Who rated this article

lmori · ‎03-12-2019

Note: Palo Alto Networks made an end-of-life announcement about the MineMeld™ application in AutoFocus™ on August 1, 2021. Please read this article to learn about our recommended migration options.

An easy way to use MineMeld is installing the binary packages on an Ubuntu 16.04 instance.

Note: Binary packages are only available for 64 bits architectures.

Supported distributions

Ubuntu Server LTS 16.04 (64 bits)

1. Hardening the instance

First thing you should harden your new instance. MineMeld won't take of this for you. A good tutorial is this one.

2. Update the instance

Update all the packages of the instance before installing.

sudo apt update && sudo apt dist-upgrade -y

3. Setting up iptables

You can use the following commands to configure iptables to allow sessions on ports used by MineMeld. Also these rules drop all IPv6 traffic, if you are running MineMeld in an IPv6 network make sure you change the suggested rules.

sudo apt install -y iptables-persistent
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 13514 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo bash -c "iptables-save > /etc/iptables/rules.v4"
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -P INPUT DROP
sudo ip6tables -P FORWARD DROP
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"

4. Adding the repo GPG key

Add the MineMeld repo GPG key to the APT trusted keyring:

 wget -qO - https://minemeld-updates.panw.io/gpg.key | sudo apt-key add -

Double check the GPG key fingerprint, to make sure it is matching the official MineMeld GPG key (fingerprint should match characters in bold):

apt-key adv --fingerprint DD0DA1F9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.W74MaAG3pI --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --fingerprint DD0DA1F9
pub 4096R/DD0DA1F9 2016-07-15
 Key fingerprint = E558 CE6E 3968 0F31 8F6C BFAC B401 E02E DD0D A1F9
uid Palo Alto Networks, MineMeld Team <minemeld@paloaltonetworks.com>
[...]

5. Adding the MineMeld APT repo

Add the MineMeld APT repo to the system list and update the apt cache:

sudo add-apt-repository "deb http://minemeld-updates.panw.io/ubuntu xenial-minemeld main"
sudo apt update

6. Installing nginx and redis

MineMeld requires nginx and redis. We have to install them before installing MineMeld package to avoid configuration conflicts:

sudo apt install -y nginx redis-server

7. Installing MineMeld

Install the MineMeld infrastructure package via apt. This will also automatically trigger the download of the latest MineMeld packages.

sudo apt install -o Dpkg::Options::="--force-overwrite" -y minemeld

8. Restart

We should restart the instance to make sure all the configurations are applied and all the services are started in the right order:

sudo shutdown -r now

9. Checking if MineMeld is running

Check if the 3 MineMeld services are up and running:

$ sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/local/supervisor/config/supervisord.conf status
minemeld-engine RUNNING pid 3727, uptime 0:08:50
minemeld-traced RUNNING pid 3728, uptime 0:08:50
minemeld-web RUNNING pid 3729, uptime 0:08:50
minemeld-supervisord-listener RUNNING pid 3730, uptime 0:08:50

10. BAM!

Done! Check the Quick Tour article to get started.

Unlock your full community experience!