MineMeld Articles

Featured Article
An easy way to use MineMeld is installing the binary packages on an Ubuntu 16.04 instance. Note: Binary packages are only available for 64 bits architectures.   Supported distributions Ubuntu Server LTS 16.04 (64 bits)   1. Hardening the instance First thing you should harden your new instance. MineMeld won't take of this for you. A good tutorial is this one.   2. Update the instance Update all the packages of the instance before installing. sudo apt update && sudo apt dist-upgrade -y   3. Setting up iptables You can use the following commands to configure iptables to allow sessions on ports used by MineMeld. Also these rules drop all IPv6 traffic, if you are running MineMeld in an IPv6 network make sure you change the suggested rules.   sudo apt install -y iptables-persistent sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --dport 13514 -j ACCEPT sudo iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT sudo iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT sudo iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT sudo iptables -P INPUT DROP sudo iptables -P FORWARD DROP sudo bash -c "iptables-save > /etc/iptables/rules.v4" sudo ip6tables -A INPUT -i lo -j ACCEPT sudo ip6tables -P INPUT DROP sudo ip6tables -P FORWARD DROP sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"   4. Adding the repo GPG key Add the MineMeld repo GPG key to the APT trusted keyring:    wget -qO - https://minemeld-updates.panw.io/gpg.key | sudo apt-key add -   Double check the GPG key fingerprint, to make sure it is matching the official MineMeld GPG key (fingerprint should match characters in bold):   apt-key adv --fingerprint DD0DA1F9 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.W74MaAG3pI --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --fingerprint DD0DA1F9 pub 4096R/DD0DA1F9 2016-07-15 Key fingerprint = E558 CE6E 3968 0F31 8F6C BFAC B401 E02E DD0D A1F9 uid Palo Alto Networks, MineMeld Team <minemeld@paloaltonetworks.com> [...]   5. Adding the MineMeld APT repo Add the MineMeld APT repo to the system list and update the apt cache:   sudo add-apt-repository "deb http://minemeld-updates.panw.io/ubuntu xenial-minemeld main" sudo apt update   6. Installing nginx and redis MineMeld requires nginx and redis. We have to install them before installing MineMeld package to avoid configuration conflicts: sudo apt install -y nginx redis-server   7. Installing MineMeld Install the MineMeld infrastructure package via apt. This will also automatically trigger the download of the latest MineMeld packages.    sudo apt install -o Dpkg::Options::="--force-overwrite" -y minemeld   8. Restart We should restart the instance to make sure all the configurations are applied and all the services are started in the right order: sudo shutdown -r now   9. Checking if MineMeld is running Check if the 3 MineMeld services are up and running:   $ sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/supervisor/config/supervisord.conf status minemeld-engine RUNNING pid 3727, uptime 0:08:50 minemeld-traced RUNNING pid 3728, uptime 0:08:50 minemeld-web RUNNING pid 3729, uptime 0:08:50 minemeld-supervisord-listener RUNNING pid 3730, uptime 0:08:50   10. BAM! Done! Check the Quick Tour article to get started.
View full article
lmori ‎10-28-2019 09:02 AM
25,596 Views
21 Replies
2 Likes
Ask Questions Get Answers Join the Live Community
Labels