From 6b806cf88ef628055fe304f7ab1483146deb5dba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= Date: Sat, 24 Oct 2020 08:26:09 +0200 Subject: [PATCH] #199 update installation guide --- installation/install-guide.md | 46 +++++++++++++++-------------------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/installation/install-guide.md b/installation/install-guide.md index 1e195f4..2ec6af0 100644 --- a/installation/install-guide.md +++ b/installation/install-guide.md @@ -45,7 +45,7 @@ And setup your system to connect the RPM repository. Create and edit the file `/ enabled=1 priority=1 name=TheHive-Project RPM repository -baseurl=http://rpm.thehive-project.org/stable/noarch +baseurl=http://rpm.thehive-project.org/stable/es7 gpgcheck=1 ``` @@ -91,7 +91,7 @@ To install the Debian package, use the following commands: ```bash curl https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY | sudo apt-key add - -echo 'deb https://deb.thehive-project.org stable main' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list +echo 'deb https://deb.thehive-project.org stable main es7' | sudo tee -a /etc/apt/sources.list.d/thehive-project.list sudo apt-get update sudo apt-get install thehive ``` @@ -123,7 +123,7 @@ file starts Elasticsearch and TheHive: version: "2" services: elasticsearch: - image: elasticsearch:6.8.8 + image: elasticsearch:7.9.1 environment: - http.host=0.0.0.0 - discovery.type=single-node @@ -132,13 +132,13 @@ services: soft: 65536 hard: 65536 cortex: - image: thehiveproject/cortex:latest + image: thehiveproject/cortex:3.1.0-1 depends_on: - elasticsearch ports: - "0.0.0.0:9001:9001" thehive: - image: thehiveproject/thehive:latest + image: thehiveproject/thehive:3.5.0-1 depends_on: - elasticsearch - cortex @@ -228,13 +228,13 @@ Once the Docker image is up and running, proceed to the configuration using the If you would like to use pre-release, beta versions of our Docker images and help us find bugs to the benefit of the whole community, please use `thehiveproject/thehive:version-RCx`. For example `thehiveproject/thehive:3.1.0-RC1`. ### Binary -The following section contains the instructions to manually install TheHive using binaries on **Ubuntu 18.04 LTS**. +The following section contains the instructions to manually install TheHive using binaries on **Ubuntu 20.04 LTS**. #### 1. Minimal Ubuntu Installation -Install a minimal Ubuntu 18.04 system with the following software: +Install a minimal Ubuntu 20.04 system with the following software: - Java runtime environment 1.8+ (JRE) -- Elasticsearch 5.x +- Elasticsearch 7.x Make sure your system is up-to-date: @@ -261,12 +261,12 @@ Download and unzip the chosen binary package. TheHive files can be installed whe ```bash cd /opt -wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip +wget https://download.thehive-project.org/thehive-latest.zip unzip thehive-latest.zip ln -s thehive-x.x.x thehive ``` -**Note**: if you would like to use pre-release, beta versions of and help us find bugs to the benefit of the whole community, please download `https://dl.bintray.com/thehive-project/binary/thehive-version-RCx.zip`. For example `https://dl.bintray.com/thehive-project/binary/thehive-3.1.0-RC1.zip`. +**Note**: if you would like to use pre-release, beta versions of and help us find bugs to the benefit of the whole community, please download `https://download.thehive-project.org/thehive-version-RCx.zip`. For example `https://download.thehive-project.org/thehive-3.5.0-RC1-1.zip`. #### 5. First start It is recommended to use a dedicated, non-privileged user account to start TheHive. If so, make sure that the chosen account can create log files in `/opt/thehive/logs`. @@ -353,7 +353,7 @@ restart the service. ```bash service thehive stop cd /opt -wget https://dl.bintray.com/thehive-project/binary/thehive-latest.zip +wget https://download.thehive-project.org/thehive-latest.zip unzip thehive-latest.zip rm /opt/thehive && ln -s thehive-x.x.x thehive chown -R thehive:thehive /opt/thehive /opt/thehive-x.x.x @@ -469,12 +469,10 @@ Configure TheHive, read the [Configuration Guide](../admin/configuration.md). Fo Edit `/etc/elasticsearch/elasticsearch.yml` and add the following lines: ``` -network.host: 127.0.0.1 -script.inline: true +http.host: 127.0.0.1 +discovery.type: single-node cluster.name: hive -thread_pool.index.queue_size: 100000 thread_pool.search.queue_size: 100000 -thread_pool.bulk.queue_size: 1000 ``` Start the service: @@ -521,7 +519,7 @@ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key D88E42B4 # wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - # Debian repository configuration -echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list +echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list # Install https support for apt sudo apt install apt-transport-https @@ -542,8 +540,8 @@ Create the file `elasticsearch.repo` in `/etc/yum/repos.d/` for RedHat and CentO ``` [elasticsearch-5.x] -name=Elasticsearch repository for 5.x packages -baseurl=https://artifacts.elastic.co/packages/5.x/yum +name=Elasticsearch repository for 7.x packages +baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 @@ -578,12 +576,9 @@ The cluster name must also be set (`hive` for example). Threadpool queue size mu Edit `/etc/elasticsearch/elasticsearch.yml` and add the following lines: ``` -network.host: 127.0.0.1 -script.inline: true +http.host: 127.0.0.1 cluster.name: hive -thread_pool.index.queue_size: 100000 thread_pool.search.queue_size: 100000 -thread_pool.bulk.queue_size: 100000 ``` ### Start the Service @@ -610,15 +605,14 @@ docker run \ --hostname elasticsearch \ --rm \ --publish 127.0.0.1:9200:9200 \ - --publish 127.0.0.1:9300:9300 \ - --volume ***DATA_DIR***:/usr/share/elasticsearch/data \ + --volume ***DATA_DIR***:/usr/share/elasticsearch/data \ -e "http.host=0.0.0.0" \ - -e "transport.host=0.0.0.0" \ + -e "discovery.type=single-node" \ -e "xpack.security.enabled=false" \ -e "cluster.name=hive" \ -e "script.inline=true" \ -e "thread_pool.index.queue_size=100000" \ -e "thread_pool.search.queue_size=100000" \ -e "thread_pool.bulk.queue_size=100000" \ - docker.elastic.co/elasticsearch/elasticsearch:5.6.0 + docker.elastic.co/elasticsearch/elasticsearch:7.9.1 ```