Setup Details:
CPU: 12Cores
Memory : 64GB
Disk: 800GB Disk (Thin Provisioned)
OS: RedHat Enterprise 9.4
VM IP Address: 10.50.10.40 / threatqv6.cdsys.local
Non-sudo user: crest
Steps:
Reference Document: Document
Set the maximum number of inotify instances for the installing user to 300.
sudo sed -i '/^fs\.inotify\.max_user_instances/d' /etc/sysctl.conf && printf "fs.inotify.max_user_instances = 300\n" | sudo tee -a /etc/sysctl.conf >/dev/null && sudo sysctl -p
Enable the RedHat subscription and pin current RHEL 9 release so that you cannot inadvertently upgrade your RHEL 9 environment to an unsupported release
subscription-manager register --username=username --password=password (Use correct username and passwords)
subscription-manager release --show
subscription-manager release --set=9.4
subscription-manager release --show
yum clean all
Add a configuration file for RKE2
sudo mkdir -p /etc/rancher/rke2
sudo tee /etc/rancher/rke2/config.yaml <<EOF > /dev/null
node-name: node
node-ip: 10.50.10.40
node-external-ip: 10.50.10.40
EOF
Enable SElinux in the rke2 config file:
echo "selinux: true" | sudo tee -a /etc/rancher/rke2/config.yaml > /dev/null
Add RKE2 and associated utilities:
sudo tee /etc/profile.d/rke2.sh <<EOF > /dev/null
export PATH="\$PATH:/var/lib/rancher/rke2/bin"
EOF
source /etc/profile.d/rke2.sh
Reboot the VM
reboot
Install RKE2 as a Server Node (Don't Start the service)
curl -sfL https://get.rke2.io | sh -
systemctl status rke2-server.service
systemctl enable rke2-server.service
Reboot the VM
reboot
Check RKE2 service status
systemctl status rke2-server.service
Copy the RKE2 kubeconfig file to non-root user's home directory and set the appropriate permissions (same can be created for root user as well)
mkdir -p ~/.kube
sudo cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
sudo chmod 600 ~/.kube/configsu - crest
mkdir -p ~/.kube
sudo cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
sudo chmod 600 ~/.kube/config
sudo chown crest:crest ~/.kube/config
Switch to root user and check the status of pods.
su - root
kubectl get pods -A
Download the most recent version of TQAdmin by below command.
cd /opt/
curl -fO -u cds https://install-v6.threatq.com/tqadmin.rpm
Install TQAdmin
sudo rpm -Uvh tqadmin.rpm
Run the following command to provision your deployment:
sudo /usr/local/bin/tqadmin configure
Do you want to enable OpenDXL (TQX)? (yes/no): no
Do you want to enable the embedded TAXII server? (yes/no): yes
Do you want to use your own SSL certificate? (yes/no): yes
Enter the file path for your certificate: /opt/certs/cert.crt
Enter the file path for your private key: /opt/certs/cert.key
Do you want to enable CAC/mTLS? (yes/no): no
Enter the FQDN of the server: threatqv6.cdsys.local
Enter your YUM repository username: cds
Enter your YUM repository password: <yum repo password which is of threatq portal to get the threatq updates>
Run the following command to Install ThreatQ (Installer will take approximately 15mins and during this window keep an eye on the screen and don't leave it idle, you can press space bar to keep the session active)
/usr/local/bin/tqadmin platform install
Run the following command to generate the initial password for the ThreatQ Admin user (username = admin):
sudo /usr/local/bin/tqadmin password
Verify your ThreatQ installation, check the status of the pods and services in your Kubernetes cluster.
kubectl get pods -A
kubectl get svc -A
kubectl get pods -n threatq
Access the ThreatQ using WebUI with https
________________________________________________________________________________
To generate the Client_ID and Client_Secret follow the below steps.
Find the API pod details
kubectl get pods --all-namespaces
Connect the API pod using the below command
kubectl exec -it -n threatq api-8448c6f7bd-kq5vj -- /bin/sh
Execute the below command to generate the secrets
cd /var/www/api
php artisan.php threatq:oauth2-client --name "crestapi"
Share the client_id & client_secret with the requester.
No comments:
Post a Comment