An easy and powerful way of installing MineMeld is using MineMeld docker image. A docker-based installation of MineMeld can run on any Linux distribution supported by Docker and it is extremely easy to upgrade and maintain.
Overview
The procedure to use MineMeld is pretty simple:
Install Docker (if not already installed) - https://docs.docker.com/install/
Install & Run MineMeld
The rest of the article will guide you thru installing Docker CE on RHEL 7 and run MineMeld on top of it. Only the first part, the one related to installing Docker on RHEL, is RHEL specific. The second part, the one related to MineMeld itself, is distribution independent.
Install Docker on RHEL7
Update your RHEL
sudo yum update -y
Remove old docker version
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
Install container-selinux package from CentOS repo
sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-1.el7_6.noarch.rpm
Install additional packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 container-selinux
Add official Docker CE repo
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Rebuild package cache
sudo yum update -y && sudo yum makecache fast
Install official Docker CE packages
sudo yum install docker-ce docker-ce-cli containerd.io
Start Docker engine
sudo systemctl start docker
Make sure Docker is working
sudo docker run hello-world
Install & Run MineMeld
Pull the latest official image
sudo docker pull paloaltonetworks/minemeld
Create named volumes for data and logs
sudo docker volume create minemeld-logs
sudo docker volume create minemeld-local
Start the container
sudo docker run -dit --name minemeld --restart unless-stopped --tmpfs /run -v minemeld-local:/opt/minemeld/local -v minemeld-logs:/opt/minemeld/log -p 443:443 -p 80:80 paloaltonetworks/minemeld
After ~30 seconds you should see minemeld running in the container logs
[ec2-user@minemeld ~]$ sudo docker logs minemeld
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 7
minemeld: checking if dependencies are running...
run: redis: (pid 18) 0s
run: collectd: (pid 19) 0s
Copying constraints
Starting redis-server...
Regenarating CA bundle
Sep 18 14:07:31 d0b5d1fbc102 syslog-ng[20]: syslog-ng starting up; version='3.5.6'
2019-09-18T14:07:31 (35)cacert_merge.main INFO: config: {'cafile': ['/opt/minemeld/local/certs/site/'], 'dst': '/opt/minemeld/local/certs/bundle.crt', 'config': '/opt/minemeld/local/certs/cacert-merge-config.yml', 'no_merge_certifi': False}
(integer) 0
Starting minemeld...
/opt/minemeld/engine/0.9.64/local/lib/python2.7/site-packages/supervisor/options.py:383: PkgResourcesDeprecationWarning: Parameters to load are deprecated. Call .resolve and .require separately.
return pkg_resources.EntryPoint.parse("x="+spec).load(False)
2019-09-18 14:07:32,153 CRIT Set uid to user 106
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-engine.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-supervisord-listener.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-traced.conf" during parsing
2019-09-18 14:07:32,154 WARN Included extra file "/opt/minemeld/supervisor/config/conf.d/minemeld-web.conf" during parsing
2019-09-18 14:07:32,164 INFO RPC interface 'supervisor' initialized
2019-09-18 14:07:32,164 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2019-09-18 14:07:32,164 INFO supervisord started with pid 21
2019-09-18 14:07:33,167 INFO spawned: 'minemeld-supervisord-listener' with pid 60
2019-09-18 14:07:33,168 INFO spawned: 'minemeld-engine' with pid 61
2019-09-18 14:07:33,170 INFO spawned: 'minemeld-traced' with pid 62
2019-09-18 14:07:33,172 INFO spawned: 'minemeld-web' with pid 63
2019-09-18 14:07:34,322 INFO success: minemeld-supervisord-listener entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:07:34,322 INFO success: minemeld-traced entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:07:34,322 INFO success: minemeld-web entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-09-18 14:08:03,191 INFO success: minemeld-engine entered RUNNING state, process has stayed up for > than 30 seconds (startsecs)
Connect to the Web interface (https://<address>/) and use username admin and password minemeld to login
Check MineMeld Logs
You can check MineMeld engine and MineMeld audit logs from outside the container. Inspect the minemeld-logs volume to grab the directory used by the Docker engine to store volume files. Your logs will be there.
[ec2-user@minemeld ~]$ sudo docker inspect minemeld-logs
[
{
"CreatedAt": "2019-09-18T10:07:32-04:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/minemeld-logs/_data",
"Name": "minemeld-logs",
"Options": {},
"Scope": "local"
}
]
[ec2-user@minemeld ~]$ sudo ls /var/lib/docker/volumes/minemeld-logs/_data
minemeld-engine-stderr---supervisor-PV9ZPJ.log minemeld-supervisord-listener.log minemeld-web-stderr---supervisor-cXauy4.log
minemeld-engine.log minemeld-traced-stderr---supervisor-4V3T4E.log minemeld-web.log
minemeld-supervisord-listener-stdout---supervisor-T3Wfwi.log minemeld-traced.log supervisord.log
Backup MineMeld
The config directory in the minemeld-local volume contains all the file needed to restore the MineMeld installation. You can backup the files by inspecting the volume and perform a backup of the config directory.
[ec2-user@minemeld ~]$ sudo docker inspect minemeld-local
[
{
"CreatedAt": "2019-09-18T10:03:12-04:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/minemeld-local/_data",
"Name": "minemeld-local",
"Options": {},
"Scope": "local"
}
]
[ec2-user@minemeld ~]$ sudo ls /var/lib/docker/volumes/minemeld-local/_data
certs config data library prototypes redis supervisor trace
Upgrade MineMeld
To upgrade to the latest and greatest release:
Pull the latest release
sudo docker pull paloaltonetworks/minemeld
Stop and remove the current container
sudo docker stop minemeld
sudo docker rm minemeld
Start the container
sudo docker run -dit --name minemeld --restart unless-stopped --tmpfs /run -v minemeld-local:/opt/minemeld/local -v minemeld-logs:/opt/minemeld/log -p 443:443 -p 80:80 paloaltonetworks/minemeld
Change MineMeld UI Certificate
The default certificate used by MineMeld is a self-signed certificate. You should change it when running in production. To do it just map your certificate and private key on the default certificate:
sudo docker run -dit \ --name minemeld \ --restart unless-stopped \ --tmpfs /run \ -v minemeld-local:/opt/minemeld/local \ -v minemeld-logs:/opt/minemeld/log \ -v /var/lib/minemeld/real-cert.crt:/etc/nginx/minemeld.cer:ro \ -v /var/lib/minemeld/real-cert.pem:/etc/nginx/minemeld.pem:ro \ -p 443:443 -p 80:80 \ paloaltonetworks/minemeld
... View more