LimaCharlie是一个开源的EDR(终端安全响应系统),其官网介绍如下:
LimaCharlie supplies all the tools to run an MSSP or SOC as well as providing API’s that allow users to build and monetize their own products.
LimaCharlie提供运行MSSP或SOC的所有工具,并提供API,允许用户构建自己的产品并将其变现。
环境
- Ubuntu 18.04
前期准备
-
注册账号
首先,在官网注册账号并登录 -
创建组织,数据中心随便选一个就行,第二个也可以随便填
创建组织
-
点击刚刚输入的组织名称进入:
进入组织
-
点击左侧
Install sensors,在右侧界面点击create installation key按钮创建installation key:
创建installation key
-
输入框随便输就行,点击
create创建:
创建key
-
key如图所示,其中的
sensor key即为等会安装需要的参数,点击按钮即可复制:
installation key
依赖获取
运行以下命令即可(记住运行该命令的路径,后续安装需要):
#! /bin/bash
# Create a directory where the install will live.
mkdir lc_sensor
# Set the permissions on the directory to be limited to root.
chown root:root ./lc_sensor
chmod 700 ./lc_sensor
# Installer the sensor from within the directory to it install to the CWD.
cd lc_sensor
# Use an environment variable containing the Installation Key.
# Write it to a temporary file to limit the exposure of the key.
echo $LC_SENSOR_INSTALLATION_KEY > lc_installation_key.txt
# Fetch the latest sensor installer from limacharlie.io.
wget -O lc_sensor_64 https://app.limacharlie.io/get/linux/alpine64
# Limit permissions to the sensor.
# Run the sensor.
chmod 500 ./lc_sensor_64
./lc_sensor_64 -d - > /dev/null 2>&1 &
# Remove the Installation Key from the environment.
unset LC_SENSOR_INSTALLATION_KEY
# We started the sensor detached, so we give it a few seconds to read
# the Installation Key we put on disk before deleting it.
sleep 2
rm lc_installation_key.txt
cd ..
安装
下载安装脚本
到其GitHub仓库下载安装脚本,其中的lc_linux_installer.sh即为等会需要安装运行的脚本
运行安装脚本
首先,赋予脚本权限:
sudo chmod -R 777 lc_linux_installer.sh
进入到root用户下:
sudo su
输入命令运行脚本,其中第二个参数为刚刚获取的依赖的地址,第三个参数为之前获取的installation key:
sudo ./lc_linux_installer.sh ./lc_sensor/lc_sensor_64 AAAABgAAA...
安装完成:
安装完成
网友评论