Before you start RHEL#
Deprecated: Use installation playbooks instead
Instructions to manually install and upgrade EclecticIQ Intelligence Center, and using rundoc to install or upgrade EclecticIQ Intelligence Center, are deprecated.
Use EclecticIQ Intelligence Center installation playbooks instead.
Review these system requirements before proceeding to install EclecticIQ Intelligence Center from a rpm package.
Conventions#
Command and code examples#
Some examples require you to run terminal commands as root.
# Grant the currently logged in user root-level access
sudo -i
# Grant root-level access to a different user
sudo -i -u ${user_name}
# Run a command as a different user, with root-level access
sudo -i -u ${user_name} ${command} ${options}\
Placeholder variables#
Example commands may describe placeholder variables using bash parameter substitution like this:
${placeholder_variable_name}
In this case, the example usually asks you to set the
value of placeholder_variable_name
beforehand.
You can also substitute it in the command yourself:
# Example given:
ssh ${username}@${domain}
# After substitution
ssh [email protected]
Software downloaders and package managers#
When the documentation includes code snippets to provide examples of how to retrieve a product to install, most code examples use wget or curl.
If these products are not installed on your system, download and install them.
Otherwise, feel free to use any other viable alternative that enables retrieving assets and resources from the Internet.
yum and rpm are standard package managers for both Rocky Linux and RHEL.
Your system should also be able to pin/lock specific versions of Intelligence Center dependencies after installing them.
To do this, you can use yum-versionlock
:
# Pin/Lock a package to the currently installed version
yum-versionlock ${package_name}
# Unpin/Unlock all packages, for example before an upgrade
yum-versionlock clear
Warning
If you need to troubleshoot the intelligence Center, do not use debuggers in production environments.
Debuggers can enable arbitrary code execution. This is a security risk.
About EclecticIQ Intelligence Center#
EclecticIQ Intelligence Center is powered by STIX and TAXII open standards.
It enables ingesting, consolidating, analyzing, integrating, and collaborating on cyber threat intelligence from multiple sources in a broad range of formats.
Feature |
Description |
---|---|
Feed management |
Manage multiple cyber threat intelligence feeds from any source, in many different formats. |
Enrichment |
Enrich existing intelligence with external data sources providing more context, and refine it with de-duplication and pattern recognition. |
Sharing |
Share threat intelligence together with partners to participate in a collaborative information ecosystem. |
Collaboration |
Analyze and author intelligence in together with other teams and departments. |
Insights |
Generate insight thanks to a high-fidelity, normalized view into your intelligence. |
Integration |
Understand how cyber threat intelligence relates to and how it can affect your organization and your environment. |
Deployment architecture guidance#
Hardware requirements for EclecticIQ Intelligence Center can vary, depending on the target system and the environment.
The requirements outlined in this section are guidelines for different deployment configurations:
Test – Small configuration (1 host)#
Note
Not recommended for production deployments.
- Configuration:
test-small
- Entity count:
5 million
- Number of hosts:
1
- Disk IOPs per host:
3000 IOPs minimum, 10000 IOPs recommended
Host 1 |
|
|||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Partition sizes |
|
Test – Medium configuration (4 hosts)#
Note
Not recommended for production deployments.
- Configuration:
test-medium
- Entity count:
25 million
- Number of hosts:
4
- Disk IOPs per host:
3000 IOPs minimum, 10000 IOPs recommended
Host 1 |
|
|||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Host 2 |
|
|||||||||||||||
Host 3 |
|
|||||||||||||||
Host 4 |
|
Production – Medium configuration (6 hosts)#
- Configuration:
prod-medium
- Entity count:
60 million
- Number of hosts:
6
- Disk IOPs per host:
3000 IOPs minimum, 10000 IOPs recommended
Host 1 |
|
|||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Host 2 |
|
|||||||||||||||
Host 3 |
|
|||||||||||||||
Host 4 |
|
|||||||||||||||
Host 5 |
|
|||||||||||||||
Host 6 |
|
Production – Large configuration (10 hosts)#
- Configuration:
prod-large
- Entity count:
100 million
- Number of hosts:
10
- Disk IOPs per host:
3000 IOPs minimum, 10000 IOPs recommended
Host 1 |
|
|||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Host 2 |
|
|||||||||||||||
Host 3 |
|
|||||||||||||||
Host 4 |
|
|||||||||||||||
Host 5 |
|
|||||||||||||||
Host 6 |
|
|||||||||||||||
Host 7 |
|
|||||||||||||||
Host 8 |
|
|||||||||||||||
Host 9 |
|
|||||||||||||||
Host 10 |
|
Software requirements#
Credentials and host name#
To correctly configure the system after installing the required dependencies and third-party products, ensure you have the following information available:
Fully qualified domain name of the host machine you are going to use to access EclecticIQ Intelligence Center.
SSL certificate and key for the web server.
EclecticIQ Intelligence Center login credentials.
User name and password#
During the installation, you are prompted to assign the administrator account a user name and a password.
By default, when performing a Intelligence Center installation you are prompted to create only an administrator account, because at any given time EclecticIQ Intelligence Center requires at least one active administrator user profile.
Follow these guidelines to define a strong password:
It should be between 10 and 64 characters long.
It should contain at least one uppercase alphabetic character.
It should contain at least one special character
It should contain at least one number.
It should not reuse a previous password.
User password history logs the previous 100 passwords.
It should not be on NBP, the NIST Bad Passwords list.
It should not include the user name it is associated with.
For more information, see the NIST digital identity guidelines.
Supported operating systems#
The following operating systems are supported:
Rocky Linux 8
Red Hat Enterprise Linux 8
Important
If you are running an older operating system, you must upgrade to one of the supported operating systems:
Access permissions#
The installation procedure requires a umask value of 0022 to allow creating and modifying files and directories on the target system.
Encoding#
EclecticIQ Intelligence Center uses and expects text data in UTF-8.
Dependencies and components that exchange data with EclecticIQ Intelligence Center must use the same encoding.
The LANG environment variable must be set to en_US.UTF-8. Example: LANG=en_US.UTF-8
Locale#
The system locale must be en_US.UTF-8.
To check and, if necessary, set the system locale to en_US.UTF-8:
if [ "$LANG" != "en_US.UTF-8" ]; then localectl set-locale LANG=en_US.UTF-8; fi
Time zone#
The global time zone configuration must be UTC.
While you can set a local or a custom time zone value to display local time on EclecticIQ Intelligence Center, the host system time zone must be consistently on UTC time.
This includes OS, databases, as well as any other products or components that enable setting a time zone, and that interact/interoperate with EclecticIQ Intelligence Center.
To set the system time zone to UTC:
timedatectl set-timezone UTC
Data mount points#
When configuring the data directory for EclecticIQ Intelligence Center components, follow the Deployment architecture guidance.
By default, EclecticIQ Intelligence Center puts the data
directory of PostgreSQL, Elasticsearch, and Redis in /media
.
Databases and network binding#
On a single machine installation, network interface bindings for services are set
to 127.0.0.1
by default, except for PostgreSQL which has a different configuration.
Instructions may have asked you to change this to a more permissive
binding in multi-machine installations, or you may be
using an older installation where defaults were set to 0.0.0.0
.
The table below shows a list of configuration files where network interface bindings are set for each service.
You may want to change these bindings to suit your environment.
Service name |
File path(s) |
Parameters |
Notes |
---|---|---|---|
Elasticsearch |
/etc/systemd/system/elasticsearch.service.d/20-eclecticiq.conf
|
[Service]
Environment=BINDING_ADDRESS=127.0.0.1
|
For more information, see Elasticsearch’s documentation. |
PostgreSQL |
/etc/eclecticiq-postgres/pg_hba.conf
|
TYPE DATABASE USER ADDRESS METHOD
local all postgres trust
host all all samenet md5
host all all 0.0.0.0/0 password
|
For more information, see The pg_hba.conf File. |
Redis |
/etc/eclecticiq-redis/redis.conf
|
bind 127.0.0.1
|
For more information, see Redis security and redis.conf. |
Web browsers#
EclecticIQ Intelligence Center web interface supports the following browsers.
Fully supported (latest versions of):
Google Chrome
Functionally supported (latest versions of):
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer 11
Opera
Apple Safari
Updating products at OS level#
We recommend that you review all operating system (OS) package updates when updating EclecticIQ Intelligence Center host.
To retrieve a list of libraries and the packages that make them available, start a terminal session, and then run the following command:
libraries_used=$(find /opt/eclecticiq-platform-backend/lib/python3.6/site-packages/ -name "*.so" | xargs ldd | sed -r '/^\s/!d' | awk '{print $1}' | sort -u); providing_packages=$(echo $libraries_used | xargs yum provides | sed -r '/^(Provides\s*:|Filename\s*:|Repo\s*:|Matched from\s*:).*$/d' | sort -u | grep -Ev "^(\s+|Loaded|Loading)"); echo -e "\nLibraries used:\n\n$libraries_used\n\n\nPackages that provide them:\n$providing_packages"
Example response output:
# Example output list of libraries and packages
# whose changelogs you should review
# for possible breaking changes
# before proceeding with updating them
Libraries used:
/lib64/ld-linux-x86-64.so.2
libcom_err-beb60336.so.2.1
libcom_err.so.2
libcrypto-c1fa9491.so.1.0.2q
libcrypto.so.10
libcrypt.so.1
libc.so.6
libdl.so.2
libffi-806b1a9d.so.6.0.4
libfreebl3.so
libgssapi_krb5-174f8956.so.2.2
libgssapi_krb5.so.2
libk5crypto-622ef25b.so.3.1
libk5crypto.so.3
libkeyutils-1-ff31573b.2.so
libkeyutils.so.1
libkrb5-fb0d2caa.so.3.3
libkrb5.so.3
libkrb5support-d7ce89d4.so.0.1
libkrb5support.so.0
liblber-2.4.so.2
liblber-2-d7edd0dc.4.so.2.10.7
libldap_r-2.4.so.2
libldap_r-2-9270213a.4.so.2.10.7
libmaxminddb.so.0
libm.so.6
libnspr4.so
libnss3.so
libnssutil3.so
libpcre.so.1
libplc4.so
libplds4.so
libpq-bd31fe2b.so.5.11
libpthread.so.0
libpython3.6m.so.1.0
libresolv.so.2
librt.so.1
libsasl2-e96a0dbf.so.2.0.22
libsasl2.so.3
libselinux-cf8f9094.so.1
libselinux.so.1
libsepol-b4f5b513.so.1
libsmime3.so
libssl3.so
libssl-c0c2ede4.so.1.0.2q
libssl.so.10
libutil.so.1
libyaml-0.so.2
libz-a147dcb0.so.1.2.3
libz.so.1
linux-vdso.so.1
Packages that provide them:
1:openssl-libs-1.0.2k-19.el7.i686 : A general purpose cryptography library with
cyrus-sasl-lib-2.1.26-23.el7.i686 : Shared libraries needed by applications
glibc-2.17-292.el7.i686 : The GNU libc libraries
glibc-2.17-292.el7.x86_64 : The GNU libc libraries
keyutils-libs-1.5.8-3.el7.i686 : Key utilities library
krb5-libs-1.15.1-37.el7_6.i686 : The non-admin shared libraries used by Kerberos
krb5-libs-1.15.1-37.el7_7.2.i686 : The non-admin shared libraries used by
libcom_err-1.42.9-16.el7.i686 : Common error description library
libmaxminddb-1.2.0-6.el7.i686 : C library for the MaxMind DB file format
libselinux-2.5-14.1.el7.i686 : SELinux library and simple utilities
libyaml-0.1.4-11.el7_0.i686 : YAML 1.1 parser and emitter written in C
nspr-4.21.0-1.el7.i686 : Netscape Portable Runtime
nss-3.44.0-4.el7.i686 : Network Security Services
nss-3.44.0-7.el7_7.i686 : Network Security Services
nss-softokn-freebl-3.44.0-5.el7.i686 : Freebl library for the Network Security
nss-softokn-freebl-3.44.0-8.el7_7.i686 : Freebl library for the Network Security
nss-util-3.44.0-3.el7.i686 : Network Security Services Utilities Library
nss-util-3.44.0-4.el7_7.i686 : Network Security Services Utilities Library
openldap-2.4.44-21.el7_6.i686 : LDAP support libraries
pcre-8.32-17.el7.i686 : Perl-compatible regular expression library
python3-libs-3.6.8-10.el7.i686 : Python runtime libraries
zlib-1.2.7-18.el7.i686 : The compression and decompression library
Third-party products#
EclecticIQ Intelligence Center is bundled with the following third-party packages:
eclecticiq-statsite |
6.0.0 |
Metrics aggregator for the dashboard based on Statsite. |
elasticsearch |
7.17.8 |
Elasticsearch database. |
openjdk |
11 |
OpenJDK Java Platform. |
kibana |
7.17.8 |
Kibana. |
logstash |
7.17.8 |
Logstash. |
nginx |
1.14.1 |
Nginx web server. |
poppler-utils |
20.11.0 |
poppler-utils download page. |
postfix |
3.5.8 |
Postfix email server. |
postgresql11 |
11.19 |
PostgreSQL database. |
python38 |
3.8.13 |
Python 3.8. |
redis |
7.0.8 |
Redis. |
bsdtar |
3.3.3 |
Standalone command-line utility for using libarchive to read archives. |
xmlsec1 |
1.2.25 |
xmlsec1 enables signing, verifying, encrypting, and decrypting XML documents. |
Note
About Elasticsearch
During complex index upgrades and reindexing operations, Elasticsearch may require additional disk space to store temporary working files and temporary copies of the existing indices.
Monitor your Elasticsearch partition usage.
Before it reaches 50% of the available space in the partition extend it, so that the new partition size is at least twice as large as the sum of the existing Elasticsearch indices.
Example
If Elasticsearch currently uses 43 GB of disk space, extend the partition where Elasticsearch lives to at least 86 GB.
Bundled third-party software#
EclecticIQ Platform is bundled with the following third-party software. Each product on the list abides by its own terms and conditions and its own license.
package.json (source from EIQ platform-ui)
Frontend third-party dependencies
"dependencies": {
"@headlessui/react": "^0.2.0",
"@hookform/resolvers": "^2.9.10",
"@popperjs/core": "^2.9.2",
"@react-aria/button": "^3.3.2",
"@react-aria/focus": "^3.4.0",
"@react-aria/link": "^3.2.2",
"@react-aria/overlays": "^3.7.1",
"@tanstack/react-query": "^4.12.0",
"@tanstack/react-query-devtools": "^4.12.0",
"@tinymce/tinymce-react": "3.14.0",
"axios": "^1.6.4",
"classnames": "^2.2.6",
"clipboard-copy": "^3.1.0",
"dompurify": "2.2.3",
"downloadjs": "^1.4.7",
"escape-string-regexp": "^1.0.5",
"filesize": "^3.5.6",
"flux": "4.0.3",
"he": "^1.1.1",
"history": "^4.6.1",
"immutability-helper": "^2.4.0",
"immutable": "3.8.1",
"iso-3166-2": "^1.0.0",
"json-stable-stringify": "^1.0.1",
"jwt-decode": "^2.2.0",
"keycode": "^2.2.0",
"keylines": "file:./src/vendor/keylines",
"keymirror": "~0.1.0",
"lodash": "^4.17.21",
"markdown-it": "^12.3.2",
"markdown-it-regexp": "^0.4.0",
"microdata": "^1.1.3",
"moment": "^2.29.4",
"moment-timezone": "0.5.41",
"pluralize": "^8.0.0",
"qrcode": "^1.4.4",
"qs": "^6.10.3",
"react": "^17.0.2",
"react-click-outside": "^2.1.0",
"react-country-flag": "^3.0.2",
"react-dates": "17.1.1",
"react-dnd": "^11.1.3",
"react-dnd-html5-backend": "^11.1.3",
"react-dom": "^17.0.2",
"react-dropzone": "^3.3.2",
"react-hook-form": "^7.20.2",
"react-immutable-proptypes": "^1.5.0",
"react-merge-refs": "^1.1.0",
"react-pdf": "4.0.3",
"react-popper": "^2.2.5",
"react-redux": "^7.2.5",
"react-resize-detector": "^5.2.0",
"react-router": "^5.2.0",
"react-router-dom": "^5.2.0",
"react-select": "^5.7.3",
"react-select-legacy": "npm:[email protected]",
"react-string-replace": "^0.3.2",
"react-tether": "^1.0.4",
"react-treeview": "^0.4.2",
"react-use": "^17.2.3",
"redux": "^4.0.0",
"redux-devtools-extension": "^2.13.8",
"reselect": "^3.0.1",
"superagent": "^3.8.1",
"superagent-promise": "^1.1.0",
"superagent-throttle": "1.0.0",
"tcomb-form": "0.9.20",
"typed-immutable": "0.0.7",
"word-wrap": "^1.2.4",
"yup": "^0.32.11"
},
requirements-prod.txt (sourced from EIQ platform-backend)
Backend third-party dependencies
aiohttp==3.8.5
# via geoip2
aiosignal==1.2.0
# via aiohttp
alembic==1.7.4
# via -r requirements/requirements-prod.in
amqp==5.0.9
# via kombu
antlr4-python3-runtime==4.8
# via stix2-patterns
apispec[yaml]==4.7.1
# via
# -r requirements/requirements-prod.in
# apispec-webframeworks
apispec-webframeworks==0.5.0
# via -r requirements/requirements-prod.in
appdirs==1.4.4
# via urlextract
asttokens==2.0.8
# via stack-data
async-timeout==4.0.2
# via aiohttp
attrs==21.4.0
# via
# -r requirements/requirements-prod.in
# aiohttp
# cattrs
# jsonschema
# quuz
authlib==0.14.3
# via flask-azure-oauth
backcall==0.2.0
# via ipython
bcrypt==3.2.0
# via
# -r requirements/requirements-prod.in
# paramiko
beautifulsoup4==4.7.1
# via -r requirements/requirements-prod.in
billiard==3.6.4.0
# via celery
blinker==1.4
# via
# -r requirements/requirements-prod.in
# opentaxii
# quuz
boto3==1.20.24
# via -r requirements/requirements-prod.in
botocore==1.23.24
# via
# boto3
# s3transfer
cabby==0.1.23
# via -r requirements/requirements-prod.in
cachetools==3.1.0
# via -r requirements/requirements-prod.in
cairocffi==1.2.0
# via
# cairosvg
# weasyprint
cairosvg==2.7.0
# via
# -r requirements/requirements-prod.in
# weasyprint
cattrs==1.0.0
# via -r requirements/requirements-prod.in
celery==5.2.3
# via -r requirements/requirements-prod.in
certifi==2022.12.7
# via
# -r requirements/requirements-prod.in
# elasticsearch
# requests
# sentry-sdk
cffi==1.14.0
# via
# bcrypt
# cairocffi
# cryptography
# pynacl
# weasyprint
chardet==4.0.0
# via requests
charset-normalizer==2.0.12
# via aiohttp
click==8.0.3
# via
# -r requirements/requirements-prod.in
# celery
# click-didyoumean
# click-plugins
# click-repl
# flask
# objectivistix
# quuz
click-didyoumean==0.0.3
# via celery
click-plugins==1.1.1
# via celery
click-repl==0.2.0
# via celery
colorama==0.3.9
# via -r requirements/requirements-prod.in
colorlog==4.1.0
# via cabby
croniter==1.3.8
# via -r requirements/requirements-prod.in
cryptography==39.0.2
# via
# -r requirements/requirements-prod.in
# authlib
# msal
# paramiko
# pyjwt
# pyopenssl
# pysaml2
cssselect2==0.3.0
# via
# cairosvg
# weasyprint
datauri==1.0.0
# via -r requirements/requirements-prod.in
dateparser==1.1.6
# via -r requirements/requirements-prod.in
decorator==4.4.2
# via
# ipdb
# ipython
# validators
defusedxml==0.6.0
# via
# cairosvg
# pysaml2
deprecated==1.2.12
# via pymisp
elasticsearch==7.17.8
# via -r requirements/requirements-prod.in
elementpath==2.2.1
# via xmlschema
executing==1.0.0
# via stack-data
exif==1.2.2
# via -r requirements/requirements-prod.in
fancycompleter==0.9.1
# via pdbpp
feedparser==6.0.8
# via -r requirements/requirements-prod.in
flask==2.0.3
# via
# -r requirements/requirements-prod.in
# flask-azure-oauth
# flask-classful
# flask-redis
# flask-sqlalchemy
# opentaxii
flask-azure-oauth==0.6.0
# via -r requirements/requirements-prod.in
flask-classful==0.14.2
# via -r requirements/requirements-prod.in
flask-redis==0.3.0
# via -r requirements/requirements-prod.in
flask-sqlalchemy==2.5.1
# via -r requirements/requirements-prod.in
frozenlist==1.3.0
# via
# aiohttp
# aiosignal
furl==2.0.0
# via
# -r requirements/requirements-prod.in
# cabby
geoip2==4.5.0
# via -r requirements/requirements-prod.in
greenlet==1.1.2
# via sqlalchemy
gunicorn==20.1.0
# via -r requirements/requirements-prod.in
html5lib==1.1
# via weasyprint
idna==2.10
# via
# requests
# urlextract
# yarl
importlib-metadata==4.8.1
# via alembic
importlib-resources==5.1.2
# via
# alembic
# pysaml2
inflect==5.0.2
# via -r requirements/requirements-prod.in
ipdb==0.13.9
# via -r requirements/requirements-prod.in
ipython==8.10.0
# via
# -r requirements/requirements-prod.in
# ipdb
iso3166==1.0.1
# via -r requirements/requirements-prod.in
itsdangerous==2.0.1
# via
# -r requirements/requirements-prod.in
# flask
jedi==0.17.0
# via ipython
jinja2==3.0.3
# via
# -r requirements/requirements-prod.in
# flask
jmespath==0.10.0
# via
# boto3
# botocore
jsonlines==1.2.0
# via -r requirements/requirements-prod.in
jsonschema==3.0.2
# via
# -r requirements/requirements-prod.in
# pymisp
kombu==5.2.3
# via celery
libtaxii==1.1.118
# via
# cabby
# opentaxii
lief==0.12.3
# via pymisp
lxml==4.9.1
# via
# -r requirements/requirements-prod.in
# libtaxii
# mixbox
# objectivistix
# opentaxii
# stix-validator
mako==1.2.2
# via alembic
markupsafe==2.1.2
# via
# -r requirements/requirements-prod.in
# jinja2
# mako
marshmallow==3.10.0
# via
# -r requirements/requirements-prod.in
# opentaxii
matplotlib-inline==0.1.3
# via ipython
maxminddb==2.2.0
# via geoip2
mixbox==1.0.5
# via stix-validator
msal==1.21.0
# via -r requirements/requirements-prod.in
multidict==6.0.2
# via
# aiohttp
# yarl
mypy-extensions==0.4.3
# via opentaxii
objectivistix==1.2.3
# via -r requirements/requirements-prod.in
opentaxii==0.9.3
# via -r requirements/requirements-prod.in
ordered-set==4.0.1
# via mixbox
ordereddict==1.1
# via stix-validator
orderedmultidict==1.0.1
# via furl
paramiko==3.1.0
# via -r requirements/requirements-prod.in
parso==0.7.0
# via jedi
pdbpp==0.9.5
# via -r requirements/requirements-prod.in
pexpect==4.8.0
# via ipython
pickleshare==0.7.5
# via ipython
pillow==9.3.0
# via
# cairosvg
# weasyprint
plum-py==0.3.1
# via exif
ply==3.11
# via plyara
plyara==2.0.3
# via -r requirements/requirements-prod.in
prompt-toolkit==3.0.31
# via
# click-repl
# ipython
psutil==5.6.7
# via -r requirements/requirements-prod.in
psycopg2-binary==2.8.5
# via -r requirements/requirements-prod.in
ptyprocess==0.6.0
# via pexpect
punq==0.4.1
# via -r requirements/requirements-prod.in
pure-eval==0.2.2
# via stack-data
py-spy==0.3.10
# via -r requirements/requirements-prod.in
pyasn1==0.4.8
# via
# pyasn1-modules
# python-ldap
pyasn1-modules==0.2.8
# via python-ldap
pycparser==2.20
# via cffi
pygments==2.7.4
# via
# ipython
# pdbpp
pyjwt[crypto]==2.4.0
# via
# -r requirements/requirements-prod.in
# msal
# opentaxii
pymisp==2.4.121
# via -r requirements/requirements-prod.in
pynacl==1.5.0
# via paramiko
pyopenssl==23.0.0
# via pysaml2
pyotp==2.3.0
# via -r requirements/requirements-prod.in
pyphen==0.9.5
# via weasyprint
pyrepl==0.9.0
# via fancycompleter
pyrsistent==0.16.0
# via jsonschema
pysaml2==6.5.1
# via -r requirements/requirements-prod.in
python-dateutil==2.8.2
# via
# -r requirements/requirements-prod.in
# botocore
# croniter
# dateparser
# libtaxii
# mixbox
# pymisp
# pysaml2
# stix-validator
python-gnupg==0.4.4
# via -r requirements/requirements-prod.in
python-ldap==3.4.0
# via -r requirements/requirements-prod.in
python-magic==0.4.25
# via -r requirements/requirements-prod.in
python-slugify==3.0.3
# via -r requirements/requirements-prod.in
pytz==2021.3
# via
# -r requirements/requirements-prod.in
# cabby
# celery
# dateparser
# opentaxii
# pysaml2
# stix2
# taxii2-client
# tzlocal
pyyaml==6.0
# via
# -r requirements/requirements-prod.in
# apispec
# objectivistix
# opentaxii
quuz==9.0.3
# via -r requirements/requirements-prod.in
rarfile==4.0
# via -r requirements/requirements-prod.in
redis==3.5.3
# via
# -r requirements/requirements-prod.in
# flask-redis
regex==2020.6.8
# via dateparser
requests==2.25.1
# via
# -r requirements/requirements-prod.in
# cabby
# flask-azure-oauth
# geoip2
# msal
# pymisp
# pysaml2
# stix2
# taxii2-client
retrying==1.3.3
# via -r requirements/requirements-prod.in
rfc3986==1.3.0
# via -r requirements/requirements-prod.in
s3transfer==0.5.0
# via boto3
sanest==0.1.0
# via -r requirements/requirements-prod.in
sentry-sdk==1.4.3
# via
# -r requirements/requirements-prod.in
# structlog-sentry
sgmllib3k==1.0.0
# via feedparser
simplejson==3.17.0
# via stix2
six==1.15.0
# via
# asttokens
# bcrypt
# cabby
# click-repl
# furl
# html5lib
# jsonlines
# jsonschema
# libtaxii
# opentaxii
# orderedmultidict
# pymisp
# pyrsistent
# pysaml2
# python-dateutil
# retrying
# stix2-patterns
# structlog
# taxii2-client
# tld
# validators
soupsieve==2.0.1
# via beautifulsoup4
sqlalchemy==1.4.25
# via
# -r requirements/requirements-prod.in
# alembic
# flask-sqlalchemy
# opentaxii
# quuz
stack-data==0.5.0
# via ipython
statsd==3.3.0
# via -r requirements/requirements-prod.in
stix-validator==2.5.1
# via -r requirements/requirements-prod.in
stix2[taxii]==3.0.1
# via
# -r requirements/requirements-prod.in
# opentaxii
stix2-patterns==1.3.2
# via
# -r requirements/requirements-prod.in
# stix2
structlog==20.1.0
# via
# -r requirements/requirements-prod.in
# opentaxii
# quuz
structlog-sentry==1.4.0
# via -r requirements/requirements-prod.in
tabulate==0.8.5
# via -r requirements/requirements-prod.in
taxii2-client==2.3.0
# via
# -r requirements/requirements-prod.in
# stix2
text-unidecode==1.2
# via python-slugify
tinycss2==1.0.2
# via
# cairosvg
# cssselect2
# weasyprint
tld==0.7.9
# via -r requirements/requirements-prod.in
toml==0.10.2
# via ipdb
traitlets==5.4.0
# via
# ipython
# matplotlib-inline
typing-extensions==4.5.0
# via quuz
tzlocal==2.1
# via dateparser
uritools==3.0.0
# via urlextract
urlextract==0.13.0
# via -r requirements/requirements-prod.in
urllib3==1.26.11
# via
# botocore
# elasticsearch
# geoip2
# requests
# sentry-sdk
validators==0.15.0
# via -r requirements/requirements-prod.in
vine==5.0.0
# via
# amqp
# celery
# kombu
wcwidth==0.2.4
# via prompt-toolkit
weakrefmethod==1.0.3
# via mixbox
weasyprint==52.5
# via -r requirements/requirements-prod.in
webencodings==0.5.1
# via
# cssselect2
# html5lib
# tinycss2
werkzeug==2.0.3
# via
# -r requirements/requirements-prod.in
# flask
wmctrl==0.3
# via pdbpp
wrapt==1.12.1
# via deprecated
xlrd==1.2.0
# via stix-validator
xmlschema==1.5.3
# via pysaml2
xmltodict==0.11.0
# via -r requirements/requirements-prod.in
yarl==1.7.2
# via aiohttp
zipp==3.6.0
# via importlib-metadata
zxcvbn==4.4.27
# via -r requirements/requirements-prod.in
Set SELinux mode to permissive#
Set SELinux to run in permissive mode before attempting to install EclecticIQ Intelligence Center.
Check the active SELinux mode by running:
getenforce
The active mode may be different from the SELINUX
set in /etc/selinux/config
.
For EclecticIQ Intelligence Center hosts, you should set SELinux to run in permissive
mode.
To do this:
Edit
/etc/selinux/config
.Look for the line that sets the
SELINUX
value.Change it to:
SELINUX=permissive
Save the file.
Reboot.
Example /etc/selinux/config
file:
SELINUX=permissive
SELINUXTYPE=targeted
Tip
To temporarily set the active SELinux mode to permissive, you can run:
setenforce permissive
This can cause issues with EclecticIQ Intelligence Center when SELinux reverts to a more restrictive mode.