Articles in this section

Install a specific Skyformation version on Linux Machine

Avatar
Shira Ben-dor
  • Updated
Follow

Prerequisites

- Complete the tasks detailed at:
  SkyFormation Platform Prerequisites 

- Make sure you have your SkyFormation license key  

NOTE: this is applicable only for release 2.4.140 or later. 

Steps

Note: the command uses "screen" in order to run the script in a separate process, such that if the session disconnects it will not disrupt the script's progress. If screen in not installed on the host, it is recommended that it is installed beforehand. If it is not possible to install screen, remove the word screen from the command; keep in mind that any disruption to the session will result in corrupt installation, and a manual restoration to a working state will be required.

a. Running the installation 

    SSH into the SkyFormation dedicated Linux machine with a "sudo"er account

    Use -v=*requested version* parameter to run the SkyFormation installation with a specific SW version

command to use if you have no proxy

curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo screen ./preinstall.sh -v=*version* && rm preinstall.sh

command to use if you are running behind a proxy

curl -x https://proxyserver:8080 -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo screen ./preinstall.sh -v=*version* && rm preinstall.sh

Note: if you have an authenticated proxy, and you have special characters in your username or password, you need to send them the curl -x parameter and the skyformation installation script in url-encoded format.

You may use the following command line on your terminal to see the encoded format of your user and password (in this example the password is ab$#^%cd, replace it with yours):

   curl -s -o /dev/null -w %{url_effective} --get --data-urlencode 'ab$#^%cd' "" | cut -c 3-
   
    the result on the screen is the encoded password, in this case :

    ab%24%23%5E%25cd

 

Optional Parameters

You can set up the integration user for skyformation open-api usage during the installation. To do so, you can use the following optional parameters:

-u=inetgration-user-name

-p=integration-user-password

-r=integration-user-role (the only valid value is "integration-admin". If you're setting a regular , non-admin integration user don't use this parameter).

Example Commands:

command to use if you have no proxy

curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -v=*version* -u=myintegrationuser -p=myintegerationuserpassword -r=integration-admin&& rm preinstall.sh

command to use if you are running behind a proxy

curl -x https://proxyserver:8080 -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -v=*version* -u=myintegrationuser -p=myintegerationuserpassword -r=integration-admin && rm preinstall.sh

url-encoded format applies here as well to the proxy user and password, in case they contain special characters.

 

b. Insert the following parameters when asked (highlighted in green below): 

curl -L https://download.skyformation.net/v2/download/installer/edge/pre-install.sh > preinstall.sh && chmod +x preinstall.sh && sudo ./preinstall.sh -d=exabeam && rm preinstall.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1469  100  1469    0     0   3981      0 --:--:-- --:--:-- --:--:--  3981
Proxy server (full with schema, host and port, i.e. https://myproxy.corp.com:8080 ; if the proxy requires auth also put credentials i.e. https://myuser:mypwd@myproxy.corp.com:8080) []: 

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6476  100  6476    0     0  33729      0 --:--:-- --:--:-- --:--:-- 33729
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 25733  100 25733    0     0  91903      0 --:--:-- --:--:-- --:--:-- 91576
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   473  100   473    0     0   3032      0 --:--:-- --:--:-- --:--:--  3032
License key:     

Application port [8443]: 

Testing license key...
License is valid
 

   >> Proxy server [] :   
      Default is no proxy in use. Press enter if no proxy is in use.
      If you are running behind a proxy insert the proxy DNS and port (e.g. proxyserver:8080). If the              proxy requires auth also put credentials i.e. https://myuser:mypwd@myproxy.corp.com:8080)

      url-encoded format applies here as well to the proxy user and password, in case they contain                special characters.

>> License key:   
      Insert your SkyFormation app license key provided by SkyFormation

>> Application port [8443]: 
     Port used by the SkyFormation web app. Enter for default 8443

You should see the two lines (as in the above diagram):
>> Testing license key
>> License key is valid

Installation is completed successfully and SkyFormation app is running when you see the following output lines:

Starting the compose service...
Compose service is up
==> Done!

 

c. Verify that the SkyFormation web app is accessible

    Open your Chrome browser and enter the SkyFormation webapp URL as followed:
    https://<skyformationserver>:8443

    You will see a screen asking you to approve the SkyFormation web app certificate in use

skyformation_webapp_access_untrusted_cert_approval.png

 

  • Press on "ADVANCED" link and then in the expanded part on "Proceed to ..."
    (see the screenshot above)
  • Insert in the SkyFormation login screen the default user & password
    (see the screenshot below)

         Default User: sk4admin
         Advise CS for the default password; IT IS HIGHLY RECOMMENDED TO REPLACE IT AFTER INSTALLATIONS

         skyformation_login_page.png

 

WARNING:
    Leaving the default password is a security risk. Please change to a secure one using the link:
    How to replace/rest the SkyFormation password

 

If you see the SkyFormation app 'License" page as seen below your SkyFormation app installation was completed successfully.

d. Activate your SkyFormation app license

  • Review and accept the SkyFormation End User License Agreement (EULA) by pressing
    "I Agree"
    (see the screenshot below) 

accept_the_skyformation_eula.png

  • Put the SkyFormation app license key provided to you at the "License Key" text box

        If the license is valid you will see "OK, The license is valid" as seen below

inserting_the_skyformation_license_key_and_verify_accepted.png

 

  • Press "SAVE & CONTINUE"

skyformation_license_save_bottom.png

 

e. Choose SINGLE-TENANT

    SkyFormation app could run in either a "single-tenant" or "Multi-tenant" mode.
    SkyFormation for Exabeam should run in the "single-tenant" mode which allows integration with
    one SIEM (Exabeam SIEM/aa) as the target system to get the SkyFormation events at.

    Each cloud connector added will automatically be attached to the single default tenant in this
    mode making sure the entire cloud connectors events will be send to Exabeam machine.

    skyformation_single_or_multi_tenant_mode.png

    

  • Press "SAVE & FINISH"

 

    skyformation_tenant_mode_save_bottom.png

 

e. Integrate Exabeam SIEM/AA  

    To do that you will need to add a SIEM in SkyFormation app and configure it to be the
    Exabeam machine.

    Please follow the steps described at:
    Adding a SIEM to SkyFormation

    Make sure you see in Exabeam the test event sent from SkyFormation.

DONE 

Related articles

Comments

0 comments

Please sign in to leave a comment.