Ubuntu Package Installation¶
This page is written for Ubuntu Bionic (18.04) or newer.
Table Of Content
Base Installation¶
We suppose that you have already a working Ubuntu Bionic or newer installation.
Database¶
At this point, you will have to choose between MariaDB and PostgreSQL to store your alerts. Both are equivalent in terms on functionnalities, the differences will mainly concern administration, and performance. This guide only describes the installation with MariaDB.
- MariaDB
Install MariaDB :
# apt install mariadb-server
The default is to install MySQL without any root password. This is bad ! Remember to add a password before continuing.
Pre-installation¶
First of all, you have ton install the prelude utils:
# apt install prelude-utils
Prelude-Manager Installation¶
Installation¶
# apt install prelude-manager libpreludedb7-mysql
- During the installation :
- You have to configure the database. By default, let dbconfig-common doing the job.
- You have to overwrite the configuration file: "Install the package maintainer's version"
The Debian package automagically create the user and the database, configure the database to grant permissions, populate the db using the sql script, and update parameters in /etc/prelude-manager/prelude-manager.conf.
You can now start prelude-manager:
# systemctl start prelude-manager
You can check the status by running:
# systemctl status prelude-manager
The first part is over, you now have a manager up and running.
Prelude-LML Installation¶
You need to install prelude-lml. Prelude-LML will analyze your logs and reports event to the manager.
# apt install prelude-lml
Before it can be used, you have to register the prelude-lml agent
Agent Registration¶
The agent registration is a four-step process, which requires to run commands on both the lml and the manager:
1. On the LML client, run the register command:
# prelude-admin register prelude-lml "idmef:w" 127.0.0.1 --uid 0 --gid 0
LML must be registered with uid and gid 0, since the process will be executed as root (to be able to analyze logs).
LML will then ask for the One-Time Password(OTP), which will be provided by the manager:
... # Enter the one-shot password provided on 127.0.0.1:
2. On the manager, run the following:
# prelude-admin registration-server prelude-manager The "l2b63ytl" password will be requested by "prelude-admin register" in order to connect
3. Enter the password to the LML prompt:
... # Connecting to registration server (127.0.0.1:5553)... Authentication succeeded
The LML is now waiting for the Manager to sign the certificate.
4. On the manager, validate the certificate signing request:
... # Approve registration [y/n]:
Now, the manager and the sensor have a trust relation, and can send messages to each other.
You can start prelude-lml:
# systemctl start prelude-lml
You can check the status by running:
# systemctl status prelude-lml
Prewikka¶
Prewikka is the Prelude graphical user interface, using a web server.
Installation¶
Prewikka requires two databases: one to get the Prelude alerts (which is the same as configured before), and one to store its own data (prewikka).
Install prewikka:
# apt install prewikka
The package will install required dependencies (python, for ex), and will ask for the database configuration. As for Prelude, we choose to use dbconfig-common, give the administrator password and enter the DB password.
Web server configuration¶
You can run prewikka Trought Apache or throught nginx but here is a simple way to try prewikka: with command line.
prewikka-httpd
Point your browser to "http://<yourserver>:8000"
For more details about Prewikka installation, see the Prewikka Installation Page.