Installation
include::./_macros.adoc[]
NOTE: All the commands in this section need to be executed as root
As of version {revnumber}, {ta} is only supported on CentOS/Redhat 7.0. Support for CentOS/RedHat 8.0 is planned for the future.
The main {ta} dependencies are:
- a web server like Nginx
- a firewall such as
firewalld
- the Clickhouse database
- (optional) The MaxMind geolocation database:
- (optional) OpenSSL for key generation
== Installing pre-requisites
=== Installing Nginx include::../common/install_nginx.adoc[]
=== Installing firewalld include::../common/install_firewalld.adoc[]
=== Installing Clickhouse
Following the guide at link:https://phoenixnap.com/kb/how-to-install-clickhouse-centos[], we can install Clickhouse with the following steps. NOTE: Use Clickhouse v20.3.8.53 or later.
We firsts install dependencies:
yum install –y pygpgme yum-utilshere
then create the file /etc/yum.repos.d/altinity_clickhouse.repo
with the content:
[altinity_clickhouse] name=altinity_clickhouse baseurl=https://packagecloud.io/altinity/clickhouse/el/7/$basearch repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300
[altinity_clickhouse-source] name=altinity_clickhouse-source baseurl=https://packagecloud.io/altinity/clickhouse/el/7/SRPMS repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/altinity/clickhouse/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
We then finish the installation:
Enable the repository
yum –q makecache –y --disablerepo’*’ --enablerepo=’altinity_clickhouse’
Install clickhouse client and server
yum install –y clickhouse-server clickhouse-client
We need to make sure Clickhouse server is started and enabled:
systemctl start clickhouse-server
systemctl enable clickhouse-server
You can verify that the installation is correct with:
clickhouse-client
:) show databases
You should see the clickhouse client starting and then displaying database information.
=== Downloading MaxMind GeoIP2 geolocation library
The MaxMind geolocation library allows matching of IP addresses to locations. {ta} can use this library to enhance the information it displays.
Due to licensing issues, you need to register and download the database yourself from link:https://dev.maxmind.com/geoip/geoip2/geolite2/[]
For the installation instructions of {ta}, we will asume that the file
/root/GeoLite2-City_20200505.tar.gz
exists. The exact file name will depend on the version you download.
TIP: Note the download path down so that you can correctly use it in the installation of {ta} steps.
== Installing {ta}
{tc} is made available in the form of RPMs for CentOS/RedHat 7.0. The latest version is available from link:{ta-dir}{ta-file}[]
Installation consists simply of downloading and installing the RPM.
[subs="attributes+"]
Grab the {ta} RPM
wget {ta-dir}{ta-file}
Install
yum -y install {ta-file}
We now create directory structure where {ta} files will be placed
mkdir -p /var/lib/tiaudit
and place the GeoIP2 database in it, if desired
cp /var/lib/tiaudit
tar -xzvf /root/GeoLite2-City_20200505.tar.gz
and then fix the permissions
chown -R tiaudit:tiaudit /var/lib/tiaudit/
The two services comprising the {ta} system need to be enabled:
systemctl enable tiaudit