本安裝過程的Linux版本為：ubuntu-20.04.2.0-desktop-amd64碎捺，效果圖：

worker

alienvault connector

一号醉、依賴環(huán)境的安裝

1悉抵、 Node.js的安裝

wget https://nodejs.org/dist/v14.16.0/node-v14.16.0-linux-x64.tar.xz

tar xf node-v14.16.0-linux-x64.tar.xz

mv node-v14.16.0-linux-x64 node

sudo ln -s /home/你的用戶名/node/bin/node /usr/local/bin

sudo ln -s /home/你的用戶名/node/bin/npm /usr/local/bin

node -v

npm -v

2岭皂、安裝python3.8

(1) 使用 Anaconda安裝python3.8

bash Anaconda3-2020.11-Linux-x86_64.sh

安裝完后鍵入python：

Python 3.8.5 (default, Sep 4 2020, 07:30:14)

[GCC 7.3.0] :: Anaconda, Inc. on linux

Type "help", "copyright", "credits" or "license" for more information.

（2）安裝python3-pip茬贵，需要等待很長時間

sudo apt-get install python3-pip

備注：

APT安裝出錯：

E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 10260 (unattended-upgr)

N: Be aware that removing the lock file is not a solution and may break your system.

E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?

解決方法：https://blog.csdn.net/qq_44657899/article/details/104571502

（3）安裝elasticsearch簿透，需要等待很長時間

sudo sysctl -w vm.max_map_count=1048575

sudo apt-get install apt-transport-https

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

sudo apt-get update && sudo apt-get install elasticsearch

sudo systemctl start elasticsearch.service

ps -aux |grep elasticsearch

(4)安裝minio

wget https://dl.min.io/server/minio/release/linux-amd64/minio_20210326000041.0.0_amd64.deb

dpkg -i minio_20210326000041.0.0_amd64.deb

sudo MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password minio server /mnt/data

(5)安裝redis

sudo add-apt-repository ppa:redislabs/redis

sudo apt-get update

sudo apt-get install redis

啟動redis服務器：redis-server ?

驗證：

ps -aux |grep redis

redis? ? ? 19339? 0.3? 0.0? 69468? 8976 ?? ? ? ? Ssl? 18:17? 0:00 /usr/bin/redis-server 127.0.0.1:6379

(6)安裝RabbitMQ

https://www.rabbitmq.com/install-debian.html

安裝依賴關系

sudo apt-get update -y

sudo apt-get install curl gnupg debian-keyring debian-archive-keyring -y

添加存儲簽署密鑰

curl -fsSL https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc | sudo apt-key add -

sudo apt-key adv --keyserver"keyserver.ubuntu.com"--recv-keys"F77F1EDA57EBB1CC"

wget-O -"https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey"|sudoapt-key add -

sudo apt-key adv --keyserver"keyserver.ubuntu.com"--recv-keys"F6609E60DC62814E"

開啟HTTPS傳輸

sudo apt-get install apt-transport-https

添加源

sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF

> deb http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu focal main

> deb-src http://ppa.launchpad.net/rabbitmq/rabbitmq-erlang/ubuntu focal main

> deb https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/ focal main

> deb-src https://packagecloud.io/rabbitmq/rabbitmq-server/ubuntu/ focal main

> EOF

安裝erlang包

sudo apt-get update -y

sudo apt-get install -y erlang-base \

? ? ? ? ? ? ? ? ? ? ? ? erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \

? ? ? ? ? ? ? ? ? ? ? ? erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \

? ? ? ? ? ? ? ? ? ? ? ? erlang-runtime-tools erlang-snmp erlang-ssl \

? ? ? ? ? ? ? ? ? ? ? ? erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

安裝rabbitmq-server

sudo apt-get install rabbitmq-server -y --fix-missing

sudo apt-get install rabbitmq-server -y --fix-missing

驗證：

ps -aux |grep rabbitmq

rabbitmq? 25805? 2.2? 0.4 1704048 79528 ?? ? ? Ssl? 18:48? 0:03 /usr/lib/erlang/erts-11.2/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -sbwt none -sbwtdcpu none -sbwtdio none -- -root /usr/lib/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa? -noshell -noinput -s rabbit boot -boot start_sasl -lager crash_log false -lager handlers []

rabbitmq? 25816? 0.0? 0.0? 2504? 1496 ?? ? ? ? Ss? 18:48? 0:00 erl_child_setup 32768

rabbitmq? 25842? 0.0? 0.0? 6360? 196 ?? ? ? ? S? ? 18:48? 0:00 /usr/lib/erlang/erts-11.2/bin/epmd -daemon

rabbitmq? 25861? 0.0? 0.0? 3888? 844 ?? ? ? ? Ss? 18:48? 0:00 inet_gethost 4

rabbitmq? 25862? 0.0? 0.0? 3968? 1772 ?? ? ? ? S? ? 18:48? 0:00 inet_gethost 4

# 啟用 rabbitmq_manager，參考：https://www.cnblogs.com/cnwcl/p/13796611.html

cd /etc/rabbitmq

sudo rabbitmq-plugins enable rabbitmq_management

添加rabbitmq用戶：

# 添加用戶

sudo rabbitmqctl add_user? admin? admin?

# 賦予權限

sudo rabbitmqctl set_user_tags admin administrator

# 賦予 virtual host 中所有資源的配置解藻、寫老充、讀權限

sudo rabbitmqctl? set_permissions -p / admin '.*' '.*' '.*'

# 重啟 rabbitmq

service rabbitmq-server restart

二 、安裝opencti

1螟左、下載opencti

wget -c https://github.com/OpenCTI-Platform/opencti/releases/download/4.3.5/opencti-release-4.3.5.tar.gz

2啡浊、配置應用

$ cd opencti

$ cp config/default.json config/production.json

admin": {

? ? ? "email": "admin@opencti.io",

? ? ? "password": "ChangeMe",

? ? ? "token": "ChangeMe"

token使用https://www.uuidgenerator.net/生成的UUID4

"minio": {

? ? "endpoint": "localhost",

? ? "port": 9000,

? ? "use_ssl": false,

? ? "access_key": "ChangeMe",

? ? "secret_key": "ChangeMe"

? }

"rabbitmq": {

? ? "hostname": "localhost",

? ? "port": 5672,

? ? "port_management": 15672,

? ? "management_ssl": false,

? ? "username": "admin",

? ? "password": "admin"

? },

更改相應的密碼。

3胶背、安裝相關的python

$ cd src/python

$ pip3 install -r requirements.txt

$ cd ../..

ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

pip install --ignore-installed PyYAML

4巷嚣、安裝yarn

sudo npm install yarn -g

啟動opencti:

/home/你的用戶名/node/bin/yarn serv

運行效果：

yarn run v1.22.10

$ node build/index.js

{"version":"4.3.4","level":"info","message":"[OPENCTI] Starting platform","timestamp":"2021-04-04T12:43:39.029Z"}

{"version":"4.3.4","level":"info","message":"[CHECK] ElasticSearch is alive","timestamp":"2021-04-04T12:43:39.241Z"}

{"version":"4.3.4","level":"info","message":"[CHECK] Minio is alive","timestamp":"2021-04-04T12:43:39.252Z"}

{"version":"4.3.4","level":"info","message":"[CHECK] RabbitMQ is alive","timestamp":"2021-04-04T12:43:39.293Z"}

{"version":"4.3.4","level":"info","message":"[CHECK] Redis is alive","timestamp":"2021-04-04T12:43:39.296Z"}

{"version":"4.3.4","level":"info","message":"[CHECK] Python3 is available","timestamp":"2021-04-04T12:43:39.596Z"}

{"version":"4.3.4","level":"info","message":"[INIT] New platform detected, initialization...","timestamp":"2021-04-04T12:43:39.676Z"}

{"version":"4.3.4","level":"info","message":"[INIT] Elasticsearch indexes loaded","timestamp":"2021-04-04T12:43:41.195Z"}

{"version":"4.3.4","level":"info","message":"[INIT] Creating migration structure","timestamp":"2021-04-04T12:43:41.195Z"}

{"version":"4.3.4","level":"info","message":"[INIT] Initialization of settings and basic elements","timestamp":"2021-04-04T12:43:41.555Z"}

{"version":"4.3.4","level":"info","message":"[INIT] Platform default initialized","timestamp":"2021-04-04T12:43:44.275Z"}

{"version":"4.3.4","level":"info","message":"[INIT] admin user initialized","timestamp":"2021-04-04T12:43:45.138Z"}

{"version":"4.3.4","level":"info","message":"[STREAM] Starting streaming processor","timestamp":"2021-04-04T12:43:46.107Z"}

{"version":"4.3.4","level":"info","message":"[OPENCTI] Servers ready on port 4000","timestamp":"2021-04-04T12:43:46.109Z"}

opencti的鏈接：http://localhost:4000

一些bug:

虛擬機斷電后，文件系統(tǒng)變成只讀文件了钳吟。

解決方案：https://www.kafan.cn/edu/46111822.html

sudo fsck / -y

命令進行修復

5廷粒、安裝worker

$ cd worker

$ pip3 install -r requirements.txt

# 添加opencti的url連接和admin_token

$ cp config.yml.sample config.yml

啟動多個worker:

$ python3 worker.py &

$ python3 worker.py &

6、安裝connector

git clone https://github.com/OpenCTI-Platform/connectors

進入任何一個連接器的目錄砸抛，修改config.yml.sample评雌，添加opencti的url和admin token树枫，以及連接器的uuidv4和相關的配置項。

以alienvault為例：

opencti:

? url: 'http://localhost:4000'

? token: '1938cxxc-ab2c-4857-877e-43198e6858f1'

connector:

? id: 'a33f54d7-d6xx-41c9-8fff-f64da4ef5570'

? type: 'EXTERNAL_IMPORT'

? name: 'AlienVault'

? scope: 'alienvault'

? confidence_level: 15 # From 0 (Unknown) to 100 (Fully trusted)

? update_existing_data: false

? log_level: 'info'

alienvault:

? base_url: 'https://otx.alienvault.com'

? api_key: 'xx87xxcf1e877f8512xx3a9a184xxb6xx2342axx77ba728xxc95125fc75907xx'

? tlp: 'White'

? create_observables: true

? create_indicators: true

? pulse_start_timestamp: '2020-05-01T00:00:00'? # ISO 8601

? report_type: 'threat-report'

? report_status: 'New'? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? # New, In progress, Analyzed and Closed

? guess_malware: false? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? # Use tags to guess malware

? guess_cve: false? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? # Use tags to guess CVE

? excluded_pulse_indicator_types: 'FileHash-MD5,FileHash-SHA1'? # Excluded Pulse indicator types

? interval_sec: 1800? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? # Seconds

修改黑色文字景东。