Skip to content

Docker ISO setup

Jump to bottom
Peter Manev edited this page Jun 13, 2024 · 15 revisions

Get the ISO

You can download the ISOs from https://www.stamus-networks.com/selks

SHA256 checksums:

Version Sha256 checksum
SELKS-10-desktop.iso c2c01b8f1fa39c61f9df253234e3dd2a851dc011ca21392d8e81a911390bc6b5
SELKS-10-no-desktop.iso a7d5dd09046d5887129d6ab8af01edf125f29880f81ad696055f624bc2e4187f

First time setup

Non interactive, air gapped mode. The below command will setup the selks installation:

  • in non-interactive mode
  • install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer) without pulling anything from the internet
  • use the interface tppdummy0 as sniffing interface
  • use 8GB of RAM for Elasticsearch
  • start up the installation (docker compose)

Examples:

sudo -s

cd /opt/selksd/SELKS/docker/ && \
./easy-setup.sh --non-interactive --no-pull-containers -i tppdummy0 \
--iA --restart-mode always --es-memory 8G && \
docker-compose up -d

If needed the latest SELKS code can also be pulled like so:

cd /opt/selksd/SELKS/ && \
git pull

Then run the easy-setup script again followed by docker compose as the example above.

Usage and logon credentials

You need to authenticate to access to the web interface(see the HTTPS access section below ). The default user/password is selks-user/selks-user (including through the Dashboards or Scirius desktop icons). You can change credentials and user settings by using the top left menu in Scirius.
More info about the user roles and set up - https://github.com/StamusNetworks/scirius#usage

For the ISO users

Default OS user:

  • user: selks-user
  • password: selks-user (password in Live mode is live)

The default root password is StamusNetworks

More setup examples

Interactive with latest updated containers and software

  • update/pull and install all containers (elasticsearch/suricata/ngingx/logstash/kibana/scirius/evebox/portainer)
  • use the interface tppdummy0 as sniffing interface
  • use 8GB of RAM for Elasticsearch, 1GB
  • start up the installation (docker compose)

Example:

cd /opt/selksd/SELKS/docker/
docker-compose down
git pull
./easy-setup.sh --iA --es-memory 8G 
docker-compose pull
sudo -E docker-compose up -d --force-recreate

Setting up dummy interface

If you would not want to sniff on specific system interface and want to set up a dummy interface for sniffing to replay for example specific pcap cases:

Example:

ip link add tppdummy0 type dummy && \
ip link set tppdummy0 up && \
ifconfig tppdummy0 mtu 1572

Production setup considerations

See https://github.com/StamusNetworks/SELKS/wiki/Docker#production-setup

Getting Help

Help

Clone this wiki locally