Install LogRhythm NDR

Install Ubuntu 

1. Download the Ubuntu Server 20.04.06 LTS (Focal Fossa) ISO file, available here.

2. Write the ISO file to a USB stick.
   

   • For Windows instructions, see Create a bootable USB stick on Windows.

   • For macOS instructions, see Create a bootable USB stick on macOS.

3. Boot the appliance with the USB stick inserted and install Ubuntu. For instructions, see Install Ubuntu Server.

   When entering the hostname of the server, exclude the . character from the name.

   
   

4. Once Ubuntu is installed, you can configure the partition tables.

Configure the Partition Tables

The following steps are the same for all node types. The only difference is for the space available. 

This example is for a NS7500 5GB node.

Create the /opt  and /data Partitions

1. Find the list of disks: 

   sudo lvmdiskscan |grep -v ram
   

   
   

   In this example, we had /dev/sda for the OS and /dev/sdb for the partitions.
   

   
   

2. Create the physical volume:

   sudo pvcreate /dev/sdb
   

   
   

3. Create the volume groups:

   sudo vgcreate vg-opt /dev/sdb
   

   
   

4. Create the logical volume:
   Depending on the type of node, replace the values of the sizes.

   sudo lvcreate -L 16T -n lv-opt vg-opt
   sudo lvcreate -L 5T -n lv-data vg-opt
   

   
   

5. View the volume groups:

   sudo lvdisplay
   

   
   

6. List mapper names:

   sudo ls /dev/mapper/
   

   
   

   control  vg--opt-lv--data  vg--opt-lv--opt
   

   
   

7. Create the filesystem:

   sudo mkfs.ext4 /dev/mapper/vg--opt-lv--opt
   sudo mkfs.ext4 /dev/mapper/vg--opt-lv--data
   

   
   

8. Add the partitions to fstab:

   sudo echo "/dev/mapper/vg--opt-lv--opt /opt ext4 defaults 1 1 " >> /etc/fstab
   sudo echo "/dev/mapper/vg--opt-lv--data /data ext4 defaults 1 1 " >> /etc/fstab
   

   
   

9. Make the data directory (opt will already exist):

   sudo mkdir /data
   

   
   

10. Mount the filesystem:

    sudo mount -a
    

    
    

Configure the Network Interfaces

Install the Networking Service

1. Install lfupdown (networking service):

   sudo apt-get install -y ifupdown
   

   
   

Set Up the Configuration File for the Networking Service

1. Configure your /etc/network/interfaces file:

   sudo vi /etc/network/interfaces
   

   
   

2. Insert the following lines. Replace ens1, ens2, and ens4 with the names of your interfaces.

   source /etc/network/interfaces.d/*
   # The loopback network interface
   auto lo
   iface lo inet loopback
   
   # mistnet management interface
   auto ens1
   iface ens1 inet static 
       address <Management-ip>
       netmask <Management-SubNet-Mask>
       gateway <Management-Default-Gateway-IP>
   
   # mistnet fabric/interconnect interface
   auto ens2
   iface ens2 inet static
       address <fabric-ip-0>
       netmask <fabric-mask>
   
   # mistnet traffic interface-1
   auto ens4
   iface ens4 inet manual
   iface ens4 inet6 manual
       up ifconfig $IFACE -arp up
       up ip link set $IFACE promisc on
       down ip link set $IFACE promisc off
       down ifconfig $IFACE down
       post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
   

   
   

3. Switch the Management IP from Netplan to Networking. LogRhythm recommends using iDRAC for taking down the Management interface and bringing it back up by using the following ifdown/ifup command:

   sudo ifdown --force ens1 lo && ifup -a
   

   
   

4. Enable the networking service:

   sudo systemctl unmask networking
   sudo systemctl enable networking
   sudo systemctl restart networking
   

   
   

Set Up the DNS Configuration

1. Edit the file named /etc/systemd/resolved.conf and add the DNS server IPs with the following syntax (replace with your DNS server IPs):
   

   DNS=8.8.8.8 9.9.9.9

2. Restart the systemd-resolved service:

   sudo systemctl restart systemd-resolved
   

   
   

Disable and Uninstall the Netplan Appliances

1. Stop, disable and mask the systemd.networkd service:

   sudo systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
   sudo systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
   sudo systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
   

   
   

2. Remove the netplan service:

   sudo apt-get --assume-yes purge nplan netplan.io
   

   
   

Reboot the Appliance

Reboot the appliance to verify the configuration is correct and permanent.

1. Reboot the server:

   sudo systemctl --force reboot
   

   
   

2. Once the server has rebooted, check the network interfaces to verify they are up and have saved the configuration changes:
   

   ifconfig
   

   
   

Install Salt Minion

1. Create directory for apt keyrings:

   mkdir /etc/apt/keyrings
   

   
   

2. Get public key:

   sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
   echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee /etc/apt/sources.list.d/salt.list
   

   
   

3. Install salt minion service on the server:

   sudo apt install salt-minion
   

   
   

4. Modify the configuration file to point to the salt master IP address obtained via the SRE team:

   sudo vi /etc/salt/minion
   

   
   

5. Restart the salt minion service:
   

   sudo systemctl restart salt-minion
   

   
   

6. Check the salt minion service status by using the following command and look for "running" and "salt master has cached the public key for this node":
   

   sudo systemctl status salt-minion