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.1:9042          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      768/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:7000          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.1:7199          0.0.0.0:*               LISTEN      1230/java           
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      658/systemd-resolve 
tcp6       0      0 127.0.0.1:33621         :::*                    LISTEN      2292/java           
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      674/java            
tcp6       0      0 :::9000                 :::*                    LISTEN      2292/java           
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      674/java            
tcp6       0      0 :::22                   :::*                    LISTEN      768/sshd: /usr/sbin


Akses web Menggunakan 

http://ip-address-thehive:9000

Menggunakan 

username admin@thehive.local
password secret


Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cyber_Security:_thehive_install&oldid=69200"