| Initial Setup |
| ============= |
|
|
| System Setup |
| ************ |
|
|
| Install required software (as root user):: |
|
|
| yum install -y epel-release |
| yum install -y python36 python36-devel python3-pip libcurl-devel gcc git |
| pip3 install virtualenv |
|
|
| Create the mozdef user (as root user):: |
|
|
| adduser mozdef -d /opt/mozdef |
| mkdir /opt/mozdef/envs |
| chown -R mozdef:mozdef /opt/mozdef |
|
|
|
|
| Python Setup |
| ************ |
|
|
| Clone repository:: |
|
|
| su mozdef |
| cd ~/ |
| git clone https://github.com/mozilla/MozDef.git /opt/mozdef/envs/mozdef |
|
|
| Setting up a Python 3.6 virtual environment (as mozdef user):: |
|
|
| cd /opt/mozdef/envs |
| /usr/local/bin/virtualenv -p /bin/python3 /opt/mozdef/envs/python |
|
|
| Install MozDef python requirements (as mozdef user):: |
|
|
| source /opt/mozdef/envs/python/bin/activate |
| cd /opt/mozdef/envs/mozdef |
| PYCURL_SSL_LIBRARY=nss pip install -r requirements.txt |
| mkdir /opt/mozdef/envs/mozdef/data |
|
|
|
|
| Syslog Setup |
| ************ |
|
|
| Copy over mozdef syslog file (as root user):: |
|
|
| cp /opt/mozdef/envs/mozdef/config/50-mozdef-filter.conf /etc/rsyslog.d/50-mozdef-filter.conf |
|
|
|
|
| Ensure log directory is created (as root user):: |
|
|
| mkdir -p /var/log/mozdef/supervisord |
| chown -R mozdef:mozdef /var/log/mozdef |
|
|
|
|
| Restart rsyslog (as root user):: |
|
|
| systemctl restart rsyslog |
|
|
|
|
