Project Setup

Installation

To install your Cyphon project, first download the Cyphondock Git repository. For this example, we’ll clone it into the /opt/cyphon directory:

$ git clone https://github.com/dunbarcyber/cyphondock.git /opt/cyphon/cyphondock

Configuration

Generic settings for the project are contained in the ./config-COPYME directory. Copy this directory to a new directory called config, which will be used by your project instance:

$ cd /opt/cyphon/cyphondock/
$ cp -R config-COPYME config

The config directory contains settings for:

Environment Variables

The ./config/env/cyphon.env file contains default settings for superusers created for various services. Use a text editor to change the usernames and passwords to more secure options.

You can read more about environment variables in Docker’s documentation.

Django

Cyphon’s backend is based on the Django web framework. Settings for the Cyphon Django project are found in the ./config/cyphon/settings directory.

The conf.py file contains settings specific to your Cyphon instance. Using your favorite text editor, edit the conf.py file with the IP address and/or domain name for your host machine:

HOST_SETTINGS = {
   'ALLOWED_HOSTS': ['example.com', '127.0.0.1'],
   'CORS_ORIGIN_WHITELIST': ['example.com', '127.0.0.1'],
}

You should also change the Django SECRET_KEY to something unique. You can generate one here.

The base.py, dev.py, and prod.py files contain more general settings for Django and other third party apps used by Cyphon. At a minimum, you should configure the BASE_URL setting in the dev.py and prod.py files. See Cyphon Configurations for more info.

Cyclops

Cyclops is an optional frontend that helps to manage alerts and data from Cyphon in real time. This product is under a different license than Cyphon, found here. Make sure to take a quick look over it before using Cyclops in your use case.

Cyclops is configured with the conf.py file in the Cyphon settings:

CYCLOPS = {
    'ENABLED': True,
    'MAPBOX_ACCESS_TOKEN': '',
    'DEVELOPMENT_ENABLED': False,
    'DEVELOPMENT_URL': 'http://localhost:8080/',
}

The only thing to change in these settings is MAPBOX_ACCESS_TOKEN. This is required to show maps with locations and to get geolocation data. You can sign up for an access token here.

The next optional step would be to set up push notifications for Cyclops, which is explained in Cyphon’s documentation.

Nginx

Settings for the Nginx web server are in the ./config/nginx/nginx.conf file. You can use the default settings if you like. See Nginx Configurations for more info.

Logstash

Cyphon receives data from logs using Logstash and RabbitMQ. Logstash receives the logs and passes them to RabbitMQ, where Cyphon consumes them.

To configure Logstash, you can use the example configuration files in ./config/logstash. See Logstash Configurations for more info. The Docker Compose files are already configured to create a Logstash container based on these configs.

Warning

If you changed the RabbitMQ settings in the cyphon.env file, you will need to make sure your logstash.conf file reflects those changes.

Elasticsearch

Settings for the Elasticsearch search engine are in the ./config/elasticsearch/ folder. You can use the default settings if you like. See Elasticsearch Configurations for more info.