install
Installation Manager that will install Zeek, Suricata, and Filebeat on the same physical instance. Make sure your computer is up to the task!
To import...
from dynamite_nsm.services.agent import install as agent_install
InstallManager
__init__(self, filebeat_install_directory, suricata_configuration_directory=None, suricata_install_directory=None, suricata_log_directory=None, zeek_configuration_directory=None, zeek_install_directory=None, stdout=False, verbose=False)
special
Manage agent installation process
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
filebeat_install_directory |
str |
The path to the Filebeat install directory (Default - /opt/dynamite/filebeat) |
required |
suricata_configuration_directory |
Optional[str] |
The path to the Suricata config directory (Default - /etc/dynamite/suricata) |
None |
suricata_install_directory |
Optional[str] |
The path to the Suricata install directory (Default - /opt/dynamite/suricata) |
None |
suricata_log_directory |
Optional[str] |
The path to the Suricata log directory (Default - /var/log/suricata) |
None |
zeek_configuration_directory |
Optional[str] |
The path to the Zeek configuration directory (Default - /etc/dynamite/zeek) |
None |
zeek_install_directory |
Optional[str] |
The path to the Zeek installation directory (Default - /opt/dynamite/zeek) |
None |
stdout |
Optional[bool] |
Print the output to console |
False |
verbose |
Optional[bool] |
Include detailed debug messages |
False |
Source code in dynamite_nsm/services/agent/install.py
def __init__(self, filebeat_install_directory: str,
suricata_configuration_directory: Optional[str] = None,
suricata_install_directory: Optional[str] = None,
suricata_log_directory: Optional[str] = None,
zeek_configuration_directory: Optional[str] = None, zeek_install_directory: Optional[str] = None,
stdout: Optional[bool] = False, verbose: Optional[bool] = False
):
"""Manage agent installation process
Args:
filebeat_install_directory: The path to the Filebeat install directory (Default - /opt/dynamite/filebeat)
suricata_configuration_directory: The path to the Suricata config directory (Default - /etc/dynamite/suricata)
suricata_install_directory: The path to the Suricata install directory (Default - /opt/dynamite/suricata)
suricata_log_directory: The path to the Suricata log directory (Default - /var/log/suricata)
zeek_configuration_directory: The path to the Zeek configuration directory (Default - /etc/dynamite/zeek)
zeek_install_directory: The path to the Zeek installation directory (Default - /opt/dynamite/zeek)
stdout: Print the output to console
verbose: Include detailed debug messages
"""
super().__init__('agent.install', stdout=stdout, verbose=verbose)
self.filebeat_install_directory = filebeat_install_directory
self.suricata_configuration_directory = suricata_configuration_directory
self.suricata_log_directory = suricata_log_directory
self.suricata_install_directory = suricata_install_directory
self.zeek_configuration_directory = zeek_configuration_directory
self.zeek_install_directory = zeek_install_directory
setup(self, inspect_interfaces, targets, target_type='elasticsearch')
Setup Zeek, Suricata and Filebeat on the same physical instance.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
inspect_interfaces |
List[str] |
A list of network interfaces to capture on (E.G ["mon0", "mon1"]) |
required |
targets |
List[str] |
One or more URLs to send event/alerts to (E.G https://my_elasticsearch_collector.local:9200) |
required |
target_type |
Optional[str] |
The target type; current supported: elasticsearch (default), logstash, kafka, redis |
'elasticsearch' |
Returns:
| Type | Description |
|---|---|
None |
None |
Source code in dynamite_nsm/services/agent/install.py
def setup(self, inspect_interfaces: List[str], targets: List[str],
target_type: Optional[str] = 'elasticsearch') -> None:
""" Setup Zeek, Suricata and Filebeat on the same physical instance.
Args:
inspect_interfaces: A list of network interfaces to capture on (E.G ["mon0", "mon1"])
targets: One or more URLs to send event/alerts to (E.G https://my_elasticsearch_collector.local:9200)
target_type: The target type; current supported: elasticsearch (default), logstash, kafka, redis
Returns:
None
"""
if self.suricata_install_directory or self.suricata_configuration_directory or self.suricata_log_directory:
if not (
self.suricata_install_directory and self.suricata_configuration_directory
and self.suricata_log_directory
):
self.logger.error(
'You must specify suricata-configuration-directory, suricata-install-directory, '
'and suricata-log-directory.')
return None
suricata_install.InstallManager(configuration_directory=self.suricata_configuration_directory,
install_directory=self.suricata_install_directory,
log_directory=self.suricata_log_directory, download_suricata_archive=True,
stdout=self.stdout, verbose=self.verbose).setup(inspect_interfaces)
if self.zeek_install_directory or self.zeek_install_directory:
if not (self.zeek_install_directory and self.zeek_configuration_directory):
self.logger.error(
'You must specify both the zeek-configuration-directory and zeek-install-directory.')
return None
zeek_install.InstallManager(configuration_directory=self.zeek_configuration_directory,
install_directory=self.zeek_install_directory, download_zeek_archive=True,
stdout=self.stdout, verbose=self.verbose).setup(inspect_interfaces)
filebeat_install.InstallManager(install_directory=self.filebeat_install_directory,
download_filebeat_archive=True, stdout=self.stdout,
verbose=self.verbose).setup(targets=targets, target_type=target_type)
optimize.OptimizeThreadingManager(self.suricata_configuration_directory, self.zeek_install_directory,
stdout=self.stdout, verbose=self.verbose).optimize()
UninstallManager
__init__(self, stdout=False, verbose=False)
special
Manage agent uninstall process
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
stdout |
Optional[bool] |
Print the output to console |
False |
verbose |
Optional[bool] |
Include detailed debug messages |
False |
Source code in dynamite_nsm/services/agent/install.py
def __init__(self, stdout: Optional[bool] = False, verbose: Optional[bool] = False):
"""Manage agent uninstall process
Args:
stdout: Print the output to console
verbose: Include detailed debug messages
"""
super().__init__(directories=[], name='agent.uninstall', stdout=stdout, verbose=verbose)
uninstall(self)
Uninstall Zeek, Suricata and Filebeat from this instance.
Returns:
| Type | Description |
|---|---|
None |
None |
Source code in dynamite_nsm/services/agent/install.py
def uninstall(self) -> None:
"""Uninstall Zeek, Suricata and Filebeat from this instance.
Returns:
None
"""
from dynamite_nsm.services.zeek import profile as zeek_profile
from dynamite_nsm.services.suricata import profile as suricata_profile
filebeat_install.UninstallManager(self.stdout, self.verbose).uninstall()
if zeek_profile.ProcessProfiler().is_installed():
zeek_install.UninstallManager(purge_config=True, stdout=self.stdout, verbose=self.verbose).uninstall()
if suricata_profile.ProcessProfiler().is_installed():
suricata_install.UninstallManager(purge_config=True, stdout=self.stdout, verbose=self.verbose).uninstall()