美文网首页
Opencti的人工安装过程

Opencti的人工安装过程

作者: Threathunter | 来源:发表于2021-04-07 21:39 被阅读0次

    本安装过程的Linux版本为:ubuntu-20.04.2.0-desktop-amd64,效果图:

    worker alienvault connector

    一、依赖环境的安装

    1、 Node.js的安装

    wget https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-x64.tar.xz

    tar xf node-v14.16.0-linux-x64.tar.xz

    mv node-v14.16.0-linux-x64 node

    sudo ln -s /home/你的用户名/node/bin/node /usr/local/bin

    sudo ln -s /home/你的用户名/node/bin/npm /usr/local/bin

    node -v

    npm -v

    2、安装python3.8

    (1) 使用 Anaconda安装python3.8

    bash Anaconda3-2020.11-Linux-x86_64.sh

    安装完后键入python:

    Python 3.8.5 (default, Sep 4 2020, 07:30:14)

    [GCC 7.3.0] :: Anaconda, Inc. on linux

    Type "help", "copyright", "credits" or "license" for more information.

    (2)安装python3-pip,需要等待很长时间

    sudo apt-get install python3-pip

    备注:

    APT安装出错:

    E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 10260 (unattended-upgr)

    N: Be aware that removing the lock file is not a solution and may break your system.

    E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?

    解决方法:https://blog.csdn.net/qq_44657899/article/details/104571502

    (3)安装elasticsearch,需要等待很长时间

    sudo sysctl -w vm.max_map_count=1048575

    sudo apt-get install apt-transport-https

    echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

    sudo apt-get update && sudo apt-get install elasticsearch

    sudo systemctl start elasticsearch.service

    ps -aux |grep elasticsearch

    (4)安装minio

    wget https://dl.min.io/server/minio/release/linux-amd64/minio_20210326000041.0.0_amd64.deb

    dpkg -i minio_20210326000041.0.0_amd64.deb

    sudo MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password minio server /mnt/data

    (5)安装redis

    sudo add-apt-repository ppa:redislabs/redis

    sudo apt-get update

    sudo apt-get install redis

    启动redis服务器:redis-server  

    验证:

    ps -aux |grep redis

    redis      19339  0.3  0.0  69468  8976 ?        Ssl  18:17  0:00 /usr/bin/redis-server 127.0.0.1:6379

    (6)安装RabbitMQ

    https://www.rabbitmq.com/install-debian.html

    安装依赖关系

    sudo apt-get update -y

    sudo apt-get install curl gnupg debian-keyring debian-archive-keyring -y

    添加存储签署密钥

    curl -fsSL https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc | sudo apt-key add -

    sudo apt-key adv --keyserver"keyserver.ubuntu.com"--recv-keys"F77F1EDA57EBB1CC"

    wget-O -"https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey"|sudoapt-key add -

    sudo apt-key adv --keyserver"keyserver.ubuntu.com"--recv-keys"F6609E60DC62814E"

    开启HTTPS传输

    sudo apt-get install apt-transport-https

    添加源

    sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF

    > deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu focal main

    > deb-src http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu focal main

    > deb https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/ focal main

    > deb-src https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/ focal main

    > EOF

    安装erlang包

    sudo apt-get update -y

    sudo apt-get install -y erlang-base \

                            erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \

                            erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \

                            erlang-runtime-tools erlang-snmp erlang-ssl \

                            erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

    安装rabbitmq-server

    sudo apt-get install rabbitmq-server -y --fix-missing

    sudo apt-get install rabbitmq-server -y --fix-missing

    验证:

    ps -aux |grep rabbitmq

    rabbitmq  25805  2.2  0.4 1704048 79528 ?      Ssl  18:48  0:03 /usr/lib/erlang/erts-11.2/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -sbwt none -sbwtdcpu none -sbwtdio none -- -root /usr/lib/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa  -noshell -noinput -s rabbit boot -boot start_sasl -lager crash_log false -lager handlers []

    rabbitmq  25816  0.0  0.0  2504  1496 ?        Ss  18:48  0:00 erl_child_setup 32768

    rabbitmq  25842  0.0  0.0  6360  196 ?        S    18:48  0:00 /usr/lib/erlang/erts-11.2/bin/epmd -daemon

    rabbitmq  25861  0.0  0.0  3888  844 ?        Ss  18:48  0:00 inet_gethost 4

    rabbitmq  25862  0.0  0.0  3968  1772 ?        S    18:48  0:00 inet_gethost 4

    # 启用 rabbitmq_manager,参考:https://www.cnblogs.com/cnwcl/p/13796611.html

    cd /etc/rabbitmq

    sudo rabbitmq-plugins enable rabbitmq_management

    添加rabbitmq用户:

    # 添加用户

    sudo rabbitmqctl add_user  admin  admin 

    # 赋予权限

    sudo rabbitmqctl set_user_tags admin administrator

    # 赋予 virtual host 中所有资源的配置、写、读权限

    sudo rabbitmqctl  set_permissions -p / admin '.*' '.*' '.*'

    # 重启 rabbitmq

    service rabbitmq-server restart

    二 、安装opencti

    1、下载opencti

    wget -c https://github.com/OpenCTI-Platform/opencti/releases/download/4.3.5/opencti-release-4.3.5.tar.gz

    2、配置应用

    $ cd opencti

    $ cp config/default.json config/production.json

    admin": {

          "email": "admin@opencti.io",

          "password": "ChangeMe",

          "token": "ChangeMe"

    token使用https://www.uuidgenerator.net/生成的UUID4

    "minio": {

        "endpoint": "localhost",

        "port": 9000,

        "use_ssl": false,

        "access_key": "ChangeMe",

        "secret_key": "ChangeMe"

      }

    "rabbitmq": {

        "hostname": "localhost",

        "port": 5672,

        "port_management": 15672,

        "management_ssl": false,

        "username": "admin",

        "password": "admin"

      },

    更改相应的密码。

    3、安装相关的python

    $ cd src/python

    $ pip3 install -r requirements.txt

    $ cd ../..

    ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

    pip install --ignore-installed PyYAML

    4、安装yarn

    sudo npm install yarn -g

    启动opencti:

    /home/你的用户名/node/bin/yarn serv

    运行效果:

    yarn run v1.22.10

    $ node build/index.js

    {"version":"4.3.4","level":"info","message":"[OPENCTI] Starting platform","timestamp":"2021-04-04T12:43:39.029Z"}

    {"version":"4.3.4","level":"info","message":"[CHECK] ElasticSearch is alive","timestamp":"2021-04-04T12:43:39.241Z"}

    {"version":"4.3.4","level":"info","message":"[CHECK] Minio is alive","timestamp":"2021-04-04T12:43:39.252Z"}

    {"version":"4.3.4","level":"info","message":"[CHECK] RabbitMQ is alive","timestamp":"2021-04-04T12:43:39.293Z"}

    {"version":"4.3.4","level":"info","message":"[CHECK] Redis is alive","timestamp":"2021-04-04T12:43:39.296Z"}

    {"version":"4.3.4","level":"info","message":"[CHECK] Python3 is available","timestamp":"2021-04-04T12:43:39.596Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] New platform detected, initialization...","timestamp":"2021-04-04T12:43:39.676Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] Elasticsearch indexes loaded","timestamp":"2021-04-04T12:43:41.195Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] Creating migration structure","timestamp":"2021-04-04T12:43:41.195Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] Initialization of settings and basic elements","timestamp":"2021-04-04T12:43:41.555Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] Platform default initialized","timestamp":"2021-04-04T12:43:44.275Z"}

    {"version":"4.3.4","level":"info","message":"[INIT] admin user initialized","timestamp":"2021-04-04T12:43:45.138Z"}

    {"version":"4.3.4","level":"info","message":"[STREAM] Starting streaming processor","timestamp":"2021-04-04T12:43:46.107Z"}

    {"version":"4.3.4","level":"info","message":"[OPENCTI] Servers ready on port 4000","timestamp":"2021-04-04T12:43:46.109Z"}

    opencti的链接:http://localhost:4000

    一些bug:

    虚拟机断电后,文件系统变成只读文件了。

    解决方案:https://www.kafan.cn/edu/46111822.html

    sudo fsck / -y

    命令进行修复

    5、安装worker

    $ cd worker

    $ pip3 install -r requirements.txt

    # 添加opencti的url连接和admin_token

    $ cp config.yml.sample config.yml

    启动多个worker:

    $ python3 worker.py &

    $ python3 worker.py &

    6、安装connector

    git clone https://github.com/OpenCTI-Platform/connectors

    进入任何一个连接器的目录,修改config.yml.sample,添加opencti的url和admin token,以及连接器的uuidv4和相关的配置项。

    以alienvault为例:

    opencti:

      url: 'http://localhost:4000'

      token: '1938cxxc-ab2c-4857-877e-43198e6858f1'

    connector:

      id: 'a33f54d7-d6xx-41c9-8fff-f64da4ef5570'

      type: 'EXTERNAL_IMPORT'

      name: 'AlienVault'

      scope: 'alienvault'

      confidence_level: 15 # From 0 (Unknown) to 100 (Fully trusted)

      update_existing_data: false

      log_level: 'info'

    alienvault:

      base_url: 'https://otx.alienvault.com'

      api_key: 'xx87xxcf1e877f8512xx3a9a184xxb6xx2342axx77ba728xxc95125fc75907xx'

      tlp: 'White'

      create_observables: true

      create_indicators: true

      pulse_start_timestamp: '2020-05-01T00:00:00'  # ISO 8601

      report_type: 'threat-report'

      report_status: 'New'                                          # New, In progress, Analyzed and Closed

      guess_malware: false                                          # Use tags to guess malware

      guess_cve: false                                              # Use tags to guess CVE

      excluded_pulse_indicator_types: 'FileHash-MD5,FileHash-SHA1'  # Excluded Pulse indicator types

      interval_sec: 1800                                            # Seconds

    修改黑色文字。

    相关文章

      网友评论

          本文标题:Opencti的人工安装过程

          本文链接:https://www.haomeiwen.com/subject/kpjlkltx.html