Install docker
# apt-get install docker.io
Create & run Docker container for MHN
# docker run -p 10000:10000 -p 80:80 -p 8443:443 -p 3000:3000 -p 8091:8091 --name mhnsrv --hostname=mhnsrv01 -t -i ubuntu:14.04.2 /bin/bash
Install & configure MHN server
#!/bin/bash
set -x
apt-get update
apt-get upgrade -y
apt-get install git wget gcc supervisor -y
cd /opt/
git clone https://github.com/threatstream/mhn.git
cd mhn
cat > /etc/supervisor/conf.d/mhntodocker.conf <<EOF
[program:mongod]
command=/usr/bin/mongod
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
autostart=true
[program:nginx]
command=/usr/sbin/nginx
stdout_events_enabled=true
stderr_events_enabled=true
autostart=true
autorestart=true
EOF
mkdir -p /data/db /var/log/mhn /var/log/supervisor
supervisord &
#Starts the mongod service after installation
echo supervisorctl start mongod >> /opt/mhn/scripts/install_mongo.sh
./install.sh
supervisorctl restart all
MHN Configuration
Do you wish to run in Debug mode?: y/n n
Superuser email: fname.lname@mail.com
Superuser password:
Superuser password: (again):
Server base url [“http://1.2.3.4”]: 127.0.0.1
Honeymap url [“127.0.0.1:3000”]:
Mail server address [“localhost”]:
Mail server port [25]:
Use TLS for email?: y/n n
Use SSL for email?: y/n n
Mail server username [“”]:
Mail server password [“”]:
Mail default sender [“”]:
Path for log file [“/var/log/mhn/mhn.log”]:
Create & run a MHN sensor docker container
Container w/ all ports published
# docker run --publish-all=true --name mhnsensor --hostname=mhnsensor01 -t -i ubuntu:14.04.2 /bin/bash
Container w/ specific ports published
# docker run -p 21:21 -p 2222:22 -p 23:23 -p 25:25 -p 8080:80 -p 110:110 -p 135:135 -p 139:139 -p 445:445 -p 1433:1433 -p 3306:3306 -p 3389:3389 -p 5060:5060 -p 5061:5061 -p 5900:5900 -p 8081:8081 --name mhnsensor --hostname=mhnsensor01 -t -i ubuntu:14.04.2 /bin/bash
Install additional apps
# apt install wget python
Install Splunk
- Download Splunk Enterprise
- Browse to https://www.splunk.com, login and download Splunk *.deb package
- Install Splunk
- On Linux host, do:
- copy splunk to /opt
- # dpkg -i splunk_package_name.deb
- Start Splunk
- # cd /opt/splunk/bin
- # /opt/bin/splunk start
- Install MHN Splunk app
- Download from here: https://splunkbase.splunk.com/app/2707/
- From Splunk main page, click on the cogwheel icon in the upper left corner of the screen
- Click on ‘Install app from file’ and browse to the newly downloaded MHN Splunk App and then click on ‘Upload’ to have it installed.
- Restart Splunk to have the changes commited
Configure MHN server to send logs to Splunk
# cd /opt/mhn/scripts
# ./install_hpfeeds-logger-splunk.sh
# ./install_splunk_universalforwarder.sh 127.0.0.1 9997
Commands
# docker ps : show docker processes
# docker logs [container_id]: show docker logs
# docker inspect [container_id]: show docker details
# docker stats [container_id]: show docker stats
# docker port [container_id]: show docker port
# docker attach mhn : interact with mhn docker container
# CTRL-p CTRL-q : detach from container & leave it running
# docker start [container_id] : start a container
# docker exec [container_id] supervisord & : start the mhn server container + supervisor app.
More info
Docker User guides
https://docs.docker.com/engine/userguide/