3.7 Installing QRadar

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Welcome back to the Cybrary course
00:00
in Building your Infosec lab.
00:00
I'm your host and instructor, Kevin Hernandez.
00:00
In our last lesson, we went ahead and installed CentOS.
00:00
To be more specific,
00:00
we installed CentOS version 7 dot five minimalists.
00:00
This was a specific version
00:00
required for a curator installation.
00:00
In today's lesson, we're actually going to install
00:00
Curator Community Edition Version 7.3.1.
00:00
This version of Curator is completely
00:00
free and you're welcome to use it at your home lab.
00:00
Now before we begin this installation,
00:00
there's some very important steps you need to
00:00
consider in order for this installation to be successful.
00:00
First of all, IPV6 needs to be disabled.
00:00
This is not exactly
00:00
confirmed in the installation manual at all.
00:00
However, during my constant errors
00:00
and troubleshooting, this is what I found.
00:00
Now, one key concept is that
00:00
whenever you do a restart during the installation,
00:00
these parameters might be re-enabled.
00:00
Therefore, you might need to run
00:00
this several times throughout your installation.
00:00
This is part of the reason why
00:00
so many snapshots are taken during our installation.
00:00
Another key values that I found
00:00
very useful in regards to my installation
00:00
is these two parameters in the middle: sed -i, etc.
00:00
These parameters were the ones
00:00
that allowed me to successfully
00:00
modify the DNS and IPV6 values
00:00
so they continue disabled throughout the installation.
00:00
Lastly, as I just mentioned DNS is really important,
00:00
it does not contain IPV6 addresses.
00:00
This will give you an error
00:00
at the end of the installation,
00:00
which will basically render
00:00
your whole experience useless.
00:00
In many cases, if you did not have a snapshot,
00:00
this will mean that you will have to
00:00
install CentOS as a whole,
00:00
as the installation appears to be completed,
00:00
but at the same time, not.
00:00
The sources for these troubleshooting
00:00
are listed below and I will provide
00:00
a link directly to them so you
00:00
can access them in case you need further troubleshooting.
00:00
Now let's get started. Now before installing,
00:00
I want to make sure I take a snapshot.
00:00
Let's call it pre [NOISE] Curator install.
00:00
Why? Because we have taken
00:00
a lot of steps to get to this point.
00:00
If it were to fail, you
00:00
might need to start all over again.
00:00
[NOISE]
00:00
There's a typo
00:00
in there. There we go. Now that
00:00
the snapshot is completed,
00:00
you're also going to make sure that
00:00
you have connection to the Internet.
00:00
One easy way to do that is to
00:00
ping 8.8.8.8. which is Google's DNS,
00:00
and you can see it does have a response time.
00:00
That's all we need.
00:00
[NOISE] Let's cancel that and clear.
00:00
Another very important aspect is that
00:00
SEL or SELinux has to be disabled.
00:00
Let's check its status.
00:00
SELinux status. As you can see,
00:00
it is currently enforcing or enabled.
00:00
Third line from the bottom right.
00:00
Let's see how to disable it.
00:00
Now I found this very good article
00:00
in this page at Linuxize,
00:00
that basically states, if you wanted
00:00
the server for one session, you setenforce 0.
00:00
However, if you wanted to do
00:00
it more frequently you have to
00:00
modify this file over
00:00
here at the setting. Let's go ahead.
00:00
Because if you look carefully at
00:00
the instructions after you disable,
00:00
you must restart the appliance.
00:00
Otherwise, if you restart the session with this setting,
00:00
it will not work, as it will re-enable the system.
00:00
Let's open the file, this one.
00:00
Since we have to modify that file,
00:00
let's go ahead and VI, etc/SELinux/config.
00:00
Here we have the statement.
00:00
Let's compare that quickly
00:00
to what we have in the other page.
00:00
Great. SELinux because is safer.
00:00
Basically what he does if you look carefully is
00:00
it disables the common tab.
00:00
[NOISE] Let's go back.
00:00
Actually, here change the wording.
00:00
[NOISE]
00:00
Let's have disable.
00:00
Now let's hit that and escape column,
00:00
and quit, and we are done.
00:00
Just to make sure it's properly saved.
00:00
Let's go ahead into the file and just,
00:00
it looks like it was complete.
00:00
Let's go ahead and quit. [NOISE] Clear.
00:00
It looks like it's disabled now.
00:00
Now, let's go ahead and reboot the system.
00:00
We can accomplish this,
00:00
but shut down, minus r. Now,
00:00
let's give it a few seconds.
00:00
Afterwards, after the reboot,
00:00
let's make sure we have the correct version.
00:00
Make sure you're in a correct sentence version.
00:00
[NOISE] Now let's make sure we disable IPV6.
00:00
To disable IPV6,
00:00
I need to run the following command.
00:00
CTO, [NOISE] net.IPV6.conf.all.disable_IPV6
00:00
equals 1, and hit ''Enter.''
00:00
But instead of own,
00:00
let's modify this, equals, so add default.
00:00
Disable, IPV6 equals 1.
00:00
Here we go. At this point,
00:00
we will actually proceed with
00:00
the commands primarily mentioned in
00:00
the lesson which are
00:00
required to permanently disable IPV6.
00:00
Afterwards, we will go
00:00
ahead and work with the DNS changes.
00:00
Another thing we might need to do is set up DNS servers.
00:00
Let's go sudo, nano,
00:00
in this case, say vi/etc/resolve/config.
00:00
Here we go. Now,
00:00
here so we have to be recursive code.
00:00
If you notice here installation,
00:00
second IP is an IPV6 and we just disable IPV6.
00:00
Instead of keeping that, let's go ahead and put
00:00
Google's IP in here, 8.8.8.8.
00:00
Also let's try Cloud-first, 1.1.1.1.
00:00
Let's actually remove ours, 1.1.
00:00
This point [NOISE] let's,
00:00
sorry, escape our answer.
00:00
Let's write and quit.
00:00
There we go. Let's clear this.
00:00
Now at this point, let's make sure we make a snapshot.
00:00
Actions, snapshot, take a snapshot,
00:00
let's call it pre installed,
00:00
and then let's take a snapshot.
00:00
Now, let's go back to the installation.
00:00
Now, the reason I'd see this is
00:00
because if you look carefully here,
00:00
it requests you to add to DNS servers.
00:00
Curator doesn't play around too well.
00:00
Let IPV6, if you see here,
00:00
otherwise, we wouldn't be required to disable it.
00:00
Therefore, if we are disabling IPV6,
00:00
and the same time,
00:00
we are basically trying to say,
00:00
hey, use this as a DNS,
00:00
then might have a little bit of problems.
00:00
[LAUGHTER] If you see here setup local DNS,
00:00
server and secondary would your domain assertion to me.
00:00
Yeah, it look pretty decent now.
00:00
But worst case scenario,
00:00
we do have a snapshot.
00:00
Let's go back to the installation guide
00:00
and proceed with the mounting.
00:00
In this case, first of all,
00:00
you have to create a media directory like this.
00:00
Let's go consider media directory,
00:00
[NOISE]
00:00
and it's media/cdrom mem.
00:00
Now let's go ahead and mount of the image.
00:00
Sudo mount minus 0,
00:00
loop/temp/curator Iso.
00:00
We're going to mount that,
00:00
>> like we said, to media/cdrom.
00:00
>> Let's mount the image.
00:00
Now before we start our curator installation,
00:00
this seems like a great place for a short break.
00:00
We'll continue to see on our next lesson.
Up Next