How to Install Patrowl on Fedora CoreOS latest version

Introduction

Patrowl is an open-source security information and event management (SIEM) system. It is designed to provide cyber threat intelligence in real-time, identify security incidents, and facilitate incident response. Patrowl can be used to monitor log files, network traffic, security alerts, and malware detections. Patrowl is built on top of popular tools such as Elasticsearch, Kibana, and Logstash.

In this tutorial, we will guide you through the installation process of Patrowl on Fedora CoreOS latest version.

Prerequisites

  • A Linux system running Fedora CoreOS
  • SSH client (such as PuTTY)
  • Privileged access to the server

Step 1 - Install Docker

Patrowl is built using Docker containers. Hence, Docker must be installed before installing Patrowl. To install Docker, run the following command:

sudo rpm-ostree install docker

Once the installation is completed, start the Docker service and enable it to start at boot.

sudo systemctl start docker
sudo systemctl enable docker

Step 2 - Install Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications. It is used to orchestrate the Patrowl containers. To install Docker Compose on Fedora CoreOS, follow the steps below:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Verify the installation by running the following command:

docker-compose --version

Step 3 - Clone Patrowl Repository

Clone the Patrowl repository by running the following command:

sudo git clone https://github.com/Patrowl/PatrowlManager.git

Step 4 - Edit Docker Compose Configuration

Navigate to the Patrowl directory:

cd PatrowlManager/

Edit the docker-compose.yml file and set the Elasticsearch password:

elasticsearch:
  environment:
    - "discovery.type=single-node"
    - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    - "discovery.seed_hosts=127.0.0.1:9300"
    - "ELASTIC_PASSWORD=<set_elasticsearch_password_here>"

Note: Replace <set_elasticsearch_password_here> with your Elasticsearch password.

Step 5 - Build and Start Patrowl

Build and start the Patrowl container by running the following command:

docker-compose up -d

Step 6 - Access Patrowl Web Interface

The Patrowl web interface can be accessed at http://<your_server_ip>:8000. You can log in as admin with the following credentials:

  • Username: admin
  • Password: admin

Conclusion

This tutorial has shown you how to install Patrowl on Fedora CoreOS latest version. With Patrowl up and running, you can now start monitoring your systems for security threats in real-time.