Installation
All the commands in this section need to be executed as root.
tiCrypt is only supported on CentOS/Redhat 7.0. Support for CentOS/RedHat 8.0 is planned for the future.
The main tiCrypt audit's dependencies are:
- A web server like Nginx.
- A firewall such as
firewalld. - The Clickhouse database.
- (Optional) The MaxMind geolocation database.
- (Optional) OpenSSL for key generation.
Installing pre-requisites
Installing Nginx
include::@site/common/install_nginx.adoc[]
Learn more by following the The Nginx Install Guide.
Installing firewalld
include::@site/common/install_firewalld.adoc[]
Learn more by following the The firewalld Install Guide.
Installing Clickhouse
Learn more by following the Clickhouse Centos Install Guide.
- Use Clickhouse v20.3.8.53 or later.
We can install Clickhouse following the steps below.
We first install dependencies:
yum install –y pygpgme yum-utilshere
then create the file
/etc/yum.repos.d/altinity_clickhouse.repo
with the content:
[altinity_clickhouse]
name=altinity_clickhouse
baseurl=https://packagecloud.io/altinity/clickhouse/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[altinity_clickhouse-source]
name=altinity_clickhouse-source
baseurl=https://packagecloud.io/altinity/clickhouse/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
We then finish the installation.
Enable the repository
yum –q makecache –y --disablerepo’*’ --enablerepo=’altinity_clickhouse’
Install clickhouse client and server
yum install –y clickhouse-server clickhouse-client
We need to make sure Clickhouse server is started and enabled:
systemctl start clickhouse-server
systemctl enable clickhouse-server
You can verify that the installation is correct with:
clickhouse-client
tiCrypt show databases
You should see the clickhouse client starting and then displaying database information.
Downloading MaxMind GeoIP2 geolocation library
The MaxMind geolocation library allows the matching of IP addresses to locations. tiCrypt audit can use this library to enhance the information it displays.
Due to licensing issues, you need to register and download the database yourself from Maxmind GeopIP2.
For the installation instructions of tiCrypt audit, we will assume that the file
/root/GeoLite2-City_20200505.tar.gz
exists. The exact file name will depend on the version you download.
Write down the download path so that you can correctly use it in the installation of tiCrypt steps.
Installing tiCrypt Audit
tiCrypt Audit is made available in the form of RPMs for CentOS/RedHat 7.0.
The installation consists simply of downloading and installing the RPM.
[subs="attributes+"]
Grab the tiCrypt audit RPM
wget {ta-dir}{ta-file}
```js
#### Install
```js
yum -y install {ta-file}
We now create a directory structure where tiCrypt audit files will be placed.
mkdir -p /var/lib/tiaudit
and place the GeoIP2 database in it, if desired
cp /var/lib/tiaudit
tar -xzvf /root/GeoLite2-City_20200505.tar.gz
and then fix the permissions
chown -R tiaudit:tiaudit /var/lib/tiaudit/
The two services comprising the tiCrypt audit system need to be enabled:
systemctl enable tiaudit
systemctl enable tiaudit-logger
We now create a directory structure where tiCrypt Audit files will be placed:
mkdir -p /var/lib/tiaudit
and place the GeoIP2 database in it, if desired:
cp /var/lib/tiaudit
tar -xzvf /root/GeoLite2-City_20200505.tar.gz
and then fix the permissions:
chown -R tiaudit:tiaudit /var/lib/tiaudit/
The two services comprising the tiCrypt Audit system need to be enabled:
systemctl enable tiaudit
systemctl enable tiaudit-logger