setup_arkimie.md

Install/Setup Arkmie (formley known as Moloch)

Init Ansible playbook

1. vim macos-workshop/hosts.ini and add the Arkmie server IP address under [arkmie]
2. cp group_vars/sec_tools.yml.example group_vars/sec_tools.yml
3. vim group_vars/sec_tools.yml and set:
4. monitoring_interface – Set this to the interface that will be used for network monitoring
5. arkmie_version – Set the version of Arkmie to install
6. arkmie_admin_user - Username of Arkmie admin
7. arkmie_admin_password - Password for Arkmie admin
8. arkmie_regular_user - Username for workshop participant account
9. arkmie_regular_password - Password for workshop participants
10. elasticsearch_oss_version - Elasticsearch OSS version to install
11. 

Run Ansible playbook

1. ansible-playbook -i hosts.ini deploy_arkmie.yml -u ubuntu --key-file terraform/ssh_keys/id_rsa

Generate Let's Encrypt certificate

1. SSH into Elastic EC2 instance
2. sudo su
3. apt install certbot python3-certbot-nginx -y
4. certbot --nginx -d arkmie.<external domain>
5. Enter the e-mail for the admin of the domain
6. Enter A for Terms of Service
7. Enter N to share e-mail with EFF
8. Enter 2 to redirect HTTP traffic to HTTPS
9. Review NGINX config: /etc/nginx/conf.d/kibana.conf
10. systemctl restart nginx

Clearing index data

1. systemctl stop molochviewer
2. systemctl stop molochcapture
3. /data/moloch/db/db.pl http://127.0.0.1:9200 wipe
4. Type WIPE
5. systemctl start molochviewer
6. systemctl start molochcapture

References

• Redirect HTTP to HTTPS in Nginx
• Arkmie - How do I proxy Arkime using Apache
• How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 16.04
• Arkmie install instructions
• How To Install Java with Apt on Ubuntu 20.04
• community.docker.docker_swarm – Manage Swarm cluster
• How to Use the Netplan Network Configuration Tool on Linux
• Elasticsearch
• Elasticsearch - Response Data Formats
• cat indices API
• Elasticsearch - Delete API