Installation on Ubuntu 20.04 (Focal)

Quick install

After obtaining the License Key, please use our interactive installation script to quickly install IDSTower:

$ curl -O https://download.idstower.com/install_script/1.1.1/install-IDSTower.sh
$ echo "a5489219322cc5b6f0907dc94a9c102e03879f482c0bf7135369ab08dc7be190 install-IDSTower.sh" \
 | sha256sum -c -
$ bash install-IDSTower.sh -i

Manual install

Please follow these steps to install IDSTower on Ubuntu 20.04:

  1. Add IDSTower repository

$ sudo apt update
$ sudo apt install -y curl gnupg2
$ curl -s https://download.idstower.com/repos/apt/idstower.key | gpg --dearmor | sudo tee /usr/share/keyrings/idstower.gpg > /dev/null
$ echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/idstower.gpg] https://download.idstower.com/repos/apt stable main" | sudo tee /etc/apt/sources.list.d/idstower.list

  1. Add MariaDB 10.6 repository

$ source /etc/os-release && echo "deb [arch=amd64,arm64] https://archive.mariadb.org/mariadb-10.6/repo/ubuntu/ ${VERSION_CODENAME} main" | sudo tee /etc/apt/sources.list.d/mariadb.list
$ curl -LsS https://supplychain.mariadb.com/mariadb-keyring-2019.gpg | sudo tee /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg > /dev/null
$ sudo chmod 644 /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg

  1. Install Python 3.12 and Ansible

$ sudo apt update
$ sudo apt install -y software-properties-common curl sshpass
$ sudo add-apt-repository -y --update ppa:deadsnakes/ppa
$ sudo apt install -y python3.12
$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
$ sudo python3.12 get-pip.py
$ python3.12 -m pip install --upgrade pip
$ python3.12 -m pip install "ansible-core>=2.16.0,<2.17.0" ansible
$ sudo rm -rf get-pip.py

  1. Install MariaDB and IDSTower

$ sudo apt update
$ sudo apt install mariadb-server idstower -y

  1. Start and enable MariaDB service

$ sudo systemctl enable mariadb.service
$ sudo systemctl start mariadb.service
$ sudo systemctl status mariadb.service

  1. (Recommended) Run mariadb-secure-installation Script

$ sudo /usr/bin/mariadb-secure-installation

  1. Create a Database User for IDSTower

Note

Change USERNAME and PASSWORD in the command below with your desired username and password for IDSTower database user

$ sudo mariadb
$ GRANT ALL ON *.* TO 'USERNAME'@'localhost' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
$ FLUSH PRIVILEGES;
$ exit

  1. Edit the appsettings.json configuration file (located in: /opt/idstower/) and set the following settings

    • set the LicenseKey key value with the key you obtained from the license page.

    • set the EncryptionKey key value with a 64-character hexadecimal string (32 bytes), this key is used for secure storage of cluster keys and other secrets, you can generate one using:

    $ openssl rand -hex 32

    • set the URL key value with the url you want IDSTower to listen to, example: http://idstower.mydomain.local, this url must be reachable from your Suricata hosts, note that you can use ip addresses as well.

    • set the MySQL Database settings like host, port, database name, username & password via the Database key.

    • for more information on the configuration file, please refer to the IDSTower Configuration Guide page.

  2. Initialize the IDSTower database

$ cd /opt/idstower/
$ sudo ./IDSTower --init-database

Note

If you wish to initialize the database manually, you can find the schema initialization script here: https://download.idstower.com/packages/latest/sql_scripts/

You can import the script by running:

$ sudo mysql -u [username] -p [DatabaseName] < idstower_schema_script.sql

  1. Add an admin user to IDSTower

$ cd /opt/idstower/
$ sudo ./IDSTower --add-user [Your Admin Username]

Example:

$ sudo ./IDSTower --add-user admin

  1. Enable and start IDSTower Service

$ sudo chown -R idstower:idstower /var/log/idstower
$ sudo systemctl enable idstower.service
$ sudo systemctl start idstower.service

  1. Verify that IDSTower Service started correctly

$ sudo systemctl status idstower.service

  1. Configure firewall to allow HTTP and HTTPS traffic (if UFW is enabled)

$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw reload

  1. Access IDSTower web interface

You can now access the IDSTower web interface using the URL specified in your appsettings.json configuration file. Log in using the admin username and password you created in step 8.