Before you start RHEL#

Deprecated: Use installation playbooks instead

Instructions to manually install and upgrade EclecticIQ Intelligence Center, and using rundoc to install or upgrade EclecticIQ Intelligence Center, are deprecated.

Use EclecticIQ Intelligence Center installation playbooks instead.

Review these system requirements before proceeding to install EclecticIQ Intelligence Center from a rpm package.

Conventions#

Command and code examples#

Some examples require you to run terminal commands as root.

# Grant the currently logged in user root-level access
sudo -i
 
# Grant root-level access to a different user
sudo -i -u ${user_name}
 
# Run a command as a different user, with root-level access
sudo -i -u ${user_name} ${command} ${options}\

Placeholder variables#

Example commands may describe placeholder variables using bash parameter substitution like this:

${placeholder_variable_name}

In this case, the example usually asks you to set the value of placeholder_variable_name beforehand. You can also substitute it in the command yourself:

# Example given:
ssh ${username}@${domain}

# After substitution
ssh [email protected]

Software downloaders and package managers#

When the documentation includes code snippets to provide examples of how to retrieve a product to install, most code examples use wget or curl.

If these products are not installed on your system, download and install them.

Otherwise, feel free to use any other viable alternative that enables retrieving assets and resources from the Internet.

yum and rpm are standard package managers for both Rocky Linux and RHEL.

Your system should also be able to pin/lock specific versions of Intelligence Center dependencies after installing them.

To do this, you can use yum-versionlock:

# Pin/Lock a package to the currently installed version
yum-versionlock ${package_name}
 
# Unpin/Unlock all packages, for example before an upgrade
yum-versionlock clear

Warning

If you need to troubleshoot the intelligence Center, do not use debuggers in production environments.

Debuggers can enable arbitrary code execution. This is a security risk.

About EclecticIQ Intelligence Center#

EclecticIQ Intelligence Center is powered by STIX and TAXII open standards.

It enables ingesting, consolidating, analyzing, integrating, and collaborating on cyber threat intelligence from multiple sources in a broad range of formats.

Feature

Description

Feed management

Manage multiple cyber threat intelligence feeds from any source, in many different formats.

Enrichment

Enrich existing intelligence with external data sources providing more context, and refine it with de-duplication and pattern recognition.

Sharing

Share threat intelligence together with partners to participate in a collaborative information ecosystem.

Collaboration

Analyze and author intelligence in together with other teams and departments.

Insights

Generate insight thanks to a high-fidelity, normalized view into your intelligence.

Integration

Understand how cyber threat intelligence relates to and how it can affect your organization and your environment.

Deployment architecture guidance#

Hardware requirements for EclecticIQ Intelligence Center can vary, depending on the target system and the environment.

The requirements outlined in this section are guidelines for different deployment configurations:

Test – Small configuration (1 host)#

Note

Not recommended for production deployments.

Configuration:

test-small

Entity count:

5 million

Number of hosts:

1

Disk IOPs per host:

3000 IOPs minimum, 10000 IOPs recommended

Host 1

  • CPU Cores: 8

  • RAM: 64 GB

  • Acts as:

    • Application node (ic-application-01)

    • Worker node (ic-celery-01)

    • Worker node (ic-ingestion-01)

    • Elasticsearch node (elastic-node-01)

    • PostgreSQL node (pg-node-01)

    • Redis node (redis-node-01)

Partition sizes

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

200

300

Total

250

400

Test – Medium configuration (4 hosts)#

Note

Not recommended for production deployments.

Configuration:

test-medium

Entity count:

25 million

Number of hosts:

4

Disk IOPs per host:

3000 IOPs minimum, 10000 IOPs recommended

Host 1

  • CPU Cores: 4

  • RAM: 96 GB

  • Acts as:

    • Application node (ic-application-01)

    • Worker node (ic-celery-01)

    • Worker node (ic-ingestion-01)

    • PostgreSQL node (pg-node-01)

    • Redis node (redis-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

350

400

Total

400

500

Host 2

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch primary node (elastic-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 3

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch node (elastic-node-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 4

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch node (elastic-node-03)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Production – Medium configuration (6 hosts)#

Configuration:

prod-medium

Entity count:

60 million

Number of hosts:

6

Disk IOPs per host:

3000 IOPs minimum, 10000 IOPs recommended

Host 1

  • CPU Cores: 4

  • RAM: 64 GB

  • Acts as:

    • Application node (ic-application-01)

    • Worker node (ic-celery-01)

    • Worker node (ic-ingestion-01)

    • Redis node (redis-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 2

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch primary node (elastic-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 3

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch node (elastic-node-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 4

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Elasticsearch node (elastic-node-03)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

150

200

Total

200

300

Host 5

  • CPU Cores: 4

  • RAM: 64 GB

  • Acts as:

    • PostgreSQL primary node (pg-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

450

700

Total

500

800

Host 6

  • CPU Cores: 4

  • RAM: 64 GB

  • Acts as:

    • PostgreSQL replica node (pg-node-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

450

700

Total

500

800

Production – Large configuration (10 hosts)#

Configuration:

prod-large

Entity count:

100 million

Number of hosts:

10

Disk IOPs per host:

3000 IOPs minimum, 10000 IOPs recommended

Host 1

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Application node (ic-application-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

90

90

/var/log

10

10

Total

100

100

Host 2

  • CPU Cores: 8

  • RAM: 32 GB

  • Acts as:

    • Worker node (ic-ingestion-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

90

90

/var/log

10

10

Total

100

100

Host 3

  • CPU Cores: 4

  • RAM: 32 GB

  • Acts as:

    • Worker node (ic-celery-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

90

90

/var/log

10

10

Total

100

100

Host 4

  • CPU Cores: 2

  • RAM: 32 GB

  • Acts as:

    • Redis primary node (ic-redis-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

40

/var/log

10

10

/media/redis

50

50

Total

100

100

Host 5

  • CPU Cores: 2

  • RAM: 32 GB

  • Acts as:

    • Redis secondary node (ic-redis-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

40

/var/log

10

10

/media/redis

50

50

Total

100

100

Host 6

  • CPU Cores: 4

  • RAM: 48 GB

  • Acts as:

    • Elasticsearch primary node (elastic-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

350

700

Total

400

800

Host 7

  • CPU Cores: 4

  • RAM: 48 GB

  • Acts as:

    • Elasticsearch node (elastic-node-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

350

700

Total

400

800

Host 8

  • CPU Cores: 4

  • RAM: 48 GB

  • Acts as:

    • Elasticsearch node (elastic-node-03)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

350

700

Total

400

800

Host 9

  • CPU Cores: 4

  • RAM: 64 GB

  • Acts as:

    • PostgreSQL primary node (pg-node-01)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

450

900

Total

500

1000

Host 10

  • CPU Cores: 4

  • RAM: 64 GB

  • Acts as:

    • PostgreSQL replica node (pg-node-02)

Mount point

Min. Size (GB)

Recc. Size (GB)

/

40

80

/var/log

10

20

/media

450

900

Total

500

1000

Software requirements#

Credentials and host name#

To correctly configure the system after installing the required dependencies and third-party products, ensure you have the following information available:

  • Fully qualified domain name of the host machine you are going to use to access EclecticIQ Intelligence Center.

  • SSL certificate and key for the web server.

  • EclecticIQ Intelligence Center login credentials.

User name and password#

During the installation, you are prompted to assign the administrator account a user name and a password.

By default, when performing a Intelligence Center installation you are prompted to create only an administrator account, because at any given time EclecticIQ Intelligence Center requires at least one active administrator user profile.

Follow these guidelines to define a strong password:

  • It should be between 10 and 64 characters long.

  • It should contain at least one uppercase alphabetic character.

  • It should contain at least one special character

  • It should contain at least one number.

  • It should not reuse a previous password.

  • User password history logs the previous 100 passwords.

  • It should not be on NBP, the NIST Bad Passwords list.

  • It should not include the user name it is associated with.

For more information, see the NIST digital identity guidelines.

Supported operating systems#

The following operating systems are supported:

  • Rocky Linux 8

  • Red Hat Enterprise Linux 8

Important

If you are running an older operating system, you must upgrade to one of the supported operating systems:

Access permissions#

The installation procedure requires a umask value of 0022 to allow creating and modifying files and directories on the target system.

Encoding#

EclecticIQ Intelligence Center uses and expects text data in UTF-8.

Dependencies and components that exchange data with EclecticIQ Intelligence Center must use the same encoding.

The LANG environment variable must be set to en_US.UTF-8. Example: LANG=en_US.UTF-8

Locale#

The system locale must be en_US.UTF-8.

To check and, if necessary, set the system locale to en_US.UTF-8:

if [ "$LANG" != "en_US.UTF-8" ]; then localectl set-locale LANG=en_US.UTF-8; fi

Time zone#

The global time zone configuration must be UTC.

While you can set a local or a custom time zone value to display local time on EclecticIQ Intelligence Center, the host system time zone must be consistently on UTC time.

This includes OS, databases, as well as any other products or components that enable setting a time zone, and that interact/interoperate with EclecticIQ Intelligence Center.

To set the system time zone to UTC:

timedatectl set-timezone UTC

Data mount points#

When configuring the data directory for EclecticIQ Intelligence Center components, follow the Deployment architecture guidance.

By default, EclecticIQ Intelligence Center puts the data directory of PostgreSQL, Elasticsearch, and Redis in /media.

Databases and network binding#

On a single machine installation, network interface bindings for services are set to 127.0.0.1 by default, except for PostgreSQL which has a different configuration.

Instructions may have asked you to change this to a more permissive binding in multi-machine installations, or you may be using an older installation where defaults were set to 0.0.0.0.

The table below shows a list of configuration files where network interface bindings are set for each service.

You may want to change these bindings to suit your environment.

Service name

File path(s)

Parameters

Notes

Elasticsearch

/etc/systemd/system/elasticsearch.service.d/20-eclecticiq.conf
[Service]
Environment=BINDING_ADDRESS=127.0.0.1

For more information, see Elasticsearch’s documentation.

PostgreSQL

/etc/eclecticiq-postgres/pg_hba.conf
TYPE    DATABASE        USER            ADDRESS                 METHOD
local   all             postgres                                trust
host    all             all             samenet                 md5
host    all             all             0.0.0.0/0               password

For more information, see The pg_hba.conf File.

Redis

/etc/eclecticiq-redis/redis.conf
bind 127.0.0.1

For more information, see Redis security and redis.conf.

Web browsers#

EclecticIQ Intelligence Center web interface supports the following browsers.

Fully supported (latest versions of):

  • Google Chrome

Functionally supported (latest versions of):

  • Microsoft Edge

  • Mozilla Firefox

  • Microsoft Internet Explorer 11

  • Opera

  • Apple Safari

Updating products at OS level#

We recommend that you review all operating system (OS) package updates when updating EclecticIQ Intelligence Center host.

To retrieve a list of libraries and the packages that make them available, start a terminal session, and then run the following command:

libraries_used=$(find /opt/eclecticiq-platform-backend/lib/python3.6/site-packages/ -name "*.so" | xargs ldd | sed -r '/^\s/!d' | awk '{print $1}' | sort -u); providing_packages=$(echo $libraries_used | xargs yum provides | sed -r '/^(Provides\s*:|Filename\s*:|Repo\s*:|Matched from\s*:).*$/d' | sort -u | grep -Ev "^(\s+|Loaded|Loading)"); echo -e "\nLibraries used:\n\n$libraries_used\n\n\nPackages that provide them:\n$providing_packages"

Example response output:

# Example output list of libraries and packages
# whose changelogs you should review
# for possible breaking changes
# before proceeding with updating them
 
 
Libraries used:
 
/lib64/ld-linux-x86-64.so.2
libcom_err-beb60336.so.2.1
libcom_err.so.2
libcrypto-c1fa9491.so.1.0.2q
libcrypto.so.10
libcrypt.so.1
libc.so.6
libdl.so.2
libffi-806b1a9d.so.6.0.4
libfreebl3.so
libgssapi_krb5-174f8956.so.2.2
libgssapi_krb5.so.2
libk5crypto-622ef25b.so.3.1
libk5crypto.so.3
libkeyutils-1-ff31573b.2.so
libkeyutils.so.1
libkrb5-fb0d2caa.so.3.3
libkrb5.so.3
libkrb5support-d7ce89d4.so.0.1
libkrb5support.so.0
liblber-2.4.so.2
liblber-2-d7edd0dc.4.so.2.10.7
libldap_r-2.4.so.2
libldap_r-2-9270213a.4.so.2.10.7
libmaxminddb.so.0
libm.so.6
libnspr4.so
libnss3.so
libnssutil3.so
libpcre.so.1
libplc4.so
libplds4.so
libpq-bd31fe2b.so.5.11
libpthread.so.0
libpython3.6m.so.1.0
libresolv.so.2
librt.so.1
libsasl2-e96a0dbf.so.2.0.22
libsasl2.so.3
libselinux-cf8f9094.so.1
libselinux.so.1
libsepol-b4f5b513.so.1
libsmime3.so
libssl3.so
libssl-c0c2ede4.so.1.0.2q
libssl.so.10
libutil.so.1
libyaml-0.so.2
libz-a147dcb0.so.1.2.3
libz.so.1
linux-vdso.so.1
 
 
Packages that provide them:
 
1:openssl-libs-1.0.2k-19.el7.i686 : A general purpose cryptography library with
cyrus-sasl-lib-2.1.26-23.el7.i686 : Shared libraries needed by applications
glibc-2.17-292.el7.i686 : The GNU libc libraries
glibc-2.17-292.el7.x86_64 : The GNU libc libraries
keyutils-libs-1.5.8-3.el7.i686 : Key utilities library
krb5-libs-1.15.1-37.el7_6.i686 : The non-admin shared libraries used by Kerberos
krb5-libs-1.15.1-37.el7_7.2.i686 : The non-admin shared libraries used by
libcom_err-1.42.9-16.el7.i686 : Common error description library
libmaxminddb-1.2.0-6.el7.i686 : C library for the MaxMind DB file format
libselinux-2.5-14.1.el7.i686 : SELinux library and simple utilities
libyaml-0.1.4-11.el7_0.i686 : YAML 1.1 parser and emitter written in C
nspr-4.21.0-1.el7.i686 : Netscape Portable Runtime
nss-3.44.0-4.el7.i686 : Network Security Services
nss-3.44.0-7.el7_7.i686 : Network Security Services
nss-softokn-freebl-3.44.0-5.el7.i686 : Freebl library for the Network Security
nss-softokn-freebl-3.44.0-8.el7_7.i686 : Freebl library for the Network Security
nss-util-3.44.0-3.el7.i686 : Network Security Services Utilities Library
nss-util-3.44.0-4.el7_7.i686 : Network Security Services Utilities Library
openldap-2.4.44-21.el7_6.i686 : LDAP support libraries
pcre-8.32-17.el7.i686 : Perl-compatible regular expression library
python3-libs-3.6.8-10.el7.i686 : Python runtime libraries
zlib-1.2.7-18.el7.i686 : The compression and decompression library

Third-party products#

EclecticIQ Intelligence Center is bundled with the following third-party packages:

eclecticiq-statsite

6.0.0

Metrics aggregator for the dashboard based on Statsite.

elasticsearch

7.17.8

Elasticsearch database.

openjdk

11

OpenJDK Java Platform.

kibana

7.17.8

Kibana.

logstash

7.17.8

Logstash.

nginx

1.14.1

Nginx web server.

poppler-utils

20.11.0

poppler-utils download page.

postfix

3.5.8

Postfix email server.

postgresql11

11.19

PostgreSQL database.

python38

3.8.13

Python 3.8.

redis

7.0.8

Redis.

bsdtar

3.3.3

Standalone command-line utility for using libarchive to read archives.

xmlsec1

1.2.25

xmlsec1 enables signing, verifying, encrypting, and decrypting XML documents.

Note

About Elasticsearch

During complex index upgrades and reindexing operations, Elasticsearch may require additional disk space to store temporary working files and temporary copies of the existing indices.

Monitor your Elasticsearch partition usage.

Before it reaches 50% of the available space in the partition extend it, so that the new partition size is at least twice as large as the sum of the existing Elasticsearch indices.

Example

If Elasticsearch currently uses 43 GB of disk space, extend the partition where Elasticsearch lives to at least 86 GB.

Bundled third-party software#

EclecticIQ Platform is bundled with the following third-party software. Each product on the list abides by its own terms and conditions and its own license.

package.json (source from EIQ platform-ui)

Frontend third-party dependencies

  "dependencies": {
    "@headlessui/react": "^0.2.0",
    "@hookform/resolvers": "^2.9.10",
    "@popperjs/core": "^2.9.2",
    "@react-aria/button": "^3.3.2",
    "@react-aria/focus": "^3.4.0",
    "@react-aria/link": "^3.2.2",
    "@react-aria/overlays": "^3.7.1",
    "@tanstack/react-query": "^4.12.0",
    "@tanstack/react-query-devtools": "^4.12.0",
    "@tinymce/tinymce-react": "3.14.0",
    "axios": "^1.6.4",
    "classnames": "^2.2.6",
    "clipboard-copy": "^3.1.0",
    "dompurify": "2.2.3",
    "downloadjs": "^1.4.7",
    "escape-string-regexp": "^1.0.5",
    "filesize": "^3.5.6",
    "flux": "4.0.3",
    "he": "^1.1.1",
    "history": "^4.6.1",
    "immutability-helper": "^2.4.0",
    "immutable": "3.8.1",
    "iso-3166-2": "^1.0.0",
    "json-stable-stringify": "^1.0.1",
    "jwt-decode": "^2.2.0",
    "keycode": "^2.2.0",
    "keylines": "file:./src/vendor/keylines",
    "keymirror": "~0.1.0",
    "lodash": "^4.17.21",
    "markdown-it": "^12.3.2",
    "markdown-it-regexp": "^0.4.0",
    "microdata": "^1.1.3",
    "moment": "^2.29.4",
    "moment-timezone": "0.5.41",
    "pluralize": "^8.0.0",
    "qrcode": "^1.4.4",
    "qs": "^6.10.3",
    "react": "^17.0.2",
    "react-click-outside": "^2.1.0",
    "react-country-flag": "^3.0.2",
    "react-dates": "17.1.1",
    "react-dnd": "^11.1.3",
    "react-dnd-html5-backend": "^11.1.3",
    "react-dom": "^17.0.2",
    "react-dropzone": "^3.3.2",
    "react-hook-form": "^7.20.2",
    "react-immutable-proptypes": "^1.5.0",
    "react-merge-refs": "^1.1.0",
    "react-pdf": "4.0.3",
    "react-popper": "^2.2.5",
    "react-redux": "^7.2.5",
    "react-resize-detector": "^5.2.0",
    "react-router": "^5.2.0",
    "react-router-dom": "^5.2.0",
    "react-select": "^5.7.3",
    "react-select-legacy": "npm:[email protected]",
    "react-string-replace": "^0.3.2",
    "react-tether": "^1.0.4",
    "react-treeview": "^0.4.2",
    "react-use": "^17.2.3",
    "redux": "^4.0.0",
    "redux-devtools-extension": "^2.13.8",
    "reselect": "^3.0.1",
    "superagent": "^3.8.1",
    "superagent-promise": "^1.1.0",
    "superagent-throttle": "1.0.0",
    "tcomb-form": "0.9.20",
    "typed-immutable": "0.0.7",
    "word-wrap": "^1.2.4",
    "yup": "^0.32.11"
  },

requirements-prod.txt (sourced from EIQ platform-backend)

Backend third-party dependencies

aiohttp==3.8.5
    # via geoip2
aiosignal==1.2.0
    # via aiohttp
alembic==1.7.4
    # via -r requirements/requirements-prod.in
amqp==5.0.9
    # via kombu
antlr4-python3-runtime==4.8
    # via stix2-patterns
apispec[yaml]==4.7.1
    # via
    #   -r requirements/requirements-prod.in
    #   apispec-webframeworks
apispec-webframeworks==0.5.0
    # via -r requirements/requirements-prod.in
appdirs==1.4.4
    # via urlextract
asttokens==2.0.8
    # via stack-data
async-timeout==4.0.2
    # via aiohttp
attrs==21.4.0
    # via
    #   -r requirements/requirements-prod.in
    #   aiohttp
    #   cattrs
    #   jsonschema
    #   quuz
authlib==0.14.3
    # via flask-azure-oauth
backcall==0.2.0
    # via ipython
bcrypt==3.2.0
    # via
    #   -r requirements/requirements-prod.in
    #   paramiko
beautifulsoup4==4.7.1
    # via -r requirements/requirements-prod.in
billiard==3.6.4.0
    # via celery
blinker==1.4
    # via
    #   -r requirements/requirements-prod.in
    #   opentaxii
    #   quuz
boto3==1.20.24
    # via -r requirements/requirements-prod.in
botocore==1.23.24
    # via
    #   boto3
    #   s3transfer
cabby==0.1.23
    # via -r requirements/requirements-prod.in
cachetools==3.1.0
    # via -r requirements/requirements-prod.in
cairocffi==1.2.0
    # via
    #   cairosvg
    #   weasyprint
cairosvg==2.7.0
    # via
    #   -r requirements/requirements-prod.in
    #   weasyprint
cattrs==1.0.0
    # via -r requirements/requirements-prod.in
celery==5.2.3
    # via -r requirements/requirements-prod.in
certifi==2022.12.7
    # via
    #   -r requirements/requirements-prod.in
    #   elasticsearch
    #   requests
    #   sentry-sdk
cffi==1.14.0
    # via
    #   bcrypt
    #   cairocffi
    #   cryptography
    #   pynacl
    #   weasyprint
chardet==4.0.0
    # via requests
charset-normalizer==2.0.12
    # via aiohttp
click==8.0.3
    # via
    #   -r requirements/requirements-prod.in
    #   celery
    #   click-didyoumean
    #   click-plugins
    #   click-repl
    #   flask
    #   objectivistix
    #   quuz
click-didyoumean==0.0.3
    # via celery
click-plugins==1.1.1
    # via celery
click-repl==0.2.0
    # via celery
colorama==0.3.9
    # via -r requirements/requirements-prod.in
colorlog==4.1.0
    # via cabby
croniter==1.3.8
    # via -r requirements/requirements-prod.in
cryptography==39.0.2
    # via
    #   -r requirements/requirements-prod.in
    #   authlib
    #   msal
    #   paramiko
    #   pyjwt
    #   pyopenssl
    #   pysaml2
cssselect2==0.3.0
    # via
    #   cairosvg
    #   weasyprint
datauri==1.0.0
    # via -r requirements/requirements-prod.in
dateparser==1.1.6
    # via -r requirements/requirements-prod.in
decorator==4.4.2
    # via
    #   ipdb
    #   ipython
    #   validators
defusedxml==0.6.0
    # via
    #   cairosvg
    #   pysaml2
deprecated==1.2.12
    # via pymisp
elasticsearch==7.17.8
    # via -r requirements/requirements-prod.in
elementpath==2.2.1
    # via xmlschema
executing==1.0.0
    # via stack-data
exif==1.2.2
    # via -r requirements/requirements-prod.in
fancycompleter==0.9.1
    # via pdbpp
feedparser==6.0.8
    # via -r requirements/requirements-prod.in
flask==2.0.3
    # via
    #   -r requirements/requirements-prod.in
    #   flask-azure-oauth
    #   flask-classful
    #   flask-redis
    #   flask-sqlalchemy
    #   opentaxii
flask-azure-oauth==0.6.0
    # via -r requirements/requirements-prod.in
flask-classful==0.14.2
    # via -r requirements/requirements-prod.in
flask-redis==0.3.0
    # via -r requirements/requirements-prod.in
flask-sqlalchemy==2.5.1
    # via -r requirements/requirements-prod.in
frozenlist==1.3.0
    # via
    #   aiohttp
    #   aiosignal
furl==2.0.0
    # via
    #   -r requirements/requirements-prod.in
    #   cabby
geoip2==4.5.0
    # via -r requirements/requirements-prod.in
greenlet==1.1.2
    # via sqlalchemy
gunicorn==20.1.0
    # via -r requirements/requirements-prod.in
html5lib==1.1
    # via weasyprint
idna==2.10
    # via
    #   requests
    #   urlextract
    #   yarl
importlib-metadata==4.8.1
    # via alembic
importlib-resources==5.1.2
    # via
    #   alembic
    #   pysaml2
inflect==5.0.2
    # via -r requirements/requirements-prod.in
ipdb==0.13.9
    # via -r requirements/requirements-prod.in
ipython==8.10.0
    # via
    #   -r requirements/requirements-prod.in
    #   ipdb
iso3166==1.0.1
    # via -r requirements/requirements-prod.in
itsdangerous==2.0.1
    # via
    #   -r requirements/requirements-prod.in
    #   flask
jedi==0.17.0
    # via ipython
jinja2==3.0.3
    # via
    #   -r requirements/requirements-prod.in
    #   flask
jmespath==0.10.0
    # via
    #   boto3
    #   botocore
jsonlines==1.2.0
    # via -r requirements/requirements-prod.in
jsonschema==3.0.2
    # via
    #   -r requirements/requirements-prod.in
    #   pymisp
kombu==5.2.3
    # via celery
libtaxii==1.1.118
    # via
    #   cabby
    #   opentaxii
lief==0.12.3
    # via pymisp
lxml==4.9.1
    # via
    #   -r requirements/requirements-prod.in
    #   libtaxii
    #   mixbox
    #   objectivistix
    #   opentaxii
    #   stix-validator
mako==1.2.2
    # via alembic
markupsafe==2.1.2
    # via
    #   -r requirements/requirements-prod.in
    #   jinja2
    #   mako
marshmallow==3.10.0
    # via
    #   -r requirements/requirements-prod.in
    #   opentaxii
matplotlib-inline==0.1.3
    # via ipython
maxminddb==2.2.0
    # via geoip2
mixbox==1.0.5
    # via stix-validator
msal==1.21.0
    # via -r requirements/requirements-prod.in
multidict==6.0.2
    # via
    #   aiohttp
    #   yarl
mypy-extensions==0.4.3
    # via opentaxii
objectivistix==1.2.3
    # via -r requirements/requirements-prod.in
opentaxii==0.9.3
    # via -r requirements/requirements-prod.in
ordered-set==4.0.1
    # via mixbox
ordereddict==1.1
    # via stix-validator
orderedmultidict==1.0.1
    # via furl
paramiko==3.1.0
    # via -r requirements/requirements-prod.in
parso==0.7.0
    # via jedi
pdbpp==0.9.5
    # via -r requirements/requirements-prod.in
pexpect==4.8.0
    # via ipython
pickleshare==0.7.5
    # via ipython
pillow==9.3.0
    # via
    #   cairosvg
    #   weasyprint
plum-py==0.3.1
    # via exif
ply==3.11
    # via plyara
plyara==2.0.3
    # via -r requirements/requirements-prod.in
prompt-toolkit==3.0.31
    # via
    #   click-repl
    #   ipython
psutil==5.6.7
    # via -r requirements/requirements-prod.in
psycopg2-binary==2.8.5
    # via -r requirements/requirements-prod.in
ptyprocess==0.6.0
    # via pexpect
punq==0.4.1
    # via -r requirements/requirements-prod.in
pure-eval==0.2.2
    # via stack-data
py-spy==0.3.10
    # via -r requirements/requirements-prod.in
pyasn1==0.4.8
    # via
    #   pyasn1-modules
    #   python-ldap
pyasn1-modules==0.2.8
    # via python-ldap
pycparser==2.20
    # via cffi
pygments==2.7.4
    # via
    #   ipython
    #   pdbpp
pyjwt[crypto]==2.4.0
    # via
    #   -r requirements/requirements-prod.in
    #   msal
    #   opentaxii
pymisp==2.4.121
    # via -r requirements/requirements-prod.in
pynacl==1.5.0
    # via paramiko
pyopenssl==23.0.0
    # via pysaml2
pyotp==2.3.0
    # via -r requirements/requirements-prod.in
pyphen==0.9.5
    # via weasyprint
pyrepl==0.9.0
    # via fancycompleter
pyrsistent==0.16.0
    # via jsonschema
pysaml2==6.5.1
    # via -r requirements/requirements-prod.in
python-dateutil==2.8.2
    # via
    #   -r requirements/requirements-prod.in
    #   botocore
    #   croniter
    #   dateparser
    #   libtaxii
    #   mixbox
    #   pymisp
    #   pysaml2
    #   stix-validator
python-gnupg==0.4.4
    # via -r requirements/requirements-prod.in
python-ldap==3.4.0
    # via -r requirements/requirements-prod.in
python-magic==0.4.25
    # via -r requirements/requirements-prod.in
python-slugify==3.0.3
    # via -r requirements/requirements-prod.in
pytz==2021.3
    # via
    #   -r requirements/requirements-prod.in
    #   cabby
    #   celery
    #   dateparser
    #   opentaxii
    #   pysaml2
    #   stix2
    #   taxii2-client
    #   tzlocal
pyyaml==6.0
    # via
    #   -r requirements/requirements-prod.in
    #   apispec
    #   objectivistix
    #   opentaxii
quuz==9.0.3
    # via -r requirements/requirements-prod.in
rarfile==4.0
    # via -r requirements/requirements-prod.in
redis==3.5.3
    # via
    #   -r requirements/requirements-prod.in
    #   flask-redis
regex==2020.6.8
    # via dateparser
requests==2.25.1
    # via
    #   -r requirements/requirements-prod.in
    #   cabby
    #   flask-azure-oauth
    #   geoip2
    #   msal
    #   pymisp
    #   pysaml2
    #   stix2
    #   taxii2-client
retrying==1.3.3
    # via -r requirements/requirements-prod.in
rfc3986==1.3.0
    # via -r requirements/requirements-prod.in
s3transfer==0.5.0
    # via boto3
sanest==0.1.0
    # via -r requirements/requirements-prod.in
sentry-sdk==1.4.3
    # via
    #   -r requirements/requirements-prod.in
    #   structlog-sentry
sgmllib3k==1.0.0
    # via feedparser
simplejson==3.17.0
    # via stix2
six==1.15.0
    # via
    #   asttokens
    #   bcrypt
    #   cabby
    #   click-repl
    #   furl
    #   html5lib
    #   jsonlines
    #   jsonschema
    #   libtaxii
    #   opentaxii
    #   orderedmultidict
    #   pymisp
    #   pyrsistent
    #   pysaml2
    #   python-dateutil
    #   retrying
    #   stix2-patterns
    #   structlog
    #   taxii2-client
    #   tld
    #   validators
soupsieve==2.0.1
    # via beautifulsoup4
sqlalchemy==1.4.25
    # via
    #   -r requirements/requirements-prod.in
    #   alembic
    #   flask-sqlalchemy
    #   opentaxii
    #   quuz
stack-data==0.5.0
    # via ipython
statsd==3.3.0
    # via -r requirements/requirements-prod.in
stix-validator==2.5.1
    # via -r requirements/requirements-prod.in
stix2[taxii]==3.0.1
    # via
    #   -r requirements/requirements-prod.in
    #   opentaxii
stix2-patterns==1.3.2
    # via
    #   -r requirements/requirements-prod.in
    #   stix2
structlog==20.1.0
    # via
    #   -r requirements/requirements-prod.in
    #   opentaxii
    #   quuz
structlog-sentry==1.4.0
    # via -r requirements/requirements-prod.in
tabulate==0.8.5
    # via -r requirements/requirements-prod.in
taxii2-client==2.3.0
    # via
    #   -r requirements/requirements-prod.in
    #   stix2
text-unidecode==1.2
    # via python-slugify
tinycss2==1.0.2
    # via
    #   cairosvg
    #   cssselect2
    #   weasyprint
tld==0.7.9
    # via -r requirements/requirements-prod.in
toml==0.10.2
    # via ipdb
traitlets==5.4.0
    # via
    #   ipython
    #   matplotlib-inline
typing-extensions==4.5.0
    # via quuz
tzlocal==2.1
    # via dateparser
uritools==3.0.0
    # via urlextract
urlextract==0.13.0
    # via -r requirements/requirements-prod.in
urllib3==1.26.11
    # via
    #   botocore
    #   elasticsearch
    #   geoip2
    #   requests
    #   sentry-sdk
validators==0.15.0
    # via -r requirements/requirements-prod.in
vine==5.0.0
    # via
    #   amqp
    #   celery
    #   kombu
wcwidth==0.2.4
    # via prompt-toolkit
weakrefmethod==1.0.3
    # via mixbox
weasyprint==52.5
    # via -r requirements/requirements-prod.in
webencodings==0.5.1
    # via
    #   cssselect2
    #   html5lib
    #   tinycss2
werkzeug==2.0.3
    # via
    #   -r requirements/requirements-prod.in
    #   flask
wmctrl==0.3
    # via pdbpp
wrapt==1.12.1
    # via deprecated
xlrd==1.2.0
    # via stix-validator
xmlschema==1.5.3
    # via pysaml2
xmltodict==0.11.0
    # via -r requirements/requirements-prod.in
yarl==1.7.2
    # via aiohttp
zipp==3.6.0
    # via importlib-metadata
zxcvbn==4.4.27
    # via -r requirements/requirements-prod.in

Set SELinux mode to permissive#

Set SELinux to run in permissive mode before attempting to install EclecticIQ Intelligence Center.

Check the active SELinux mode by running:

getenforce

The active mode may be different from the SELINUX set in /etc/selinux/config. For EclecticIQ Intelligence Center hosts, you should set SELinux to run in permissive mode. To do this:

  1. Edit /etc/selinux/config.

  2. Look for the line that sets the SELINUX value.

  3. Change it to:

    SELINUX=permissive
    
  4. Save the file.

  5. Reboot.

Example /etc/selinux/config file:

SELINUX=permissive
SELINUXTYPE=targeted

Tip

To temporarily set the active SELinux mode to permissive, you can run:

setenforce permissive

This can cause issues with EclecticIQ Intelligence Center when SELinux reverts to a more restrictive mode.