How to Install GRR on EndeavourOS
GRR is an open-source incident response framework that can automate investigations and hunt threats. In this tutorial, we will explain how to install GRR on EndeavourOS.
Prerequisites
Before starting this tutorial, you need to make sure you have installed the following prerequisites on your system:
- EndeavourOS latest version
- Python 3.7+ installed (check with
python3 --version)
Step 1: Install Dependencies
First, we need to install some dependencies for GRR to work properly. Open a terminal window and enter the following commands:
sudo pacman -S python python-pip python-virtualenv build-essential python-dev libssl-dev libffi-dev libsqlite3-dev
Step 2: Create Virtual Environment
Now, we will create a virtual environment to install GRR. To create a virtual environment, enter the following commands:
mkdir ~/grr
cd ~/grr
Next, create the virtual environment and activate it:
virtualenv --python=/usr/bin/python3 grr_virtualenv
source grr_virtualenv/bin/activate
Step 3: Install GRR
With the virtual environment activated, we will now install GRR. To install GRR, enter the following commands:
pip3 install grr-response-server
pip3 install grr-response-templates
Step 4: Configure GRR
Now that we have installed GRR, we need to configure it before we can use it. To configure GRR, enter the following commands:
grr_config_updater initialize
This will create a configuration file located in ~/grr/grr-server.yaml.
Next, start the GRR console with the following command:
grr_console
Step 5: Setup GRR
Now we need to do some initial setup of GRR. In the GRR console, enter the following commands:
config WriteKey "changeme"
config AdminUI.url "http://localhost:8000"
config Server.renderer "Native"
config Server.foreman_check_frequency 60
config Server.binary_whitelist [".*/python3", ".*getent"]
disallow AllUsers # Disallow all normal users access to the console
grant Wheel AdminUI # Grant admin access to members of the wheel group
If you want to change the default password for the admin user, run the following command:
grr_console --username=admin --password=newpassword
Step 6: Starting GRR
Now we are ready to start GRR. To start GRR, open a new terminal window and enter the following commands:
cd ~/grr
source grr_virtualenv/bin/activate
grr_admin_ui &
grr_worker &
grr_server &
Conclusion
Congratulations! You have successfully installed GRR on EndeavourOS. You can now use GRR to automate incident response and threat hunting.