Cortex 可观察分析是一个强大的开源平台,可为组织提供其威胁数据的统一视图。凭借其灵活且可扩展的架构、丰富的功能集以及与流行数据源的无缝集成,Cortex 对于任何希望提高其可观测性能力的人来说都是一个有价值的工具。
在 Ubuntu 22.04 LTS Jammy Jellyfish 上安装 Cortex
第 1 步。首先,通过在终端中运行以下命令,确保所有系统软件包都是最新的。apt
<span class="pln">sudo apt update sudo apt upgrade sudo apt install dirmngr gnupg apt</span><span class="pun">-</span><span class="pln">transport</span><span class="pun">-</span><span class="pln">https ca</span><span class="pun">-</span><span class="pln">certificates software</span><span class="pun">-</span><span class="pln">properties</span><span class="pun">-</span><span class="pln">common</span>
第 2 步。安装爪哇。
在安装 Cortex 之前,您需要在系统上安装 Java。如果您没有安装 Java,您可以按照此处的指南进行操作。
您可以使用以下命令验证 Java 版本:
<span class="pln">java </span><span class="pun">--</span><span class="pln">version</span>
接下来,使用以下命令设置 Java 环境变量:
<span class="pln">echo JAVA_HOME</span><span class="pun">=</span><span class="str">"/usr/lib/jvm/java-11-openjdk-amd64"</span> <span class="pun">|</span><span class="pln"> tee </span><span class="pun">-</span><span class="pln">a </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">environment</span>
然后,使用以下命令激活环境变量:
<span class="pln">source </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">environment</span>
第 3 步。安装 Elasticsearch。
默认情况下,Elasticsearch 在 Ubuntu 22.04 基础存储库中不可用。现在运行以下命令,将 Elasticsearch 存储库添加到您的 Ubuntu 系统中:
<span class="pln">echo </span><span class="str">"deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">-</span><span class="lit">8.x</span><span class="pun">.</span><span class="pln">list</span>
接下来,导入 GPG 密钥:
<span class="pln">wget </span><span class="pun">-</span><span class="pln">qO </span><span class="pun">-</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg</span>
启用存储库后,现在使用以下命令安装最新版本的 Elasticsearch:
<span class="pln">sudo apt update sudo apt install elasticsearch</span>
Elasticsearch 服务在安装后不会自动启动,要启动该服务并在系统启动时启用它,请键入以下命令:systemctl
<span class="pln">sudo systemctl enable elasticsearch sudo systemctl start elasticsearch sudo systemctl status elasticsearch</span>
为了配置 Elasticsearch,我们编辑了它的主要配置文件,其中存储了它的大部分配置选项:elasticsearch.yml
<span class="pln">nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">.</span><span class="pln">yml</span>
更改以下行:
<span class="pln">cluster</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span> <span class="kwd">my</span><span class="pun">-</span><span class="pln">application</span>
保存并关闭文件,然后创建一个文件:jvm.options
<span class="pln">nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">/</span><span class="pln">jvm</span><span class="pun">.</span><span class="pln">options</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">jvm</span><span class="pun">.</span><span class="pln">options</span>
添加以下文件:
<span class="pun">-</span><span class="typ">Xms1g</span> <span class="pun">-</span><span class="typ">Xmx1g</span> <span class="pun">-</span><span class="typ">Dlog4j2</span><span class="pun">.</span><span class="pln">formatMsgNoLookups</span><span class="pun">=</span><span class="kwd">true</span>
保存并关闭文件,然后重新启动 ElasticSearch 服务以应用更改:
<span class="pln">systemctl restart elasticsearch</span>
有关安装 Elasticsearch 的其他资源,请阅读下面的帖子:
- 如何在 Ubuntu Linux √ 上安装 Elasticsearch
第 4 步。安装 Cortex Ubuntu 22.04。
默认情况下,Cortex 在 Ubuntu 22.04 基础存储库上不可用。现在运行以下命令,将 Cortex 存储库添加到您的 Ubuntu 系统中:
<span class="pln">echo </span><span class="str">'deb https://deb.thehive-project.org release main'</span> <span class="pun">|</span><span class="pln"> tee </span><span class="pun">-</span><span class="pln">a </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">thehive</span><span class="pun">-</span><span class="pln">project</span><span class="pun">.</span><span class="pln">list</span>
接下来,使用以下命令导入 GPG 密钥:
<span class="pln">wget </span><span class="pun">-</span><span class="pln">qO</span><span class="pun">-</span> <span class="str">"https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY"</span> <span class="pun">|</span><span class="pln"> gpg </span><span class="pun">--</span><span class="pln">dearmor </span><span class="pun">-</span><span class="pln">o </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">trusted</span><span class="pun">.</span><span class="pln">gpg</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">cortex</span><span class="pun">.</span><span class="pln">gpg wget </span><span class="pun">-</span><span class="pln">qO</span><span class="pun">-</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg</span>
启用存储库后,现在使用以下命令安装最新版本的 Cortex:
<span class="pln">sudo apt update sudo apt install cortex</span>
第5步。配置皮层。
现在我们创建安全加密皮层功能所需的 Cortex 密钥:
<span class="pln">cat </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">urandom </span><span class="pun">|</span><span class="pln"> tr </span><span class="pun">-</span><span class="pln">dc </span><span class="str">'a-zA-Z0-9'</span> <span class="pun">|</span><span class="pln"> fold </span><span class="pun">-</span><span class="pln">w </span><span class="lit">64</span> <span class="pun">|</span><span class="pln"> head </span><span class="pun">-</span><span class="pln">n </span><span class="lit">1</span>
输出:
<span class="typ">GDTc1rXTf4mx8TWEdBMWJYunwiLwHSaDS7gUR6g4Pe46LWgMNIxI9bvw</span>
接下来,编辑 Cortex 配置文件并定义您的密钥:
<span class="pln">nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">cortex</span><span class="pun">/</span><span class="pln">application</span><span class="pun">.</span><span class="pln">conf</span>
定义机密,如下所示:
<span class="pln">play</span><span class="pun">.</span><span class="pln">http</span><span class="pun">.</span><span class="pln">secret</span><span class="pun">.</span><span class="pln">key</span><span class="pun">=</span><span class="str">"GDTc1rXTf4mx8TWEdBMWJYunwiLwHSaDS7gUR6g4Pe46LWgMNIxI9bvw"</span>
保存并关闭文件,然后使用以下命令启动并启用 Cortex 服务:
<span class="pln">systemctl enable </span><span class="pun">--</span><span class="pln">now cortex</span>
第 6 步。配置防火墙。
现在,我们使用 Cortex 设置了一个简单防火墙 (UFW),以允许在 9001 的默认 Web 端口上进行公共访问:
<span class="pln">sudo ufw allow </span><span class="typ">OpenSSH</span><span class="pln"> sudo ufw allow </span><span class="lit">9001</span><span class="pln"> sudo ufw enable</span>
步骤 7.访问 Cortex Web 界面。
成功安装后,打开您的 Web 浏览器并使用 URL 访问 Cortex Web UI。您将被重定向到以下页面:http://your-IP-address:9001
数据库更新完成后,创建您的 Cortex 管理员帐户:
感谢您使用本教程在 Ubuntu 22.04 LTS Jammy Jellyfish 系统上安装 Cortex 可观察分析。如需其他帮助或有用信息,我们建议您查看 Cortex 官方网站。
