saior2022 17:08, Prerequisites Menu Prerequisites ‘+ The Linux server where you install the node must meet the following requirements: Any of the following: Ubuntu 16.04 or 18.04 or 20.04 © Centos 8.0-81 For Centos 8.0 or 81, see below for additional setup steps. Operating © Red Hat 8.0-8.3, Red Hat 8.5 system For Red Hat 8.0-8.3 or Red Hat 8.5, see below for ad steps. © Amazon Linux 2 © SUSE Linux versions 12.2 through 12.5 RAM At least 32GB. At least eight VCPUs. hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml 18saior2022 17:08, Prerequisites Menu @ Note CPUs The CPU must support the AVX instruction set. To verify, issue this command and check that the response shows that the AVX CPU flag is available on the machine: cat /proc/epuinfo | grep flags | head -n 1 | grep avx Disktype SSD, not HDD. At least 500 GB available. @ Note ‘The partition must be ext4, if t is xfs then make sure the ftype=1 parameter is passed during format, for example: Disk space nkfs.xfs =n Ftypeed /nount-point Also: The underlying /mnt folder must exist and have at least 500 GB available. The /tmp folder must oxist and have at least 30 GB available. If you do net specify the /mnt folder during the installation, the /var folder must exist and have at least 15 GB available. Disk The disk must have a minimum transfer rate of SOMB/s, performance ‘+ For installation on Centos 8.0 or 81, or Red Hat 7.9 to 8.3, perform this procedure before installation: hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml 216saior2022 17:08, Prerequisites 1 Modify the file ete/selinux/config and set setmm Menu 2 Reboot the machine. + Each pod must be set up with outbound Internet connectivity enabled in order to: © Register to the appropriate user account in the Securiti cloud © Fetch updates from the Securiti cloud © Transfer detections, reporting data, and analytics information to the Securiti cloud + For multiple nodes, the servers must have different hostnames. ‘+ NTP service must be configured, verify /ete/ntp.conf for server address. ‘+ For automated installation, VMWare ESXi VXLAN on Port 8472 must not be configured, ‘+ The firewalld process must not running, or if tis running, add the following configuration: frewall-cnd --z0n rusted --add-source-10.244, 1/16 --permanent # pod subnet Frewall-cnd --z0n usted --add-source=10.100.0.0/16 --permanent # service subnet Firewall-end ~-zonestrusted le eth An trusted zone so nodes add-interfaceseth@ --persanent # en: ‘can connunicate firewall-cnd --z0n usted --add-masquerade --permanent # masquerading so packets can be routed back Firewall-cnd --reload systonctl restart firewalld ‘+ You must configure a valid DNS in /ete/resolv.conf, and not a loopback address such as 127.0: + If your IT policies block direct internet access, edit the applicable environmental variables in /etc/environment as shown in the samples below: © nttp_proxy=10.151.20.176:3128 (sample) 151.20.176:3128 (sample) © nttps_prony © ne_proxy=0.0.0.6/0, local (enter exactly as shown) hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml 316saior2022 17:08, Prerequisites + In the case of intercepting proxy addresses, install a CA cert as shown below: Menu openssl x5@9 -outform der -in CERTIFICATE.pem -out CERTIFICATE.crt (convert pem to crt) centos cp CERTIFICATE.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust ubuntu sudo cp CERTIFICATE.crt /usr/local/share/ca-certificate sudo update-ca-certificates + To check whether both the required URLs are accessible on your end, enter these commands: curl https://privact-registry.s3.us-west-2.amazonaws.con ‘curl https://shost> Where is: © US cloud: app.securiti.ai © EU cloud: ‘app.eu.securiti.ai | After you complete the URL checks, whitelist the following URLs. Use the set appropriate for your location: © For the US cloud: = app.securiti.ai, port 443 = packages.securiti.ai, port 443 ‘= ssm.us-west-2.amazonaws.com, port 443 = privaci-registry.s3.us-west-2.amazonaws.com, port 443 = prod-us-west-2-starport-layer-bucket.s3.us-west-2.amazonaws.com, port 443, © For the EU cloud: = app.cu.securiti.ai. port 443 = packages.securitiai, port 443 ‘= ssm.eu-west-.amazonaws.com, port 443 = privaci-eu-registry.s3.eu-west-1.amazonaws.com, port 443 = prod-eu-west-t-starport-layer-bucket.s3.eu-west-1.amazonaws.com, port 443 hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml 48saior2022 17:08, Prerequisites + The following ports on the machine or VM where you install the pod must be open within your network, and must not be used by any other MIRAUS. However, pods use them only for intra-pod and intra-node communication, so they do not have to be open to the internet. 83 2379, 2380, 4001, 7001 3008-3012 3012 3022-3025 3080 5000 6aa3 7373, 7496 7575 8472 10248 - 10250, 10255 30000 - 32767 31000, 31001 32009 hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml Protocol TCP and UDP HTTPS HTTPS HTTPS SSH HTTPS HTTPS HTTPS Top Top VXLAN (UDP encapsul HTTPS HTTPS (depends on the services deployed) HTTPS HTTPS Description Internal cluster DNS Internal cloud pod deployment services Internal cloud pod deployment RPC agent Teleport internal SSH control panel Teleport Web UI Docker registry Pod container API server Serf (Health check agents) peer to peer Cluster status gRPC API Overlay network Pod container components Pod container internal services range Ranger API Server ports Internal cloud pod deployment cluster & hub control panel UL 56saior2022 17:08, Prerequisites After ensuring that your system meets these requirements, proceed to Installing a podlinstalling Menu pod.html). Last modified: 23 de jun. de 2022 hitpssidocs.securtalimodulestapplancessen/applances-target/prerequsites.ntml 65