Table of Contents
- Install Dependencies
- Security considerations
Please report any errors you encounter at https://github.com/certtools/intelmq/issues
The following instructions assume the following requirements:
- IntelMQ is already installed
- IntelMQ and IntelMQ Manager will be installed on same machine
- a supported operating system
Supported and recommended operating systems are:
- Debian 8
- OpenSUSE Leap 42.2
- Ubuntu: 14.04 and 16.04 LTS
Partly supported are:
- RHEL 7
- CentOS 7 See Notes on CentOS / RHEL
If you are using native packages, you can simply skip this section as all dependencies are installed automatically.
Ubuntu 14.04 / Debian 8
apt-get install git apache2 php5 libapache2-mod-php5
apt-get install git apache2 php libapache2-mod-php7.0
apt-get install git apache2 php libapache2-mod-php
yum install epel-release yum install git httpd httpd-tools php
openSUSE Leap 42.2
yum install git apache2 apache2-utils apache2-mod_php7
Get the install instructions for your operating system here: https://software.opensuse.org/download.html?project=home%3Asebix%3Aintelmq&package=intelmq-manager
Currently, these operating systems are supported by the packages:
- CentOS 7, install
- RHEL 7, install
- Debian 8 and Debian 9 (install
- Fedora 25, 26 and Rawhide
- openSUSE Leap 42.2 and Leap 42.3
- openSUSE Tumbleweed
- Ubuntu 16.04 and Ubuntu 17.04, install
The package is always called
For Debian and Ubuntu you need to make the configuration files writable by the group:
chmod 664 /etc/intelmq/*.conf /etc/intelmq/manager/positions.conf
Clone the repository and copy the files in the subfolder
intelmq-manager to the webserver directory (can also be
/srv/www/htdocs/ depending on the used system):
git clone https://github.com/certtools/intelmq-manager.git /tmp/intelmq-manager cp -R /tmp/intelmq-manager/intelmq-manager/* /var/www/html/ chown -R www-data.www-data /var/www/html/
Add the webserver user (www-data, wwwrun, apache or nginx) to the intelmq group and give write permissions for the configuration files:
usermod -a -G intelmq www-data mkdir /opt/intelmq/etc/manager/ touch /opt/intelmq/etc/manager/positions.conf chgrp www-data /opt/intelmq/etc/*.conf /opt/intelmq/etc/manager/positions.conf chmod g+w /opt/intelmq/etc/*.conf /opt/intelmq/etc/manager/positions.conf
Give webserver user (www-data, wwwrun, apache or nginx) permissions to execute intelmqctl as intelmq user. Edit the
/etc/sudoers file and add the adapted following line:
www-data ALL=(intelmq) NOPASSWD: /usr/local/bin/intelmqctl
The default way of accessing
intelmqctl program is by command
sudo -u intelmq /usr/local/bin/intelmqctl. If that does not suit you, you may set an environmental variable
INTELMQ_MANGER_CONTROLER_CMD to I.E.
sudo -u intelmq ~/.local/bin/intelmqctl or whereever you need.
Notes on CentOS / RHEL
The manager does currently not work with selinux enabled, you need to deactivate it. Also, stopping bots does currently not work, see also https://github.com/certtools/intelmq-manager/issues/103
If you can help to fix these issues, please join us!
Never ever run intelmq-manager on a public webserver without SSL and proper authentication.
The way the current version is written, anyone can send a POST request and change intelmq's configuration files via sending a HTTP POST request to
save.php. Intelmq-manager will reject non JSON data but nevertheless, we don't want anyone to be able to reconfigure an intelmq installation.
Therefore you will need authentication and SSL.
In addition, intelmq currently stores plaintext passwords in its configuration files. These can be read via intelmq-manager.
Never ever allow unencrypted, unauthenticated access to intelmq-manager.
In DEB-based distributions you will be asked for the password during installation.
In RPM-based distributions, the file will be placed under
/etc/intelmq-manager.htusers automatically. To set a user-password combination do:
htpasswd /etc/intelmq-manager.htusers intelmqadmin
In both cases the webserver is already configured to use this file for authentication.
To create the authentication file:
htpasswd -c <password file path> <username>
To edit an existing one do:
htpasswd <password file path> <username>
on IntelMQ Manager edit the httpd.conf and insert
AuthType basic AuthName "IntelmMQ Manager" AuthBasicProvider file AuthUserFile <password file path> Require valid-user
After this is done you'll have to put the user/pass combination you have created with htpasswd to access the web pages of IntelMQ Manager. To use other authentication methods visit: http://httpd.apache.org/docs/2.4/howto/auth.html
It is recommended to set these two headers for all requests:
Content-Security-Policy: script-src 'self' X-Content-Security-Policy: script-src 'self'