-
Notifications
You must be signed in to change notification settings - Fork 156
Install Instructions: CentOS, RHEL, Fedora
These install instructions are based on the installation of Laika BOSS on the minimum install of Fedora, CentOS, and RHEL (Red Hat).
There are several packages which are only available in Extra Packages for Enterprise Linux (EPEL). Note that EPEL is not required if your OS is Fedora.
yum install -y epel-release # Not needed if Fedora
yum install -y wget vim unzip
Although not required, having these packages installed will either help in parsing log data or troubleshooting signatures.
yum install -y yara jq
The Laika BOSS client library includes the framework (laika.py) for the object module and dispatching logic. It also includes the code for running Laika as a deamonized, networked service using the ZeroMQ broker. Lastly, it provides cloudscan which is a command-line client for sending a local system file to a running service instance of Laika (laikad).
# Create a directory to download and build all the required sources
mkdir -p /usr/local/src/
# Install needed packages
yum install -y python27 python-pip gcc redhat-rpm-config python-devel python-zmq
pip install --upgrade pip # Recommended by not required
pip install yara-python
pip install interruptingcow
# Download the Laika BOSS code
cd /usr/local/src/
wget https://github.com/lmco/laikaboss/archive/master.zip
unzip master.zip
rm -f master.zip
cd laikaboss-master
python setup.py install
The Laika BOSS scanning modules are REQUIRED if your install will be used to scan objects (files).
# Required packages
yum install -y perl-devel openssl-devel ssdeep-devel ssdeep-libs libffi-devel
# Note that m2crypto is available via pip (v0.26.0) but it does not function. Instead use the one in the yum repository (v0.25.1-1)
yum install -y m2crypto
# Required packages
pip install cffi six IPy fluent-logger
pip install olefile pylzma pyclamd
pip install ssdeep
pip install pexpect oletools pyasn1
pip install javatools
# Module explode_rar.py needs unrar and py-unrar2. Note that unrar less than v5.3 has a different timestamp format than the newer versions. If you chose to install the newer version, then you must patch py-unrar2 to understand the new timestamp format. This is demonstrated below.
# Download the latest version of unrar from http://download1.rpmfusion.org/nonfree/fedora/updates/25/x86_64/repoview/unrar.html (below link may be out of date by the time you read this)
yum install -y http://download1.rpmfusion.org/nonfree/fedora/updates/25/x86_64/u/unrar-5.5.5-1.fc25.x86_64.rpm
pip install py-unrar2
# For patching to fix timestamp issue, use github pull request which fixes issue - https://github.com/kyegupov/py-unrar2/pull/15
cd /usr/local/src/
mkdir py-unrar2-patch
cd py-unrar2-patch
wget https://raw.githubusercontent.com/miigotu/py-unrar2/adc3f2e0268c7f02bbf32a6a439a066dab023bcd/unix.py
cp unix.py /usr/lib/python2.7/site-packages/UnRAR2/unix.py
# Module meta_pe.py needs pefile
# Note that pip installed pefile is 2016.3.28 which causes convert_to_printable error in module meta_pe.py. Make sure latest version is used which does not have error.
cd /usr/local/src/
wget https://github.com/erocarrera/pefile/releases/download/v2017.5.26/pefile-2017.5.26.tar.gz # Please check for latest release
tar xzvf pefile-2017.5.26.tar.gz
cd pefile-2017.5.26
python setup.py install
# Module meta_exiftool.py needs Exif Tool and PyExif
# Note that Exiftool is regularly updated so check their website for the latest version
cd /usr/local/src/
wget https://sno.phy.queensu.ca/~phil/exiftool/Image-ExifTool-10.60.tar.gz
tar -xzvf Image-ExifTool-10.60.tar.gz
cd Image-ExifTool-10.60
perl Makefile.PL
make test
make install
# PyExif
cd /usr/local/src/
wget https://github.com/smarnach/pyexiftool/archive/master.zip
unzip master.zip
rm -f master.zip
cd pyexiftool-master
python setup.py build
python setup.py install
The Milter mail transfer agents integration (laikamilter.py) requires python-milter. The Suricata Integration Prototype (laika_redis_client.py) requires python-redis.