- Authors : Tomáš Mokoš, Marek Brodec
- Tested version : 0.20.0
- Operating system : Ubuntu 14.04.5
Note: this guide is obsolete, for a more up-to-date version visit Moloch v1.7.0 – Installation
Installation of Moloch is no trivial matter, that is why we have prepared this guide on how to set up the system in cloud environment. The server obtains an IP address dynamically through DHCP, therefore no editing of the interface configuration file is required.
First add Java repositories and install the Java package.
add-apt-repository ppa:webupd8team/java
apt-get install oracle-java8-installer
Install additional necessary packages.
apt-get install wget curl libpcre3-dev uuid-dev libmagic-dev pkg-config g++ flex bison zlib1g-dev libffi-dev gettext libgeoip-dev make libjson-perl libbz2-dev libwww-perl libpng-dev xz-utils libffi-dev
Download Node.js, version 6.x is recommended, since version 8.x is not currently supported.
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash –
sudo apt-get install -y nodejs
Download and install Elasticsearch.
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.3.deb
sudo dpkg -i elasticsearch-5.5.3.deb
Copy Moloch to your server.
git clone https://github.com/aol/moloch.git
Install using the available script.
./easybutton-build.sh
Previous versions required editing of firewall rules.
iptables -A INPUT -m tcp -p tcp --dport 8005 -j ACCEPT
iptables -A INPUT -m udp -p udp --dport 8005 -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --sport 8005 -j ACCEPT
iptables -A OUTPUT -m udp -p udp --sport 8005 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 9200 -j ACCEPT
iptables -A INPUT -m udp -p udp --dport 9200 -j ACCEPT
sudo su -c 'iptables-save > /etc/iptables/rules.v4'
The following commands will install other necessary files for capture host and configure the listening interface of the system. When asked whether to install Elasticsearch choose no, since you have already installed Elasticsearch earlier and this script offers only the demo version.
make install
make config
Go to the Viewer directory, update Node.js and run account creation script.
cd /data/moloch/viewer
npm update
/data/moloch/bin/moloch_add_user.sh admin "Admin User" PASSWORD --admin
Create symlink in Viewer directory.
ln -sf /usr/bin/nodejs node
Start the individual components.
service elasticsearch start
service molochcapture start
service molochviewer start
Provided you have done everything right so far, you should be able to access the web interface at http://IPADDRESSOFINTERFACE:8005
Sources:
- Github Information about Moloch