In this post we will be installing IntelMQ, IntelMQ API and IntelMQ Manager. We will be following the original guide provided by the developer.

A point to note is, I have initially tried to install the software on LXC system unfortunately I have failed when installing the system on to that platform then after couple of tries I have found that it was quite impossible to install and bring back up the system. I have then shifted to Ubuntu 20.04 system and found it to be working.

installation#

We will be using the package method to install into the system. We will use the following commands to enter data into the sources.list and install the packages. In some system curl command is not present, we will use the following command to install.

sudo apt update
sudo apt install curl gpg

Now we will add the following links into the sources.list so that we can directly pull packages

echo 'deb http://download.opensuse.org/repositories/home:/sebix:/intelmq/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/home:sebix:intelmq.list
curl -fsSL https://download.opensuse.org/repositories/home:sebix:intelmq/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_sebix_intelmq.gpg > /dev/null
sudo apt update
sudo apt install intelmq intelmq-api intelmq-manager -y

After downloading and installing the packages, it will ask for the IntelMQ API authentication.

211c182f2367c492ef40adc1f1cd4aca.png In this case we have used the username as user1 and pressed enter to continue. 8348d3ca7b077036fb4e8f1c10a99ee7.png Confirm the password. 198ec1d745d95321f76d097a9218a2c4.png Unless you know what you are doing, selecting Yes is the good idea. As of now we are installing a fresh system and have no previous data and the primary objective now is to bring up the system. 66da56655224b5afdea9d16350db9387.png

After all of the tasks has been completed we can now browse to the url provided below to access the intelmq-manager web interface to manage.

http://localhost/intelmq-manager/

If we browse, we will get the prompt as provided below: cec5ddb27701f62f1dcc34ca8a1eba33.png

Then we will have to login. The authentication is the username and password we have provided above. 7827fa1411376286c694fc2b0db4b536.png

Now navigate to the management page and enable the bots to see if everything is working or not. 45a8e61e50476b0f651756baa5f978e8.png

After the installation, we can see that another user was created called intelmq and details can be seen in passwd file.

intelmq:x:998:998:user running intelmq:/var/lib/intelmq/:/bin/bash

Please keep in mind that this user will be used to running the intelmq services and other codes so you will need to keep an eye open if you are using any file-system based collections.

conclusion#

Unfortunately, I have spent a significant time trying to install it into

references#

  1. https://intelmq.readthedocs.io/en/develop/
  2. https://software.opensuse.org/download.html?project=home:sebix:intelmq&package=intelmq