Install OwlH - all-in-one¶
Choose your platform:¶
Linux Distribution | Repository |
CentOS 7 | |
Debian/Ubuntu | |
Raspbidian | |
Download OwlHInstaller:¶
Please be sure you choose the right repo
# cd /tmp
# wget
# mkdir owlhinstaller
# tar -C /tmp/owlhinstaller/ -xf /tmp/owlhinstaller.tar.gz
# cd /tmp
# wget
# mkdir owlhinstaller
# tar -C /tmp/owlhinstaller/ -xf /tmp/owlhinstaller.tar.gz
Verify OwlH Installer configuration:¶
Verify your owlhinstaller configuration file for repository, action and targets.
configuration file: /tmp/owlhinstaller/config.json
"action": "install", <<< this should be install
"repourl":"", <<< be sure to us the right repository
"target": [
"owlhmaster", /
"owlhnode", < As we want to install an AIO
"owlhui" \
"action": "install", <<< this should be install
"repourl":"", <<< be sure to us the right repository
"target": [
"owlhmaster", /
"owlhnode", < As we want to install an AIO
"owlhui" \
Run OwlH Installer:¶
run owlh installer
# cd /tmp/owlhinstaller
# ./owlhinstaller
After executed you should and output like this:
2020/11/24 08:21:31.095 [I] OwlH Installer - v0.17.2.20201031 2020/11/24 08:21:31.112 [I] Downloading to /tmp/current.version 2020/11/24 08:21:31.112 [I] == MASTER == 2020/11/24 08:21:31.112 [I] PRESCRIPTS - MASTER -> owlhmasterprescripts/ 2020/11/24 08:21:31.112 [I] Master INSTALL 2020/11/24 08:21:31.112 [I] Downloading New Software 2020/11/24 08:21:31.701 [I] ManageMaster Stopping the service 2020/11/24 08:21:31.701 [I] owlhmaster systemd stopping... 2020/11/24 08:21:31.711 [I] ManageMaster Copying files from download 2020/11/24 08:21:31.711 [I] SRC: /tmp/owlhmaster/owlhmaster -- DST: /usr/local/owlh/src/owlhmaster/owlhmaster 2020/11/24 08:21:32.020 [I] ManageMaster Installing service... 2020/11/24 08:21:32.193 [I] ManageMaster Copying current.version... 2020/11/24 08:21:32.193 [I] SRC: /tmp/current.version -- DST: /usr/local/owlh/src/owlhmaster/conf/current.version 2020/11/24 08:21:32.195 [I] ManageMaster Launching service... 2020/11/24 08:21:32.195 [I] owlhmaster systemd starting... 2020/11/24 08:21:32.220 [I] ManageMaster Done! 2020/11/24 08:21:32.220 [I] POSTSCRIPTS - MASTER -> owlhmasterpostscripts/ 2020/11/24 08:21:32.235 [I] Files removed for owlhmaster successfully! 2020/11/24 08:21:32.235 [I] == NODE == 2020/11/24 08:21:32.235 [I] PRESCRIPTS - NODE -> owlhnodeprescripts/ 2020/11/24 08:21:32.235 [I] Node INSTALL 2020/11/24 08:21:32.235 [I] Downloading New Software 2020/11/24 08:21:33.822 [I] ManageNode Stopping the service 2020/11/24 08:21:33.822 [I] owlhnode systemd stopping... 2020/11/24 08:21:33.952 [I] ManageNode Copying files from download 2020/11/24 08:21:33.952 [I] SRC: /tmp/owlhnode/owlhnode -- DST: /usr/local/owlh/src/owlhnode/owlhnode 2020/11/24 08:21:34.242 [I] SRC: /tmp/current.version -- DST: /usr/local/owlh/src/owlhnode/conf/current.version 2020/11/24 08:21:34.244 [I] ManageNode Installing service... 2020/11/24 08:21:34.383 [I] ManageNode Launching service... 2020/11/24 08:21:34.384 [I] owlhnode systemd starting... 2020/11/24 08:21:34.414 [I] ManageNode Done! 2020/11/24 08:21:34.414 [I] POSTSCRIPTS - NODE -> owlhnodepostscripts/ 2020/11/24 08:21:34.436 [I] Files removed for owlhnode successfully! 2020/11/24 08:21:34.436 [I] == UI == 2020/11/24 08:21:34.436 [I] PRESCRIPTS - UI -> owlhuiprescripts/ 2020/11/24 08:21:34.436 [I] New Install for UI 2020/11/24 08:21:34.436 [I] Downloading New Software 2020/11/24 08:21:34.686 [I] ManageUI Copying files from download 2020/11/24 08:21:35.521 [I] ManageUI Launching service... 2020/11/24 08:21:35.521 [I] SRC: /tmp/current.version -- DST: /var/www/owlh/conf/current.version 2020/11/24 08:21:35.524 [I] owlhui OwlH UI - systemd starting... 2020/11/24 08:21:36.614 [I] ManageUI Done! 2020/11/24 08:21:36.614 [I] POSTSCRIPTS - UI -> owlhuipostscripts/ 2020/11/24 08:21:36.630 [I] Files removed for owlhui successfully!
Output may vary
Install and configure httpd/apache server side¶
you must install httpd/apache and the owlh site configuration file.
# cd /tmp/
# wget
# bash
# cd /tmp/
# wget
# bash
where: is your master ip.
you can edit your master ip on file /var/www/owlh/conf/ui.conf
Install suricata¶
If you want to use Suricata. You will configure Suricata from UI mostly
# cd /tmp/
# wget
# bash
# cd /tmp/
# wget
# bash
Is SURICATA ready to work? If you want to be sure Suricata is correctly installed try this.
# Suricata -V
Install Zeek¶
This step can take a long while, consider running it under a screen session.
# cd /tmp/
# wget
# bash
# cd /tmp/
# wget
# bash
Is ZEEK ready to work? If you want to be sure Zeek is correctly installed try this.
# /usr/local/zeek/bin/zeek -v
Install OwlH Interface¶
If you plan to use Software TAP configuration, you should prepare your owlh local interface
# cd /tmp/
# wget
# bash
# cd /tmp/
# wget
# bash
Also, if using suricata and Software TAP you will need to add this interface details to af-packet: key
Edit /etc/suricata/suricata.yaml and add:
- interface: owlh
#threads: auto
cluster-id: 98
cluster-type: cluster_flow
defrag: yes
#rollover: yes
#use-mmap: yes
#mmap-locked: yes
tpacket-v3: yes
ring-size: 2048
block-size: 409600
#block-timeout: 10
#use-emergency-flush: yes
#checksum-checks: kernel
#bpf-filter: port 80 or udp
#copy-mode: ips
#copy-iface: eth1
Verify everything is properly set¶
# netstat -nputa
should provide an output like this:
[root@ip-172-31-41-217 ec2-user]# netstat -nputa
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::443 :::* LISTEN 2570/httpd
tcp6 0 0 :::50001 :::* LISTEN 2451/owlhmaster
tcp6 0 0 :::50002 :::* LISTEN 9936/owlhnode
Now you should be able to access your master with your browser.