Cyber Security: SELKS Pertama Kali Login: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
First time setup: | First time setup: | ||
Non interactive, airgapped mode | ==Non interactive, airgapped mode== | ||
The below command will setup the selks installation: | The below command will setup the selks installation: | ||
* in non-interactive mode | * in non-interactive mode | ||
| Line 19: | Line 19: | ||
cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i tppdummy0 --iA --restart-mode always --es-memory 8G && docker-compose up -d | cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i tppdummy0 --iA --restart-mode always --es-memory 8G && docker-compose up -d | ||
atau kalau mau pakai interface operasional | atau kalau mau pakai interface operasional enp0s3 | ||
cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i enp0s3 --iA --restart-mode always --es-memory 8G && docker-compose up -d | cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i enp0s3 --iA --restart-mode always --es-memory 8G && docker-compose up -d | ||
Interactive with latest updated containers and software | ==Interactive with latest updated containers and software== | ||
* update/pull and install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer) | * update/pull and install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer) | ||
| Line 41: | Line 41: | ||
Setting up dummy interface | ==Setting up dummy interface== | ||
If you would not want to sniff on specific system interface and want to set up a dummy interface for sniffing to replay for example specific | If you would not want to sniff on specific system interface and want to set up a dummy interface for sniffing to replay for example specific | ||
pcap cases: | pcap cases: | ||
| Line 48: | Line 49: | ||
ip link add tppdummy0 type dummy && ip link set tppdummy0 up && ifconfig tppdummy0 mtu 1572 | ip link add tppdummy0 type dummy && ip link set tppdummy0 up && ifconfig tppdummy0 mtu 1572 | ||
==Mengatasi Error di Docker== | |||
Beberapa kali kejadian error saat kita menjalankan docker. Untuk mengatasinya kita dapat shutdown dan up kembali docker dengan perintah, | |||
docker-compose stop | |||
docker-compose down | |||
docker-compose up -d | |||
==Pranala Menarik== | |||
* [[Cyber Security]] | |||
Latest revision as of 05:57, 17 July 2023
It is always recommended to follow the latest docs:
https://github.com/StamusNetworks/SELKS/wiki
Please go to the end of the brief below for production setup considerations.
First time setup:
Non interactive, airgapped mode
The below command will setup the selks installation:
- in non-interactive mode
- install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer) without pulling anything from the internet
- use the interface tppdummy0 as sniffing interface
- use 8GB of RAM for Elasticsearch
- start up the installation (docker compose)
Examples:
cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i tppdummy0 --iA --restart-mode always --es-memory 8G && docker-compose up -d
atau kalau mau pakai interface operasional enp0s3
cd /opt/selksd/SELKS/docker/ && ./easy-setup.sh --non-interactive --no-pull-containers -i enp0s3 --iA --restart-mode always --es-memory 8G && docker-compose up -d
Interactive with latest updated containers and software
- update/pull and install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer)
- use the interface tppdummy0 as sniffing interface
- use 8GB of RAM for Elasticsearch, 1GB
- start up the installation (docker compose)
Example:
cd /opt/selksd/SELKS/docker/ docker-compose down git pull ./easy-setup.sh --iA --es-memory 8G docker-compose pull docker-compose up -d --force-recreate
Setting up dummy interface
If you would not want to sniff on specific system interface and want to set up a dummy interface for sniffing to replay for example specific
pcap cases:
Example:
ip link add tppdummy0 type dummy && ip link set tppdummy0 up && ifconfig tppdummy0 mtu 1572
Mengatasi Error di Docker
Beberapa kali kejadian error saat kita menjalankan docker. Untuk mengatasinya kita dapat shutdown dan up kembali docker dengan perintah,
docker-compose stop docker-compose down docker-compose up -d
