Skip to content

Installation: OpenSSL Signed Installation Guide

@AlanOrlikoski edited this page Dec 30, 2018 · 25 revisions

This type of installation is for users with some experience with linux administration. It is ideal for those that are required to build upon a baseline (gold disk) image. It also works very well for cloud based instances as a build script. It ensures that the most recent versions of the software are used and that it is configured the same way every time. Also note that all ciphers and keys are generated at run time and therefore are as unique as any script can make them.

Installation instructions

  • Start with Ubuntu 16.04 LTS base image

  • Log into system with an account that has sudo privledges

  • The buildskadi.sh script downloads the signed buildskadi.tgz file and verifies the signature using openssl. If anything interrupts the download or if the signature doesn't match then the installation exits with an error message.

  • Start the script from a terminal using the commands below This could take anywhere from 5 - 60+ minutes depending on the speed of the internet connection

Usernames and Passwords made at installation time

wget -O /tmp/buildskadi.sh https://raw.githubusercontent.com/orlikoski/skadi/master/scripts/buildskadi.sh
sudo bash /tmp/buildskadi.sh

Usernames and Passwords set to skadi:skadi

export DEFAULT_PASSWORDS="true"
wget -O /tmp/buildskadi.sh https://raw.githubusercontent.com/orlikoski/skadi/master/scripts/buildskadi.sh
sudo bash /tmp/buildskadi.sh

Post Installation

The final completion will look something like the following. Make sure to note the usernames and passwords as they will be needed to access the tools:

Skadi Setup is Complete

The Nginx reverse proxy setup and can be accessed at http://<IP Address> or http://localhost if installed locally:
The following are the credentials needed to access this build: 

OS Account:
   - Username: skadi_<random chars>
   - Password: <random chars>

Proxy Account:
   - Username: skadi_<random chars>
   - Password: <random chars>

TimeSketch Account:
   - Username: skadi_<random chars>
   - Password: <random chars>

Grafana Account
   - Username: skadi_<random chars>
   - Password: <random chars>


The following files have credentials used in the build process stored in them:
  - /opt/Skadi/Docker/.env
  - /opt/Skadi/Docker/skadi_dockprom/.env

Setup Kibana

Not 100% complete, but very close. The reason this is for advanced users is that the remaining items require loading sample data into the ElasticSearch in order to create the default index in Kibana as well as load the pre-made Dashboards, Visualizations, and Searches into Kibana (requires the correct indexes to work).

Complete the remaining items:

  • Run sample data through CDQR into the ElasticSearch database (sample Virtual Machines can be found at the DFIR Training site or by using CyLR to collect from a sample host (much faster).
  • Sample Command: ~/cdqr.py -p win <disk image or CyLR resulting .zip file> --es_kb testing
  • The first time logged into Kibana it asks to create a default index. Use case_cdqr-* for the index and ensure that the data is fully loaded from previous step
  • In Kibana click Management -> Saved Objects -> Import and use the file that has all of the Skadi specific Dashboards/Visualizations/Searches kibana_6.x.json