Project

General

Profile

Back to Packages Installation

Ubuntu Package Installation

This page is written for Ubuntu Bionic (18.04) or newer.

Table Of Content

Base Installation

We suppose that you have already a working Ubuntu Bionic or newer installation.

Database

At this point, you will have to choose between MariaDB and PostgreSQL to store your alerts. Both are equivalent in terms on functionnalities, the differences will mainly concern administration, and performance. This guide only describes the installation with MariaDB.

  • MariaDB

Install MariaDB :

# apt install mariadb-server

The default is to install MySQL without any root password. This is bad ! Remember to add a password before continuing.

Pre-installation

First of all, you have ton install the prelude utils:

# apt install prelude-utils

Prelude-Manager Installation

Installation

# apt install prelude-manager libpreludedb7-mysql
  • During the installation :
    • You have to configure the database. By default, let dbconfig-common doing the job.
    • You have to overwrite the configuration file: "Install the package maintainer's version"

The Debian package automagically create the user and the database, configure the database to grant permissions, populate the db using the sql script, and update parameters in /etc/prelude-manager/prelude-manager.conf.

You can now start prelude-manager:

# systemctl start prelude-manager

You can check the status by running:

# systemctl status prelude-manager

The first part is over, you now have a manager up and running.

Prelude-LML Installation

You need to install prelude-lml. Prelude-LML will analyze your logs and reports event to the manager.

# apt install prelude-lml

Before it can be used, you have to register the prelude-lml agent

Agent Registration

The agent registration is a four-step process, which requires to run commands on both the lml and the manager:

1. On the LML client, run the register command:

# prelude-admin register prelude-lml "idmef:w" 127.0.0.1 --uid 0 --gid 0

LML must be registered with uid and gid 0, since the process will be executed as root (to be able to analyze logs).

LML will then ask for the One-Time Password(OTP), which will be provided by the manager:

...
# Enter the one-shot password provided on 127.0.0.1:

2. On the manager, run the following:

# prelude-admin registration-server prelude-manager

The "l2b63ytl" password will be requested by "prelude-admin register" in order to connect

3. Enter the password to the LML prompt:

...
# Connecting to registration server (127.0.0.1:5553)... Authentication succeeded

The LML is now waiting for the Manager to sign the certificate.

4. On the manager, validate the certificate signing request:

...
# Approve registration [y/n]:

Now, the manager and the sensor have a trust relation, and can send messages to each other.

You can start prelude-lml:

# systemctl start prelude-lml

You can check the status by running:

# systemctl status prelude-lml

Prewikka

Prewikka is the Prelude graphical user interface, using a web server.

Installation

Prewikka requires two databases: one to get the Prelude alerts (which is the same as configured before), and one to store its own data (prewikka).

Install prewikka:

# apt install prewikka

The package will install required dependencies (python, for ex), and will ask for the database configuration. As for Prelude, we choose to use dbconfig-common, give the administrator password and enter the DB password.

Web server configuration

You can run prewikka Trought Apache or throught nginx but here is a simple way to try prewikka: with command line.

prewikka-httpd

Point your browser to "http://<yourserver>:8000"

For more details about Prewikka installation, see the Prewikka Installation Page.

Back to Packages Installation