Menu Close

Moloch – Installation

  • Authors : Tomáš Mokoš, Marek Brodec
  • Tested version : 0.20.0
  • Operating system : Ubuntu 14.04.5

Installation of Moloch is no trivial matter, that is why we have prepared this guide on how to set up the system in cloud environment. The server obtains an IP address dynamically through DHCP, therefore no editing of the interface configuration file is required.

First add Java repositories and install the Java package.

add-apt-repository ppa:webupd8team/java 
apt-get install oracle-java8-installer 

Install additional necessary packages.

apt-get install wget curl libpcre3-dev uuid-dev libmagic-dev pkg-config g++ flex bison zlib1g-dev libffi-dev gettext libgeoip-dev make libjson-perl libbz2-dev libwww-perl libpng-dev xz-utils libffi-dev 

Download Node.js, version 6.x is recommended, since version 8.x is not currently supported.

curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash – 
sudo apt-get install -y nodejs 

Download and install Elasticsearch.

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.3.deb
sudo dpkg -i elasticsearch-5.5.3.deb

Copy Moloch to your server.

git clone https://github.com/aol/moloch.git 

Install using the available script.

./easybutton-build.sh 

Previous versions required editing of firewall rules.

iptables -A INPUT -m tcp -p tcp --dport 8005 -j ACCEPT 
iptables -A INPUT -m udp -p udp --dport 8005 -j ACCEPT 
iptables -A OUTPUT -m tcp -p tcp --sport 8005 -j ACCEPT 
iptables -A OUTPUT -m udp -p udp --sport 8005 -j ACCEPT 
iptables -A INPUT -m tcp -p tcp --dport 9200 -j ACCEPT 
iptables -A INPUT -m udp -p udp --dport 9200 -j ACCEPT 
sudo su -c 'iptables-save > /etc/iptables/rules.v4' 

The following commands will install other necessary files for capture host and configure the listening interface of the system. When asked whether to install Elasticsearch choose no, since you have already installed Elasticsearch earlier and this script offers only the demo version.

make install 
make config 

Go to the Viewer directory, update Node.js and run account creation script.

cd /data/moloch/viewer 
npm update 
/data/moloch/bin/moloch_add_user.sh admin "Admin User" PASSWORD --admin 

Create symlink in Viewer directory.

ln -sf /usr/bin/nodejs node 

Start the individual components.

service elasticsearch start 
service molochcapture start
service molochviewer start

Provided you have done everything right so far, you should be able to access the web interface at http://IPADDRESSOFINTERFACE:8005

Sources:

  • Github Information about Moloch
Rate this post
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *