Skip to content

Ubuntu14LTS

Jump to bottom
Wes edited this page Nov 17, 2016 · 17 revisions

EasyButton - SQLite

$ tar -zxvf cif-3.X.X.tar.gz
$ cd cif-3.X.X
$ sudo bash deployment/easybutton.sh
$ sudo service csirtg-smrt stop
$ sudo su - cif
$ csirtg-smrt --client cif --fireball -r /etc/cif/rules/default/csirtg.yml -f port-scanners -d
$ cif --itype ipv4
$ cif-tokens
$ sudo service csirtg-smrt start

EasyButton - Elasticsearch

$ tar -zxvf cif-3.X.X.tar.gz
$ cd cif-3.X.X/deployment/ubuntu14
$ sudo bash bootstrap_elasticsearch.sh
$ sudo su - cif
$ csirtg-smrt --client cif --fireball -r /etc/cif/rules/default/csirtg.yml -f port-scanners -d
$ cif --itype ipv4
$ cif-tokens

Vagrant - SQLite

$ tar -zxvf cif-3.X.X.tar.gz
$ cd cif-3.X.X
$ vagrant up && vagrant ssh
$ workon cif && cd /vagrant
$ mkdir -p log && cp hacking/develop.conf hacking/local.conf
$ cif-store -d --token-create-admin cif.yml
$ cif-store -d --token-create-hunter cif-router.yml
$ cif-store -d --token-create-smrt csirtg-smrt.yml
$ supervisord -c hacking/local.conf

$ workon cif && cif -d -p # new window
$ csirtg-smrt --client cif --fireball --config csirtg-smrt.yml -r rules/default/csirtg.yml -d
$ cif --itype ipv4

Vagrant - ElasticSearch

$ tar -zxvf cif-3.X.X.tar.gz
$ cd cif-3.X.X
$ export VAGRANT_VAGRANTFILE=Vagrantfile_es
$ vagrant up && vagrant ssh
$ workon cif && cd /vagrant
$ mkdir -p log && cp hacking/develop.conf hacking/local.conf
$ cif-store -d --token-create-admin cif.yml
$ cif-store -d --token-create-hunter cif-router.yml
$ cif-store -d --token-create-smrt csirtg-smrt.yml
$ supervisord -c hacking/local.conf

$ workon cif && cif -d -p # new window
$ csirtg-smrt --client cif --fireball --config csirtg-smrt.yml -r rules/default/csirtg.yml -d
$ cif --itype ipv4

Amazon Web Services

  1. install ansible and aws via pip
$ pip install awscli awsebcli ansible>=2.0
  1. make sure ~/.aws/credentials is configured properly with a default profile
[default]
region = 'us-east-1'
aws_access_key_id = XXXXXXXX
aws_secret_access_key = XXXXXXXX
  1. copy deployment/ubuntu14/aws.yml.example to deployment/ubuntu14/aws.yml and fill in the variables with your VPC information
$ tar -zxvf cif-3.X.X.tar.gz
$ cd cif-3.X.X
$ cp deployment/ubuntu14/aws.yml.example deployment/ubuntu14/aws.yml
  1. execute ansible, takes ~10m to complete..
$ cd deployment/ubuntu14
$ ansible-playbook aws.yml -vv
Clone this wiki locally