Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Current »

Important

This document relates to the Installation Instructions for Snare Central v8.1.0 or newer. For details related to earlier versions please refer to the following guide.

Snare is an appliance-like solution, that includes the operating system, and the Snare Central software, on the installation media. A heavily customised distribution of Linux is used for the baseline installation.

The system which will host Snare Central must be configured to boot from the CD, DVD or USB device. Please note that a monitor, mouse and keyboard should be connected to the server or workstation.

  • The Snare Central ISO image can be written to a USB stick in order to install physical or virtual hardware, rather than generating a physical DVD. It is recommended that customers use a tool such as "Rufus" on Windows, or the "USB Image Writer" on Linux to migrate the ISO image to USB media.

Once you boot from the Snare Central installation media, the installation will ask you a number of questions. The following images and instructions will guide you through the process of installation.


Snare Central Installation - Kickstart

Insert the Snare Central Installation media, and boot the computer.

The Snare Central installation media will provide you with a guided install of the Linux operating system, and the Snare Central tools and utilities, presenting you with only those options that may vary from site to site, or from system to system, and specifically require your input. 

Hit ENTER on your keyboard.

Operating System Bootstrap

When you hit ENTER, Snare Central will boot the Linux operating system. The screen will remain blank for some time, and then a new video mode will appear on your monitor.

Please Wait

Language Selection

Although Snare Central currently only supports the English language, some elements of the operating system installation process can be localised.

Select the language that is most appropriate for your current geographic location, and press ENTER.

Location Selection

The installer will attempt to provide a range of potential locations, based on your language selection.

Select your geographic location, and press ENTER.

Keyboard Layout

Local keyboard layouts are supported for Snare Central.  

Select an option appropriate for your type of keyboard, and press ENTER.

Keyboard Layout (2)

Some languages/locations provide more than one option for keyboard layouts (eg: Qwerty, Dvorak).

Select an option appropriate for your type of keyboard, and press ENTER.

Accept the EULA


You will need to accept that you have read the End User License Agreement, available at https://www.snaresolutions.com/legal/terms-and-conditions.

If for any reason you do not accept the terms, the installation process will be terminated at this stage.

Select YES, I accept the license terms and press ENTER.

Preparing for Installation

Snare Central will scan the local application database for installation targets, and load additional components.

Please wait.

IP Address Configuration

Your Snare Central will require an IP address in order to participate on the network. You may need to consult your network administration team for assistance with an appropriate allocation, so that address conflicts do not occur.

Type the IP Address of the Snare Central Server, and press ENTER.

Netmask

Your Snare Central server will need to know the netmask to use for the local network. You may need to consult with your network administration team for assistance with an appropriate value, but most networks on which a Snare Central server will be installed will generally use either a 'Class C' (255.255.255.0), or 'Class B' (255.255.0.0) range.

Type the Netmask for the network on which Snare Central will be active.

Default Gateway

In order to contact (and be contacted by) machines outside the local area network, your Snare Central will need to know the IP address of the default gateway on the local network. You may need to consult with your network administration team for an appropriate value.

Type the Default Gateway Address that Snare Central should use to contact non-local network devices, and press ENTER.

Name Servers

Enter the IP address of your Domain Name Server(s).


Space separated DNS Server IP addresses, then press ENTER

Domain Name

The domain name is generally the alphabetic part of your company or organisational internet address; it may include '.gov' or '.com'. Do not include the hostname in this text entry box.

Type the domain name under which the Snare Central server will exist, and press ENTER

Time Zone

The Time Zone setting is important to ensure that your Snare Central retains appropriate time settings, particularly during events such as "Daylight Saving".

The installation process will attempt to detect your approximate physical location based on your earlier location and language settings.

Select your time zone. The list will be populated with values based on your earlier location and language selections.

Possible warning - disk space

If the disk space available is less than 400GB, a warning message will be displayed. 

Depending on your requirements select either 'Go Back' or 'Continue'.


Possible partitioning warning - mounted partitions

If the server on which you intend to install Snare, already has disks formatted with a file system that Snare is able to recognise, the installer may attempt to mount the disks.

If it does so successfully, this dialog may appear, requesting that you unmount the partition.

Select 'Yes'.

Partitioning

The local disk will be automatically partitioned based on Snare's requirements.

Please Wait.

Partitioning 2

Several local partitions will be created on the Snare Central server.

Please Wait.

Installing the Base System

The installation process will install the system packages required for the operation of Snare Central.

Please Wait.

Installing Software

Additional packages required by Snare, over and above the operating-system level functions will also be installed.

Although most steps are generally very quick to complete, there are a few points in the installation that may take a little longer than others. In particular:

  • configuring man-db
  • "Cleaning up"

Please Wait.

Installing Boot Loader

The primary disk on the server will be set to boot the Snare Central operating system.

On some systems, the installer may confirm if it should install GRUB, or other similar system components. This should be answered with a "Yes", otherwise Snare Central will not boot.

Please Wait.

Account Authentication

The installation subsystem will ask you to supply default passwords to several accounts, including:
  • The Snare operating system 'root', and 'snare' user accounts, used for emergency hardware-level system administrative activities, as guided by your Snare Central support team.
  • The Snare operating system 'snarexfer' account, which can be used by remote systems to transfer log data to Snare Central via ftp or scp.


Although Snare Central implements several password complexity controls such as dictionary exclusions, minimal length, and so on; initial installation passwords are NOT subject to such controls.


Enter appropriate passwords for each account.



System Reboot & Operating System Updates

Once the installation process has completed, Snare Central will automatically reboot.

At this point, specific components required for the operation of the event collection, analysis and reporting environment, will be installed; as will security updates to the baseline packages that come with the installation media.

This process should take approximately 15 minutes to complete, depending on the number of updates included. The most recent line from the raw output from the package update process, will be displayed within the dialog window.

The initial boot process may take around 20-30 seconds the first time through.

Please wait.

Operating System Package Configuration

The installation process will return to the console in order to configure key operating system packages, just in case a package requires user input in order to continue the installation process.

Please wait.

Snare Central Bootstrap

Several server-specific tasks will scroll through, including the installation and configuration of configuration databases, the installation of administrative objectives, and the initialisation of firewall rule sets.

Please wait.

Administrator Password

An initial password for the "Administrator" account for the Snare Central web interface, will be generated, set, and displayed.

The password will be chosen from random alpha-numeric characters, be 10 characters in length, and will exclude look-alike characters such as O/0 and I/l.

To update this password post-installation, refer to Knowledge Base article at https://support.prophecyinternational.com/s/article/How-to-reset-the-administrator-password-for-Snare-Server.

Please note this password for future reference.


Restart to complete installation

Snare Central needs to reboot one last time at the completion of the installation process, to complete the upgrade process of system packages.

Press Enter to reboot.

The Server will briefly return you to a black console, while finalising the installation process. If you are on a VMWare client, with a virtual floppy-drive installed, you may see I/O errors relating to 'fd0' - these are normal and safe to ignore. Other warning messages may be displayed on the console - this are also safe to ignore, and are anticipated & rectified as part of the modified installation process.


Server Ready

The Snare server has now installed, and is ready to access via your web browser. Point your browser at the IP address or DNS name for your new server to continue.

You can also login to the console directly using the snare user and password set up during the installation process.

License Information

Please point your web browser at Snare Central, with your IP address. A screen will appear, that identifies multiple KeyIDs, highlight and copy these KeyIDs.

To create the license:

  1. From the SLDM portal at customer.intersectalliance.com, go to My Licenses.
  2. Add these KeyIDs for your Snare Central and generate the license.
  3. Download your license.
  4. On the Snare Central page select Choose File, and select the license.
  5. Select Load License.

If you are having trouble generating your Snare Central license see Appendix A.

Copy, generate and download the KeyIDs in SLDM at customer.intersectalliance.com.

Log in to Snare Central


Snare Central will present a login page. Enter the UserID "Administrator", and the password that was generated by the installation process.


Log into Snare Central.

Configuration Wizard

When you first access Snare Central, a configuration wizard will appear. Follow the prompts to configure your Snare Central. More details about the configuration can be found in the Snare Central Users Guide, and you can always come back to the Configuration Wizard at a later time as required.

Use the Next and Previous buttons to move between the sections. You can also open or close them by clicking on the top-left arrow of each section.

Configuration Wizard - Done


Once the configuration wizard has finished - this page will return you to Snare Central.

Press the "Return to Snare Central" button.

  • No labels