-
Notifications
You must be signed in to change notification settings - Fork 10
FAQ
What is Medusa, in one sentence? A pure-Bash orchestrator that deploys and manages 35 open-source cybersecurity tools (SOC, GRC, Integration, OT) through a menu or a CLI, each tool isolated per named environment.
Does it need anything besides Bash?
Docker, Docker Compose and Git are required; curl, python3, pip3 and openssl are recommended. No language runtime, package manager or vendored dependency is bundled. See Installation.
Where does it store data?
Under medusa_deployments/<env_name>/<tool>/ inside the project directory. Nothing is written outside the repo. This directory is git-ignored.
Can I run several isolated setups?
Yes, that is what environments are for. Use a different ENV_NAME (CLI) or pick/create one at startup (menu). See Environments.
Can I script deployments?
Yes. Every action has a CLI form: deploy, start, stop, restart, status, logs, remove, list, check. Combine with ENV_NAME. See Usage.
Do all 35 tools deploy automatically?
No. docker and cli tools are automated. vm tools (Security Onion, GRFICSv2, GRASSMARLIN) only print manual installation instructions, they require a VM you set up yourself.
Why is a tool listed as cli when it clearly runs containers?
Type reflects how Medusa installs it, not what it runs internally. Malcolm, for example, is cli: Medusa clones the repo and you drive its own scripts, which then start a Docker stack. See Tools-OT.
Why are some images pinned and Greenbone is not?
Pinning gives reproducible deployments. Greenbone's feed data images deliberately track latest (and services stable) because pinning them would freeze the vulnerability database, that is the upstream-recommended community setup. See Security.
How do I change a published port?
Edit the ports: mapping in the tool's generated docker-compose.yml, then ./medusa.sh restart <tool>. Watch for the documented collisions. See Ports-Reference.
Where are the generated passwords?
In medusa_deployments/<env>/<tool>/credentials.txt (chmod 600). Tools with fixed upstream defaults (Wazuh, MISP, Eramba, OpenVAS) must be rotated by you. See Security.
Is it safe to run as root?
Medusa warns and continues. Prefer a normal user in the docker group and let Medusa escalate with sudo only when a specific operation needs it.
How do I add a tool?
Define deploy_<tool> in the right lib/deploy_*.sh, add one register_tool line in core.sh, optionally add a run_<tool> sub-menu. See Adding-a-Tool.
How do I remove everything?
./medusa.sh stop all, then delete the project directory (which contains medusa_deployments/). Single tools: ./medusa.sh remove <tool>.
Next: Troubleshooting · Adding-a-Tool
Repository · Issues · Security policy · MIT License
Get running
Concepts
Tool catalog
Reference
Develop