Skip to content

install

Installation Manager that will install Zeek, Suricata, and Filebeat on the same physical instance. Make sure your computer is up to the task!

To import...

from dynamite_nsm.services.agent import install as agent_install

InstallManager

__init__(self, filebeat_install_directory, suricata_configuration_directory=None, suricata_install_directory=None, suricata_log_directory=None, zeek_configuration_directory=None, zeek_install_directory=None, stdout=False, verbose=False) special

Manage agent installation process

Parameters:

Name Type Description Default
filebeat_install_directory str

The path to the Filebeat install directory (Default - /opt/dynamite/filebeat)

required
suricata_configuration_directory Optional[str]

The path to the Suricata config directory (Default - /etc/dynamite/suricata)

None
suricata_install_directory Optional[str]

The path to the Suricata install directory (Default - /opt/dynamite/suricata)

None
suricata_log_directory Optional[str]

The path to the Suricata log directory (Default - /var/log/suricata)

None
zeek_configuration_directory Optional[str]

The path to the Zeek configuration directory (Default - /etc/dynamite/zeek)

None
zeek_install_directory Optional[str]

The path to the Zeek installation directory (Default - /opt/dynamite/zeek)

None
stdout Optional[bool]

Print the output to console

False
verbose Optional[bool]

Include detailed debug messages

False
Source code in dynamite_nsm/services/agent/install.py
def __init__(self, filebeat_install_directory: str,
             suricata_configuration_directory: Optional[str] = None,
             suricata_install_directory: Optional[str] = None,
             suricata_log_directory: Optional[str] = None,
             zeek_configuration_directory: Optional[str] = None, zeek_install_directory: Optional[str] = None,
             stdout: Optional[bool] = False, verbose: Optional[bool] = False
             ):
    """Manage agent installation process

    Args:
        filebeat_install_directory: The path to the Filebeat install directory (Default - /opt/dynamite/filebeat)
        suricata_configuration_directory: The path to the Suricata config directory (Default - /etc/dynamite/suricata)
        suricata_install_directory: The path to the Suricata install directory (Default - /opt/dynamite/suricata)
        suricata_log_directory: The path to the Suricata log directory (Default - /var/log/suricata)
        zeek_configuration_directory: The path to the Zeek configuration directory (Default - /etc/dynamite/zeek)
        zeek_install_directory: The path to the Zeek installation directory (Default - /opt/dynamite/zeek)
        stdout: Print the output to console
        verbose: Include detailed debug messages
    """
    super().__init__('agent.install', stdout=stdout, verbose=verbose)
    self.filebeat_install_directory = filebeat_install_directory
    self.suricata_configuration_directory = suricata_configuration_directory
    self.suricata_log_directory = suricata_log_directory
    self.suricata_install_directory = suricata_install_directory
    self.zeek_configuration_directory = zeek_configuration_directory
    self.zeek_install_directory = zeek_install_directory

setup(self, inspect_interfaces, targets, target_type='elasticsearch')

Setup Zeek, Suricata and Filebeat on the same physical instance.

Parameters:

Name Type Description Default
inspect_interfaces List[str]

A list of network interfaces to capture on (E.G ["mon0", "mon1"])

required
targets List[str]

One or more URLs to send event/alerts to (E.G https://my_elasticsearch_collector.local:9200)

required
target_type Optional[str]

The target type; current supported: elasticsearch (default), logstash, kafka, redis

'elasticsearch'

Returns:

Type Description
None

None

Source code in dynamite_nsm/services/agent/install.py
def setup(self, inspect_interfaces: List[str], targets: List[str],
          target_type: Optional[str] = 'elasticsearch') -> None:
    """ Setup Zeek, Suricata and Filebeat on the same physical instance.
    Args:
        inspect_interfaces: A list of network interfaces to capture on (E.G ["mon0", "mon1"])
        targets: One or more URLs to send event/alerts to (E.G https://my_elasticsearch_collector.local:9200)
        target_type: The target type; current supported: elasticsearch (default), logstash, kafka, redis

    Returns:
        None
    """
    if self.suricata_install_directory or self.suricata_configuration_directory or self.suricata_log_directory:
        if not (
                self.suricata_install_directory and self.suricata_configuration_directory
                and self.suricata_log_directory
        ):
            self.logger.error(
                'You must specify suricata-configuration-directory, suricata-install-directory, '
                'and suricata-log-directory.')
            return None

        suricata_install.InstallManager(configuration_directory=self.suricata_configuration_directory,
                                        install_directory=self.suricata_install_directory,
                                        log_directory=self.suricata_log_directory, download_suricata_archive=True,
                                        stdout=self.stdout, verbose=self.verbose).setup(inspect_interfaces)
    if self.zeek_install_directory or self.zeek_install_directory:
        if not (self.zeek_install_directory and self.zeek_configuration_directory):
            self.logger.error(
                'You must specify both the zeek-configuration-directory and zeek-install-directory.')
            return None
        zeek_install.InstallManager(configuration_directory=self.zeek_configuration_directory,
                                    install_directory=self.zeek_install_directory, download_zeek_archive=True,
                                    stdout=self.stdout, verbose=self.verbose).setup(inspect_interfaces)
    filebeat_install.InstallManager(install_directory=self.filebeat_install_directory,
                                    download_filebeat_archive=True, stdout=self.stdout,
                                    verbose=self.verbose).setup(targets=targets, target_type=target_type)
    optimize.OptimizeThreadingManager(self.suricata_configuration_directory, self.zeek_install_directory,
                                      stdout=self.stdout, verbose=self.verbose).optimize()

UninstallManager

__init__(self, stdout=False, verbose=False) special

Manage agent uninstall process

Parameters:

Name Type Description Default
stdout Optional[bool]

Print the output to console

False
verbose Optional[bool]

Include detailed debug messages

False
Source code in dynamite_nsm/services/agent/install.py
def __init__(self, stdout: Optional[bool] = False, verbose: Optional[bool] = False):
    """Manage agent uninstall process

    Args:
        stdout: Print the output to console
        verbose: Include detailed debug messages
    """
    super().__init__(directories=[], name='agent.uninstall', stdout=stdout, verbose=verbose)

uninstall(self)

Uninstall Zeek, Suricata and Filebeat from this instance.

Returns:

Type Description
None

None

Source code in dynamite_nsm/services/agent/install.py
def uninstall(self) -> None:
    """Uninstall Zeek, Suricata and Filebeat from this instance.
    Returns:
        None
    """
    from dynamite_nsm.services.zeek import profile as zeek_profile
    from dynamite_nsm.services.suricata import profile as suricata_profile

    filebeat_install.UninstallManager(self.stdout, self.verbose).uninstall()
    if zeek_profile.ProcessProfiler().is_installed():
        zeek_install.UninstallManager(purge_config=True, stdout=self.stdout, verbose=self.verbose).uninstall()
    if suricata_profile.ProcessProfiler().is_installed():
        suricata_install.UninstallManager(purge_config=True, stdout=self.stdout, verbose=self.verbose).uninstall()