Project Setup¶
Installation¶
To install your Cyphon project, first download the Cyphondock Git repository. For this example, we’ll clone it into the /opt/cyphon
directory:
$ git clone https://github.com/dunbarcyber/cyphondock.git /opt/cyphon/cyphondock
Configuration¶
Generic settings for the project are contained in the ./config-COPYME
directory. Copy this directory to a new directory called config
, which
will be used by your project instance:
$ cd /opt/cyphon/cyphondock/
$ cp -R config-COPYME config
The config
directory contains settings for:
Environment Variables¶
The ./config/env/cyphon.env
file contains default settings for
superusers created for various services. Use a text editor to
change the usernames and passwords to more secure options.
You can read more about environment variables in Docker’s documentation.
Django¶
Cyphon’s backend is based on the Django web framework. Settings for the
Cyphon Django project are found in the ./config/cyphon/settings
directory.
The conf.py
file contains settings specific to your Cyphon instance.
Using your favorite text editor, edit the conf.py
file with the IP
address and/or domain name for your host machine:
HOST_SETTINGS = {
'ALLOWED_HOSTS': ['example.com', '127.0.0.1'],
'CORS_ORIGIN_WHITELIST': ['example.com', '127.0.0.1'],
}
You should also change the Django SECRET_KEY
to something unique.
You can generate one here.
The base.py
, dev.py
, and prod.py
files contain more general
settings for Django and other third party apps used by Cyphon. At a
minimum, you should configure the BASE_URL
setting in the dev.py
and prod.py
files. See Cyphon Configurations for more info.
Cyclops¶
Cyclops is an optional frontend that helps to manage alerts and data from Cyphon in real time. This product is under a different license than Cyphon, found here. Make sure to take a quick look over it before using Cyclops in your use case.
Cyclops is configured with the conf.py
file in the Cyphon settings:
CYCLOPS = {
'ENABLED': True,
'MAPBOX_ACCESS_TOKEN': '',
'DEVELOPMENT_ENABLED': False,
'DEVELOPMENT_URL': 'http://localhost:8080/',
}
The only thing to change in these settings is MAPBOX_ACCESS_TOKEN
.
This is required to show maps with locations and to get geolocation data.
You can sign up for an access token
here.
The next optional step would be to set up push notifications for Cyclops, which is explained in Cyphon’s documentation.
Nginx¶
Settings for the Nginx web server are in the ./config/nginx/nginx.conf
file. You can use the default settings if you like. See Nginx Configurations for more info.
Logstash¶
Cyphon receives data from logs using Logstash and RabbitMQ. Logstash receives the logs and passes them to RabbitMQ, where Cyphon consumes them.
To configure Logstash, you can use the example configuration files in ./config/logstash
. See Logstash Configurations for more info. The Docker Compose files are already configured to create a Logstash container based on these configs.
Warning
If you changed the RabbitMQ settings in the cyphon.env
file, you will need to make sure your logstash.conf
file reflects those changes.
Elasticsearch¶
Settings for the Elasticsearch search engine are in the ./config/elasticsearch/
folder. You can use the default settings if you like. See Elasticsearch Configurations for more info.