Sensor Install

From The MetaFlows Security System Documentation
Jump to: navigation, search

The previous chapter described steps required to instantiate and configure a sensor. The following sections describes the procedure for downloading the sensor software and installing it on Linux or as a VMware virtual machine.

Downloading Sensor Software

The View Sensors page will display links for the VMWare and Linux downloads as shown in <xr id="fig:sensor_download"/>. For a 32/64-bit Linux CentOS or RedHat operating system, select the Linux link. For any other operating system select the VMware option. Download the VMware or Linux zip file and save it in a place where you can easily locate it when the download completes. You will then need to copy the zip file to the disk of the machine on which you wish to install the sensor.

<figure id="fig:sensor_download">

Sensor Download
Sensor Download Options

</figure>

Linux software Installation Procedures

We require Linux CentOS/Redhat 64 bit Operating Systems. As root execute the following commands: 

unzip linux.zip
cd nsm
./setup.sh

In most cases you should answer yes to all the questions.

The setup.sh script requires that the machine on which it is run has a correctly configured network since a number of the operations require the download of packages from the Internet. This script will also post to MetaFlows some debugging information to facilitate installation support in case something goes wrong. The MSS installation is a very complex process. MetaFlows has put a lot of effort in minimizing installation problems; however given the high complexity of modern system design, installation problems may emerge. Typically these can be resolved easily by MetaFlows and once installed the system is EXTREMELY stable. We therefore STRONGLY encourage users to promptly contact support@metaflows.com for any installation problem. After the setup.sh script terminates successfully, you will not need to run it again. You can now start the sensor with:

/nsm/etc/mss.sh start

Each time the MSS starts it downloads the latest binaries and the latest security updates and rules. This command requires the machine to be connected to the Internet.

Initial Boot Up
The first time you run, you will be asked to enter your Metaflows account User ID and Password. You will also be asked to "Enter the sensor number from the list above." The number requested will be located just below the "Password" field. See <figure id="fig:vmware_bootup">.

VMware Bootup
Enter the number in the yellow box when prompted

</figure>

This configuration step assign a unique identifier to the machine where the MSS is starting. Once the ID is assigned (in /nem/etc/UUID), this step will not be repeated again unless the user purposely resets the association by setting the sid variable to 0 in the file /nsm/etc/UUID.

NOTE THAT changing the sensor configuration on the website through the sensors menu form DOES NOT require the re-installation of the sensor. ANY configuration change can simply be reflected in the running sensor by issuing the command /nsm/etc/mss.sh restart. Each time the sensor restarts, the complete configuration is rebuilt from scratch using a phone-home mechanism. IDS Rule configuration changes apply automatically every 12 hours without user interaction. IDS Rule configuration changes can also be applied by clicking on the Reload icon in the rule configuration menu (which does not cause a restart bu simply a rule reload).

VMware Appliance Installation Procedures

Unzip the downloaded vmware.zip file. The contents of the download are displayed here in <xr id="fig:vm_download"/>. Extract all files to a convenient location. Double-click the VM.vmx file that you extracted.
<figure id="fig:vm_download">

MetaFlows VMware Download Contents
MetaFlows VMware Download Contents

</figure>


Initial Boot Up <figure id="fig:Vmware_bootup">

VMware Bootup
Enter the number in the yellow box when prompted

</figure> The first time you boot the VMWare appliance, you will be asked to enter your Metaflows account User ID and password. You will also be asked to "Enter the sensor number from the a list of sensor you have previously configured." The number requested will be located just below the "Password" field. See <xr id="fig:Vmware_bootup"/>. This configuration step assign a unique identifier to the machine where the MSS is starting. Once the ID is assigned (in /nem/etc/UUID), this step will not be repeated again unless the user purposely resets the association by setting the sid variable to 0 in the file /nsm/etc/UUID.

Note that changing the sensor configuration on the website through the sensors menu form does not require the re-installation of the sensor. Any configuration change can simply be reflected in the running sensor by issuing the command /nsm/etc/mss.sh restart. Each time the sensor restarts, the complete configuration is rebuilt from scratch using a phone-home mechanism. IDS Rule configuration changes apply automatically every 12 hours without user interaction. IDS Rule configuration changes can also be applied by clicking on the Reload icon in the rule configuration menu (which does not cause a restart bu simply a rule reload).


Setup Complete <figure id="fig:sensor_setup_complete">

Sensor Setup Complete
Setup is complete

</figure> When you reach the page shown in <xr id="fig:sensor_setup_complete"/> the sensor will be up and running.

Configure Share Folders

<figure id="fig:vm_folder">

VMware Shared Folders Settings
VMware Shared Folders Settings

</figure> Once the start up process is complete, click on the ‘Virtual Machine’ drop down menu – select ‘Virtual Machine Options'. Under the ‘Options’ tab click on ‘Shared Folders’ and set to ‘Always enabled’ as displayed in <xr id="fig:vm_folder"/>. You need to do this in order to store logs generated by your sensor.

If there are no folders in the "Folders" window (see <xr id="fig:vm_folder"/>) you will need to click the "Add" button to launch the VMWare Add Shared Folders Wizard. In the Wizard, in the "Host" field choose a file path that will be convenient for you to access system logs. Click "Browse" to choose a location on the machine's hard drive. Under the "Name" field choose a name for this location (this can be anything that makes sense to you).

Note that it is recommended that you reserve several gigabytes of disk space for the logs. You can also create a new directory using the create folder command.

Virtual Machine Sensor Management

<figure id="fig:vm_sensor_mgmt">

Virtual Machine Sensor Mangement
Virtual Machine Sensor Management

</figure> When you run the VM.vmx virtual machine, it will automatically start all sensor processes and display debug and status information to the virtual machine console. To clear the screen simply press enter. The console should display a screen like the one shown in <xr id="fig:vm_sensor_mgmt"/>.

This is a simple menu-based sensor management interface. The different actions are invoked by selecting the corresponding number and pressing Enter.

  1. Reboot the virtual machine
  2. Exit to a login prompt where you can log into the sensor as root using your MetaFlows password
  3. Restarts the sensor or starts it if it is not running.
  4. Stop the sensor.
  5. Launch the stats program to monitor traffic locally.
  6. Shutdown the vm.


You can log in to the virtual machine by entering 1 and then logging in as user root and using the same password you use to log in to your MetaFlows account. You can also ssh into the sensor by noting the IP address of the virtual machine and executing: 

ssh root@<IPaddress>

To get the IP address of your sensor, you can select option 2 or execute the following in the VMware Player console: 

ifconfig eth0
Previous Chapter Next Chapter
Retrieved from "https://docs.metaflows.com/index.php?title=Sensor_Install&oldid=2138"