Installation on CentOS 8/RHEL 8 (EOL)

Warning

CentOS 8 reached End Of Life (EOL) on December 31st, 2021, meaning it will no longer receive security updates and patches, and all of the packages repositories have been moved to vault.centos.org.

Moreover, recent Suricata releases requires recent packages that are not available for this version, please consider upgrading to CentOS Stream 8.

Quick install

After obtaining the License Key, please use the our interactive installation script to quickly install IDSTower:

$ curl -O https://download.idstower.com/install_script/1.1.1/install-IDSTower.sh
$ echo "a5489219322cc5b6f0907dc94a9c102e03879f482c0bf7135369ab08dc7be190 install-IDSTower.sh" \
 | sha256sum -c -
$ bash install-IDSTower.sh -i

Manual install

Please follow the following steps to install IDSTower on CentOS 8/RHEL 8:

  1. Make sure your repositories are pointing to vault.centos.org

$ sudo cd /etc/yum.repos.d/
$ sudo sed -i 's/mirrorlist=/#mirrorlist=/g' /etc/yum.repos.d/CentOS-*
$ sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
  1. Add IDSTower Yum repository

$ sudo bash -c 'cat > /etc/yum.repos.d/idstower.repo << EOF
[idstower]
name = IDSTower
baseurl = https://download.idstower.com/repos/yum/\$basearch/
enabled=1
gpgcheck=0
EOF'
  1. Install EPEL repository and IDSTower

$ sudo yum install epel-release centos-release-ansible-29 -y
$ sudo yum install -y http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/sshpass-1.09-4.el8.x86_64.rpm
$ sudo yum install idstower -y
  1. Start MariaDB service

$ sudo systemctl enable mariadb.service
$ sudo systemctl start mariadb.service
$ sudo systemctl status mariadb.service
  1. (Recommended) Run mysql_secure_installation Script

$ sudo /usr/bin/mysql_secure_installation
  1. Edit the appsettings.json configuration file (located in: /opt/idstower/) and set the following settings

    • set the LicenseKey key value with the key you obtained from the license page.

    • set the EncryptionKey key value with a 64-character hexadecimal string (32 bytes), this key is used for secure storage of cluster keys and other secrets, you can generate one using:

    $ openssl rand -hex 32
    
    • set the URL key value with the url you want IDSTower to listen to, example: http://idstower.mydomain.local, this url must be reachable from your Suricata hosts, note that you can use ip addresses as well.

    • set the MySQL Database settings like host, port, database name, username & password via the Database key.

    • for more information on the configuration file, please refer to the IDSTower Configuration Guide page.

  2. run IDSTower with –init-database option to initialize the database:

$ cd /opt/idstower/
$ sudo ./IDSTower --init-database

Note

If you wish to initialize the database manually, you can find the schema initialization script here: https://download.idstower.com/packages/latest/sql_scripts/

You can easily import the script by running the following command:

$ sudo mysql -u [username] -p [DatabseName] < idstower_schema_script.sql
  1. Add an admin user to IDSTower:

$ sudo ./IDSTower -a [Your Admin Username]

example:

$ sudo ./IDSTower -a admin
  1. Enable & Start IDSTower Service

$ sudo chown -R idstower:idstower /var/log/idstower/*
$ sudo systemctl enable idstower.service
$ sudo systemctl start idstower.service
  1. Verify that IDSTower Service started correctly

$ sudo systemctl status idstower.service
  1. Make sure your firewall allows ports 80 & 443 (or the ports you are running IDSTower on):

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https
$ sudo firewall-cmd --reload
  1. Now you can access IDSTower web interface using the url set in your appsettings.json