Installation
To start:
include::./_macros.adoc[]
All the commands in this section need to be executed as root.
tiCrypt is only supported on CentOS/Redhat 7.0. Support for CentOS/RedHat 8.0 is planned for the future.
The main tiCrypt audit's dependencies are:
- A web server like Nginx
- A firewall such as
firewalld - The Clickhouse database
- (Optional) The MaxMind geolocation database
- (Optional) OpenSSL for key generation
Installing pre-requisites
Installing Nginx
include::@site/common/install_nginx.adoc[]
Follow the link: The Nginx Install Guide
Installing firewalld
include::@site/common/install_firewalld.adoc[]
Follow the link: The firewalld Install Guide
Installing Clickhouse
Following the guide at link: Clickhouse Centos Install Guide, we can install Clickhouse following the steps below.
Use Clickhouse v20.3.8.53 or later.
We first install dependencies:
yum install –y pygpgme yum-utilshere
then create the file /etc/yum.repos.d/altinity_clickhouse.repo with the content:
[altinity_clickhouse]
name=altinity_clickhouse
baseurl=https://packagecloud.io/altinity/clickhouse/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt`
`metadata_expire=300`
`[altinity_clickhouse-source]
name=altinity_clickhouse-source
baseurl=https://packagecloud.io/altinity/clickhouse/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
We then finish the installation:
Enable the repository
yum –q makecache –y --disablerepo’*’ --enablerepo=’altinity_clickhouse’
Install clickhouse client and server
yum install –y clickhouse-server clickhouse-client
We need to make sure Clickhouse server is started and enabled:
systemctl start clickhouse-server
systemctl enable clickhouse-server
You can verify that the installation is correct with:
clickhouse-client
tiCrypt show databases
You should see the clickhouse client starting and then displaying database information.
Downloading MaxMind GeoIP2 geolocation library
The MaxMind geolocation library allows the matching of IP addresses to locations. tiCrypt audit can use this library to enhance the information it displays.
Due to licensing issues, you need to register and download the database yourself from link: Maxmind GeopIP2
For the installation instructions of tiCrypt audit, we will assume that the file
/root/GeoLite2-City_20200505.tar.gz
exists. The exact file name will depend on the version you download.
Note the download path down so that you can correctly use it in the installation of tiCrypt steps.
Installing tiCrypt Audit
tiCrypt Audit is made available in the form of RPMs for CentOS/RedHat 7.0. The latest version is available from link:{ta-dir}{ta-file}[]
Installation consists simply of downloading and installing the RPM.
[subs="attributes+"]
Grab the tiCrypt audit RPM
wget {ta-dir}{ta-file}
Install
yum -y install {ta-file}
We now create a directory structure where tiCrypt audit files will be placed
mkdir -p /var/lib/tiaudit
and place the GeoIP2 database in it, if desired
cp /var/lib/tiaudit
tar -xzvf /root/GeoLite2-City_20200505.tar.gz
and then fix the permissions
chown -R tiaudit:tiaudit /var/lib/tiaudit/
The two services comprising the tiCrypt audit system need to be enabled:
systemctl enable tiaudit
systemctl enable tiaudit-logger
We now create a directory structure where tiCrypt Audit files will be placed:
mkdir -p /var/lib/tiaudit
and place the GeoIP2 database in it, if desired:
cp /var/lib/tiaudit
tar -xzvf /root/GeoLite2-City_20200505.tar.gz
and then fix the permissions:
chown -R tiaudit:tiaudit /var/lib/tiaudit/
The two services comprising the tiCrypt Audit system need to be enabled:
systemctl enable tiaudit
systemctl enable tiaudit-logger