About lukasj

lukasj · ‎10-29-2018

Installation on RHEL7 worked (for me) with the following steps: Installation of required packages sudo yum install wget git gcc python-devel libffi-devel openssl-devel Install and setup pip and ansible wget https://bootstrap.pypa.io/get-pip.py sudo -H python get-pip.py sudo -H pip install ansible Download application code #sudo git clone https://github.com/PaloAltoNetworks/minemeld-ansible.git Downgrade pip to prevent an installation issue with Frigidaire (part of minemeld) #sudo -H /opt/minemeld/engine/current/bin/pip install -U "pip<10.0" Adjust ansible role to reflect environment (e.g. selinux was not active on this machine, so the ansible role failed with the first try) #sudo vim ./roles/minemeld/tasks/RedHat-7-post.yml Uncomment selinux policy deployment and selinux policies (if required) #- name: enable nginx connections to upstream # command: setsebool -P httpd_can_network_connect 1 #- name: copy collectd selinux policy file # copy: # src: mmcollectd.pp # dest: /tmp/mmcollectd.pp # owner: root # group: root # mode: 0600 #- name: load selinux collectd policy # command: semodule -i /tmp/mmcollectd.pp Run the local ansible services installation #sudo ansible-playbook -K -i 127.0.0.1, local.yml Installation should complete without errors (if there is an error, ansible logs give you a good indication what went wronf) 127.0.0.1 : ok=78 changed=29 unreachable=0 failed=0 Add users to minemeld group #sudo usermod -a -G minemeld root #sudo usermod -a -G minemeld <you user> Check service status: # sudo -u minemeld /opt/minemeld/engine/current/bin/supervisorctl -c /opt/minemeld/supervisor/config/supervisord.conf status 4 Services should run (if not, check the logs) minemeld-engine RUNNING pid 26418, uptime 0:43:26 minemeld-supervisord-listener RUNNING pid 26417, uptime 0:43:26 minemeld-traced RUNNING pid 26419, uptime 0:43:26 minemeld-web RUNNING pid 26420, uptime 0:43:26 Ensure the Web Interface is up and running. Login as user admin an change the default password. Note: After this is complete, in case you want to use Client-Cert protected feeds; You need to update minmelds gevent (as it ssems to have an issue on rhel 7) For this, stop minemeld, install and upgrade python gevent, replace minemelds gevent, start minemeld services. #sudo systemctl stop minemeld #sudo pip install --upgrade gevent Replace /opt/minemeld/engine/current/lib/python2.7/site-packages/gevent with /usr/lib64/python2.7/site-packages/gevent #sudo systemctl start minemeld After the installation, i suggest you move the logs to /var/log; implement logorotate, harden NGINX and the local services added by the minemeld installation. Happy Mining.

lukasj · ‎10-25-2018

FYI, in case anyone runs into this issue i described earlier: /opt/minemeld/log/minemeld-engine.log tells me: 2018-10-17T18:30:41 (12180)basepoller._poll ERROR: Exception in polling loop for <your miner node>: 'module' object has no attribute 'sslwrap' This can be solved by replacing minemelds internal python "gevent" with a newer version. For whatever reason, minmeld brings it own "gevent" in /opt/minemeld/engine/current/lib/python2.7/site-packages/gevent this outdated gevent version seems to cause issue with the Python Version installed on RHEL 7. Just install the latest Version (pip install --upgrade gevent) and then replace the minemeld "gevent" with the new version from /usr/lib64/python2.7/site-packages/gevent. After that the FS-ISAC Feed/Miner (and also other feeds requiring certificate authentication) is working fine on RHEL 7.

lukasj · ‎10-17-2018

Hi I'm running minemeld 0.9.50 on the latest RHEL 7.5. Now i tried to attach the the FS-ISAC feed, username feed, cert, seems to be fine. When i manuall pull the feed from the Node; "LAST RUN" receives the State ERROR: 'module' object has no attrbute 'sslwrap'. /opt/minemeld/log/minemeld-engine.log tells me: 2018-10-17T18:30:40 (12180)basepoller._polling_loop INFO: Polling fs-isac-soltra-feed 2018-10-17T18:30:41 (12180)basepoller._poll ERROR: Exception in polling loop for fs-isac-soltra-feed: 'module' object has no attribute 'sslwrap' Traceback (most recent call last): File "/opt/minemeld/engine/core/minemeld/ft/basepoller.py", line 721, in _poll performed = self._polling_loop() File "/opt/minemeld/engine/core/minemeld/ft/basepoller.py", line 571, in _polling_loop iterator = self._build_iterator(now) File "/opt/minemeld/engine/core/minemeld/ft/taxii.py", line 1131, in _build_iterator self._discover_services(tc) File "/opt/minemeld/engine/core/minemeld/ft/taxii.py", line 292, in _discover_services resp = self._call_taxii_service(self.discovery_service, tc, request) File "/opt/minemeld/engine/core/minemeld/ft/taxii.py", line 282, in _call_taxii_service port=port File "/opt/minemeld/engine/current/lib/python2.7/site-packages/libtaxii/clients.py", line 337, in call_taxii_service2 response = urllib.request.urlopen(req) File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python2.7/urllib2.py", line 431, in open response = self._open(req, data) File "/usr/lib64/python2.7/urllib2.py", line 449, in _open '_open', req) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/opt/minemeld/engine/current/lib/python2.7/site-packages/libtaxii/clients.py", line 363, in https_open return self.do_open(self.get_connection, req) File "/usr/lib64/python2.7/urllib2.py", line 1211, in do_open h.request(req.get_method(), req.get_selector(), req.data, headers) File "/usr/lib64/python2.7/httplib.py", line 1041, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1075, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/httplib.py", line 1037, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 881, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 843, in send self.connect() File "/opt/minemeld/engine/current/lib/python2.7/site-packages/libtaxii/clients.py", line 443, in connect ca_certs=self.ca_certs) File "/opt/minemeld/engine/current/lib/python2.7/site-packages/gevent/_ssl2.py", line 410, in wrap_socket ciphers=ciphers) File "/opt/minemeld/engine/current/lib/python2.7/site-packages/gevent/_ssl2.py", line 84, in __init__ self._sslobj = _ssl.sslwrap(self._sock, server_side, AttributeError: 'module' object has no attribute 'sslwrap' Maybe someone else ran into the same/similar issue and knows how to fix this ? It seems to be related to the python code handling the certificate/ssl/tls connectivity.

Date Registered	‎10-16-2018 05:16 AM
Date Last Visited	‎11-04-2018 10:47 AM
Total Messages Posted	3
Total Likes Received	3

Online Status	Offline
Date Last Visited	‎11-04-2018 10:47 AM

About lukasj

Re: need steps to install minemeld on redhat

Re: Prototype for FS-ISAC

Re: Prototype for FS-ISAC

Re: need steps to install minemeld on redhat

Re: Prototype for FS-ISAC

Re: Minemeld Installation on RHEL 7.4

Re: need steps to install minemeld on redhat

Re: Prototype for FS-ISAC

Re: Prototype for FS-ISAC

Network Security

Cloud Security

Security Operations

About lukasj