wes edited this page Apr 17, 2018 · 49 revisions

Getting Started

Welcome to the Bearded-Avenger Deployment Kit! This Kit will help you get CIFv3 up and running using the latest stable release using a combination of bash and ansible.

Ubuntu 16 LTS is the operating system in which CIFv3 is developed against and is the most commonly used. RHEL7/CentOS7 are the second most common platforms used by the community, but lags in community support. If you run into a problem, be sure to first checkout:

Before You Dive Straight In

the EasyButton (~10min)

  1. pull the latest release of the DeploymentKit

  2. bash the easy-button

    $ tar -zxvf bearded-avenger-deploymentkit-3.0.x.tar.gz
    $ cd bearded-avenger-deploymentkit-3.0.x
    $ sudo bash easybutton.sh
    $ sudo su - cif
    $ cif -p
    
  3. Your userspace tokens will be set here: ~/.cif.yml and ~/.cifrc

  4. Create an API token on CSIRTG and add it to /etc/cif/rules/csirtg.yml [optional, gets you free access to more data]

  5. csirtg-smrt will take ~5min to start running after initial install is complete, and a few more minutes there-after to do it's initial processing run. After ~15 to 20min, test for data by running:

    $ sudo su - cif
    $ cif --itype ipv4 --tags scanner -d
    

    If no data is returned, check the logs to make sure everything is running properly:

    $ sudo journalctl -fu csirtg-smrt*
    $ sudo journalctl -fu cif-router*
    

    Need more help? Check out the FAQ Page.

  6. Now on to Where do I start?

Architecture

                                                              cif-gatherer
                                                               ^        +
                                                               |        |
                                                               +        v
csirtg-smrt +--> cifsdk  +--------->  cif-httpd +------------> cif-router +-----> cif-store +-----> elasticsearch
                                                               +
                                           ^                   |        ^
                                           |                   |        |
                                           |                   v        +
                                           |                   cif-hunter
                                           +

                                        cifsdk
Fine Print

bleeding-edge style distro's (eg: release cycles less than 18-24months, Fedora, non-LTS-release ubuntu, etc...) are highly discouraged and are generally not supported. THIS INCLUDES 'DESKTOP' distro's that have a 'SERVER' counterpart unless you have giant truck-loads of cash. then we'll consider it... maybe.

Reference: https://groups.google.com/forum/#!topic/ci-framework/2A8Hhv9WG-g

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.