Prerequisites
Ensure that you meet the following prerequisites before initiating the deployment. To use this guide successfully, Cyware recommends you to be familiar with deploying software on Linux servers and installing databases on the Linux Enterprise server.
Note
The default shell that is used for the CTIX deployment is Bash.
CTIX License
Ensure that you have a valid CTIX license key before you deploy the CTIX application and database services. After a successful deployment, you must enter the license key to activate and access the CTIX application. Contact Cyware support to get the license key.
Privileges
You must have sudo user privileges for performing the deployment and installation on your servers. The sudo command allows you to run programs as the root user and execute specific system commands at the root level of the system. You must have passwordless sudo privileges to execute commands without a password prompt on all the required servers. Share the system hardening controls that may have been applied to the Operating System before handing over the server to the Cyware team.
SSH Communication
You must enable passwordless SSH authentication to allow SSH communication from the installer server to the Web App and Database servers. For more information, see Set up Passwordless SSH Authentication.
Network Requirements
Share your Public Gateway IP address with the Cyware team, so that we can add your IP address to our Allow Lists and enable your access to our repository domains.
Server Requirements
The supported OS version for installation and configuration of CTIX is RHEL and CentOS version 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, and 9.0.
Synchronize the server used in the CTIX deployment with the Network Time Protocol server of the organization. To check if the system clock is synchronized and NTP is active, run the following command:
timedatectl
Allow Cyware Domains
Add the following Cyware domains to your Allow List. You will require access to these domains during the deployment to download the installation package. You will also need access to the production license server and Cyware Support.
The Docker registries from which the installer and configuration files can be downloaded:
https://packages.cyware.comhttps://prod.packages.cyware.com
https://cylms.cyware.com/v2: License management repository that stores license properties and details allocated to an instance of Cyware product.https://support.cyware.com/hc/en-us: ITSM portal for customers to contact the Cyware support team for assistance.https://techdocs.cyware.com: Technical documentation portal of Cyware.
Intranet Connectivity
Source | Destination | Direction | Port | Comments |
|---|---|---|---|---|
Installer Server | Web App and Database Servers | Unidirectional | 22 | To enable SSH communication between the installer server and the Web App and Database servers. Port 22 is required only during installation and upgrade. |
Proxy/Firewall | Web App Server | Unidirectional | 443 | To enable inbound traffic. |
Web App and Database Servers | Web App and Database Servers | Bidirectional | TCP 2377 and 7946, UDP 7946 and 4789 | To enable Docker Swarm-related communications. |
Disk or Mount Point Requirements
Identify the details of storage mount points that are used for the installation of the application and database services. The expected mount point is /apps/cyware/. Make sure that the mount point has sufficient free storage space with storage disks mounted.
Proxy Configuration
If you have a proxy that acts as a gateway between the users and the internet, you must configure the proxy in all servers that you use for deployment to ensure network connectivity to the Cyware repositories. You can configure the proxy for CTIX in the vars.yml file. For more information see the Update Vars File section in Deployment Procedure.
For more information on how to configure proxy on a Linux server, see Configure Proxy on Linux Server.
Domain Details
If you need the CTIX platform to be available on a specific domain name, have these handy:
Domain Name: Custom domain name on which you want to access the application. For example:
https://tenantcode.myorg.com. You can configure the domain and tenant code of the application in thevars.ymlfile during deployment. For more information, see section Update Vars File in Deployment Procedure.SSL Certificates are required with the following details:
Note
You can also generate and use a self-signed SSL certificate. For more information, see Create Self-Signed SSL Certificate.
Root, Intermediate, and Domain certificates in
.crtformatThe private key of the domain certificate
Store the SSL Certificate (
.crt) and Key (.key) files in the/etc/ssldirectory asssl.crtandssl.keyrespectively.
DNS Configuration on Public/Internal DNS server: Configure domain name resolution on the application’s Web/Virtual IP/Loadbalancer’s IP address.
Docker Requirements
The CTIX application and database services run as Docker containers. Ensure that you meet all the prerequisites to install Docker. For more information, refer to the following prerequisites based on your OS:
Install Python
You must install Python version 3.9 on the installer server to run the Ansible script that deploys the CTIX application and database services.
To install Python on the installer server, run the following commands.
sudo yum install wget -y wget https://packages.cyware.com/repository/cyware/installer/python/install-python39.sh bash install-python39.sh
Note
Installing Python version 3.9 does not affect an earlier version of Python if already installed on the server.
Add Cyware Repository
Add the Cyware repository in your RedHat and CentOS-based distributions for the OS-level library installer to download the CTIX installer package, CTIX application images, and the OS dependencies that are required by CTIX.
To add the Cyware repository to the installer server, do the following:
To create and open a
docker.repofile in the/etc/yum.repos.d/directory, run the following command:vi /etc/yum.repos.d/docker.repo
Update the
docker.repofile with the Cyware repository details. Based on the version of your CentOS and RHEL distribution, see the Cyware repository details below and update.Save and exit.
[cyware-docker] name=Docker CE Stable baseurl=https://packages.cyware.com/repository/docker-yum-proxy/7/$basearch/stable enabled=1 gpgcheck=0 priority=1 [centosplus] name=CentOS-7 - Plus baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/centosplus/$basearch/ gpgcheck=0 enabled=1 [extras] name=CentOS-7 - Extras baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/extras/$basearch/ gpgcheck=0 enabled=1 [cr] name=CentOS-7 - cr baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/cr/$basearch/ gpgcheck=0 enabled=1 [fasttrack] name=CentOS-7 - fasttrack baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/fasttrack/$basearch/ gpgcheck=0 enabled=1 [os] name=CentOS-7 - fasttrack baseurl=https://packages.cyware.com/repository/cyware-yum-group/centos/7/os/$basearch/ gpgcheck=0 enabled=1
[cyware-docker] name=Docker CE Stable baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/8/$basearch/stable enabled=1 gpgcheck=0 priority=1 [centosplus] name=CentOS-8-stream - Plus baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/centosplus/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [extras] name=CentOS-8-stream - Extras baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/extras/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [cr] name=CentOS-8-stream - cr baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/cr/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [Appstream] name=CentOS-8-stream - Appstream baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/AppStream/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [BaseOS] name=CentOS-8-stream - BaseOS baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/BaseOS/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [PowerTools] name=CentOS-8-stream - PowerTools baseurl=https://packages.cyware.com/repository/centos-proxy/centos/8-stream/PowerTools/$basearch/os/ gpgcheck=0 enabled=1 priority=2
[cyware-docker] name=Docker CE Stable baseurl=https://packages.cyware.com/repository/docker-yum-proxy/linux/centos/9/$basearch/stable enabled=1 gpgcheck=0 priority=1 [Appstream] name=CentOS-9-stream - Appstream baseurl=https://packages.cyware.com/repository/centos-9-proxy/AppStream/$basearch/os/ gpgcheck=0 enabled=1 priority=2 [BaseOS] name=CentOS-9-stream - BaseOS baseurl=https://packages.cyware.com/repository/centos-9-proxy/BaseOS/$basearch/os/ gpgcheck=0 enabled=1 priority=3
Update Path Variable
To update the path variable, do the following:
Open the following files:
~/.bash_profileand~/.bashrc.Note
You need sudo privileges to modify these files. Use the sudo command to open these files. For example,
sudo vi ~/.bashrc.Insert the following path variable at the end of the files.
PATH=$PATH:/usr/local/bin:$HOME/bin
Save and exit.
Run the following commands:
source ~/.bash_profile source ~/.bashrc
Install Ansible
You must install Ansible to run the Ansible script that deploys the CTIX application and database services.
To install Ansible on the installer server, run the following command:
pip3.9 install ansible -i https://packages.cyware.com/repository/pypi-group/simple/
To verify if Ansible is installed, run the following command:
ansible --version
Sample Output
[root@ip-10-xx-xx-64 bin]# ansible --version ansible [core 2.13.6] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.9.13 (main, Nov 18 2022, 05:59:41) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] jinja version = 3.1.2 libyaml = True
Install Unzip Command
You must install the unzip command to extract the CTIX installer package. To install the unzip command, run the following command:
sudo yum install -y unzip
Allow External URLs
(Optional) App URLs: Allow outbound connection to the third-party application URLs that you want to integrate with CTIX. For example, CrowdStrike, AlienVault, and more.
(Optional) SSO/SAML URL: Add the embed URL of the SSO/SAML authentication app that you are using to the Allow List. For more information, see Configure SAML 2.0 as the Authentication Method.
(Optional) LDAP URL: Add the URL of the LDAP authentication app that you are using to the Allow List.
(Optional) Google Sign-In URL: Add the following URL to the Allow List to enable the Google Sign-In authentication method:
https://accounts.google.com/gsi/client
Google URL: Allow outbound connections to the following Google URLs:
https://fonts.gstatic.com: To render the Google fonts that are used in the CTIX applicationhttps://maps.googleapis.com: To render Google Maps and display a map view of the IP threat data.
MITRE ATT&CK Navigator URL: Allow outbound connections to the following GitHub URLs to allow access to the MITRE ATT&CK Navigator repository:
https://github.com/mitre-attackhttps://raw.githubusercontent.com/MISP/https://raw.githubusercontent.com/mitre/
Public Suffix URL: Allow outbound connections to the following public suffix URL to render TLD-related widgets in the CTIX dashboards:
https://publicsuffix.org/list/public_suffix_list.dat