snooss - Security Network Operations powered by Open Source Software

Please use this documentation to setup a single host snooss system running all components on one node (for testing or demo purposes) or the "master-01" node of a distributed setup.

A single host/single node system is NOT recommended to be used for a productive solution.

General requirements

The setup process is described below.

Ubuntu 22.04.x LTS Server 64-bit

Ubuntu Installation

salt based setup via 1s2t3sm

# login as user snooss at snooss-customer-0
sudo su -
apt-get update
apt-get -y upgrade
apt-get autoremove

# install salt-minion
cd /tmp
curl -L -o
sh -P

# if problems occur during installation of salt try:
# Download key
# curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg
# Create apt sources list file
# echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] jammy main" | tee /etc/apt/sources.list.d/salt.list
# afterwards repeat as mentioned above

hostname > /etc/salt/minion_id
echo "master:" > /etc/salt/minion.d/master.conf
echo "saltenv: snooss" > /etc/salt/minion.d/environment.conf

# now reach out to oneStep2 to accept your salt minion key

# as soon as the key was accepted try to ping via salt the 1s2t3sm salt master
# login as user snooss at snooss-customer-0
sudo su -
# you should receive a "True", if not your key was not yet accepted

# highstate your system by calling 1s2t3sm via salt 
salt-call state.highstate
# verify afterwards if all states were applied successfully
# if not: repeat the state.highstate and/or solve the problem causing states to fail

# finally reboot

Initial git clone and download (already built base containers)

# ssh as user snooss
cd /opt 
sudo mkdir snooss
sudo chown snooss.snooss snooss
cd /opt/ && git clone snooss
cd /opt/ && git -c http.sslVerify=false clone snooss
# git config http.sslVerify false -> if your infrastructure inspects outbound ssl

cd /opt/snooss
git config --global credential.helper store
git pull
docker login

# name resolution
# make sure your local ip address can be resolved to your hostname
# this can be done via dns or /etc/hosts
# if you're using /etc/hosts add an entry like " snooss-customer-0" to /etc/hosts

# create an architecture based docker-compose.yml and 
# setup a default initialized system by running

# finally stop everything and reboot
sudo reboot