-
Notifications
You must be signed in to change notification settings - Fork 234
Installation guide
This guide describes the installation of Cortex from binaries.
Install a minimal Ubuntu 16.04 server system with the following software:
- Java runtime environment 1.8+ (JRE)
Make sure your system is up-to-date:
sudo apt-get update
sudo apt-get upgrade
You can install either Oracle Java or OpenJDK.
echo 'deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main' | sudo tee -a /etc/apt/sources.list.d/java.list
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key EEA14886
sudo apt-get update
sudo apt-get install oracle-java8-installer
Once Oracle Java is installed, go directly to section 3. Install and Prepare your Database.
sudo add-apt-repository ppa:openjdk-r/ppa
sudo apt-get update
sudo apt-get install openjdk-8-jre-headless
Binaries must be downloaded from https://dl.bintray.com/cert-bdf/cortex/cortex-latest.zip. The archive includes the back-end and the front-end.
You can install Cortex wherever you want on the filesystem. In this guide, we decided to set it in /opt
.
cd /opt
wget https://dl.bintray.com/cert-bdf/cortex/cortex-latest.zip
unzip cortex-latest.zip
ln -s cortex-x.x.x cortex
Cortex back-end and analyzers can find their configuration in the same file.
The only required parameter in order to start Cortex is the key of the server (play.crypto.secret
). This key is used to authenticate cookies that contain data, and not only a session id. If Cortex runs in cluster mode, all instance must share the same key.
You should generate a random key using the following command line:
sudo mkdir /etc/cortex
(cat << _EOF_
# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
# If you deploy your application to several instances be sure to use the same key!
play.crypto.secret="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)"
_EOF_
) | sudo tee -a /etc/cortex/application.conf
Please, note that this secret key is mandatory to start Cortex application. With this configuration, you will only be able to run analyzers that do not require any configuration parameter, an API key for instance. To configure other analyzers, refer to analyzers.
Warning: By default, Cortex run an HTTP service on port 9000/tcp
. You can change the port by adding http.port=8080
in the configuration file or add the -Dhttp.port=8080
parameter to the command line below. If you run Cortex using a non-privileged user, you can't bind a port under 1024. If you run TheHive on the same system beware to use two different TCP ports.
Change your current directory to Cortex installation directory (/opt/cortex
in this guide), then execute:
bin/cortex -Dconfig.file=/etc/cortex/application.conf
It is recommended to use a dedicated non-privilege user to start Cortex. If so, make sure that your user can create log file in /opt/cortex/logs
If you'd rather start the application as a service, do the following:
sudo addgroup cortex
sudo adduser --system cortex
sudo cp /opt/cortex/install/cortex.service /usr/lib/systemd/system
sudo chown -R cortex:cortex /opt/cortex
sudo chgrp cortex /etc/cortex/application.conf
sudo chmod 640 /etc/cortex/application.conf
sudo systemctl enable cortex
sudo service cortex start
Please note that the service may take some time to start.
Cortex comes with a simplistic frontend. Open your browser and connect to http://YOUR_SERVER_ADDRESS:9000/
Now that Cortex starts successfully, downloads Cortex-Analyzers
and edit the configuration file and set the path to Cortex-Analyzers/analyzers
. Follow details available in the Analyzers page.
To update Cortex from binaries, just stop the service, download the latest package, rebuild the link /opt/cortex
and restart the service.
service cortex stop
cd /opt
wget https://dl.bintray.com/cert-bdf/cortex/cortex-latest.zip
unzip cortex-latest.zip
rm /opt/cortex && ln -s cortex-x.x.x cortex
chown -R cortex:cortex /opt/cortex /opt/cortex-x.x.x
service cortex start