All you need is an AWS account to get BinaryAlert up and running in just a few minutes!
BinaryAlert can be deployed from any MacOS/Linux environment (and likely Windows as well, though we haven't tried).
- Install Python 3.6:
# MacOS Homebrew brew install python3 python3 --version # Ubuntu16 - Python 3.6 is only available in third-party repositories sudo add-apt-repository ppa:deadsnakes/ppa sudo apt-get update sudo apt-get install python3.6 python3.6-dev python3-pip sudo -H pip3 install --upgrade pip python3.6 --version
Python 3.5 is installed by default on some systems, but AWS Lambda requires Python 3.6 or 3.7.
- Install Terraform v0.11.X:
$ brew install terraform # MacOS Homebrew $ terraform --version # Must be v0.11.X
3. Install the OpenSSL development library if it isn't already (OS X should have it). This is required for YARA's hash module and must be installed before installing the BinaryAlert requirements.
$ sudo apt-get install libssl-dev # Ubuntu $ sudo yum install openssl-devel # Amazon Linux
- Clone the latest official release of BinaryAlert:
$ git clone --branch v1.2.0 https://github.com/airbnb/binaryalert
- Create and activate a virtual environment:
$ cd binaryalert $ python3.6 -m venv venv $ source venv/bin/activate
- Install the BinaryAlert requirements:
$ pip3 install -r requirements.txt
If there is an error finding
export CFLAGS='-I/usr/local/opt/openssl/include' before the install.
- Run unit tests to make sure everything is installed correctly:
$ ./manage.py unit_test
Set AWS Credentials
- Create an AWS account and an IAM user with permissions for at least the following services:
See Creating an IAM group for a least-privilege policy that allows users to deploy BinaryAlert.
2. Set your AWS credentials using any method supported by Terraform. For example, using the AWS CLI:
$ pip3 install awscli $ aws configure
- Configure BinaryAlert settings:
$ ./manage.py configure AWS Region (us-east-1): Unique name prefix, e.g. "company_team": your_unique_prefix Enable the CarbonBlack downloader? (no):
$ ./manage.py deploy # Terraform will generate a plan and request approval before applying
- BinaryAlert is live! Test it by uploading a harmless EICAR test string:
$ ./manage.py live_test
You must :ref:`add an SNS subscription <add_sns_subscriptions>` in order to receive YARA match alerts.