-
Notifications
You must be signed in to change notification settings - Fork 285
Docker ISO setup
You can download the ISOs from https://www.stamus-networks.com/selks
SHA256 checksums:
Version | Sha256 checksum |
---|---|
SELKS-10-desktop.iso | c2c01b8f1fa39c61f9df253234e3dd2a851dc011ca21392d8e81a911390bc6b5 |
SELKS-10-no-desktop.iso | a7d5dd09046d5887129d6ab8af01edf125f29880f81ad696055f624bc2e4187f |
Non interactive, air gapped mode. The below command will setup the selks installation:
- in non-interactive mode
- install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer) without pulling anything from the internet
- use the interface tppdummy0 as sniffing interface
- use 8GB of RAM for Elasticsearch
- start up the installation (docker compose)
Examples:
sudo -s
cd /opt/selksd/SELKS/docker/ && \
./easy-setup.sh --non-interactive --no-pull-containers -i tppdummy0 \
--iA --restart-mode always --es-memory 8G && \
docker-compose up -d
If needed the latest SELKS code can also be pulled like so:
cd /opt/selksd/SELKS/ && \
git pull
Then run the easy-setup script again followed by docker compose as the example above.
You need to authenticate to access to the web interface(see the HTTPS access
section below ). The default user/password is selks-user/selks-user
(including through the Dashboards or Scirius desktop icons).
You can change credentials and user settings by using the top left menu in Scirius.
More info about the user roles and set up - https://github.com/StamusNetworks/scirius#usage
Default OS user:
- user:
selks-user
- password:
selks-user
(password in Live mode islive
)
The default root password is StamusNetworks
- update/pull and install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer)
- use the interface tppdummy0 as sniffing interface
- use 8GB of RAM for Elasticsearch, 1GB
- start up the installation (docker compose)
Example:
cd /opt/selksd/SELKS/docker/
docker-compose down
git pull
./easy-setup.sh --iA --es-memory 8G
docker-compose pull
sudo -E docker-compose up -d --force-recreate
If you would not want to sniff on specific system interface and want to set up a dummy interface for sniffing to replay for example specific pcap cases:
Example:
ip link add tppdummy0 type dummy && \
ip link set tppdummy0 up && \
ifconfig tppdummy0 mtu 1572
See https://github.com/StamusNetworks/SELKS/wiki/Docker#production-setup