Securonix Hub (Legacy)

The Securonix Hub is Securonix’s new ingestion agent that replaces the existing Remote Ingestion Node (RIN). If the .tar file you received from us contains “SecuronixHubAgent”, use the follow documentation to install the software.

Customers can set up their own Hubs using a VM/hardware or purchase a Hub appliance from SolCyber.

Server Recommendation #

The following table describes Securonix Hub sizing recommendations:

Recommendation	<5,000 EPS	5k to 30k EPS
CPU Cores	2	4
RAM	8 GB	16 GB
Disk (/Securonix)	200 GB	820 GB

Note: For a system to support large number of TCP connections, irrespective of the EPS, 10 GB NIC is recommended

Prerequisites #

Ensure that the following prerequisites are met before you install the Securonix Hub:

Server Requirements: The Hub servers can be physical servers or virtual machines.
Firewall Configuration: The firewall ports must be open for the Hub server to communicate with SNYPR.
General Requirement: The network validation utility must be installed and SELinux must be permissive.
Root Permission: The Hub installation requires a non-root user account with sudo permission to install the Linux services.

The following table describes the prerequisites:

Server	Operating System	Ubuntu 20/22, Red Hat 7.x/8.x/9.x, or Amazon Linux 2 operating system server.
Server	Data Retention on the RIN	4 days
Firewall Ports	SNYPR Console	Outbound port 443 must be open.
Firewall Ports	KAFKA Brokers	Outbound port 9093 must be open.
Firewall Ports	RIN Syslog sources	SolCyber will instruct you as to which ports will be in use for data ingestion. Note: Use TCP for Syslog sources to improve the reliability of data transfer.
General	Network Validation Utility	`tcptraceroute` must be installed.
General	Access to the Temp folder	Customer has to provide access to the tmp folder where Securonix Hub installer will be extracted. The tmp folder must have 4 GB of space for the installer. Note: The installation fails if the temp folder does not have 4 GB of space.

Create the “securonix” User #

When creating the Securonix user, be sure to use all lowercase letters for the username. In our example, the directory is created with an uppercase S but the user is all lowercase.

```
sudo su
```

plaintext

adduser securonix
```text

If an error message is returned reporting that the user already exists, just proceed.

Execute the following command to set the password for the user:
plaintext
```
passwd securonix
```text
```
Enter and confirm the password of your choice as the user password. Ensure this password is appropriate for your environment and other administrators to access if needed.
Run the following command to assign privileges to this user:
plaintext
```
usermod -aG wheel securonix
```text
```

Create Securonix Installation Directory #

```
sudo mkdir /Securonix
```

plaintext

sudo chown -R securonix:securonix /Securonix

Confirm SE Linux Mode #

Execute the following command to check the current mode:
plaintext
```
getenforce
```
Confirm that permissive is the returned mode. If not, to set the system to permissive, which allows active audits to continue as well as expected Hub functionality permanently, modify the following configuration file:
Edit the SELinux config to permanently set the mode to permissive:
plaintext
```
vi /etc/selinux/config
```
Change the SELINUX value to “SELINUX=permissive” and save the file.

Installation#

Extract RIN Installation Files #

Upload the Hub software to the Hub server and move it to the /Securonix directory
Confirm the contents of the /Securonix folder:
plaintext
```
ls /Securonix
```
Go to the /Securonix folder:
plaintext
```
cd /Securonix
```
Extract the contents of the ub package:
plaintext
```
tar -xvf SNYPR-Ingester-XXXX.tgz
```
Run the following command to change the permissions of the extracted files:
plaintext
```
chown -R securonix:securonix /Securonix
```
Assume the Securonix login by running the following command:
plaintext
```
su securonix
```
We already changed folders in an earlier step, so you can now list permissions by running the following command:
plaintext
```
ls -lrth
```
The content listed should specify ownership by Securonix by showing securonix securonix right before the file size.
Go to the folder that was extracted earlier with the following command:
plaintext
```
cd /Securonix/axxxxxx-XXXX/RIN
```
Run the following command to add executable permissions on the script:
plaintext
```
chmod u+x SecuronixHub.bin
```

Run Pre-Check Script #

Confirm prerequisites have been met with the following script:
plaintext
```
sh validation.sh pre-check
```
Review the script output for completions and failures. If a failure occurs, the script will provide a command to resolve the condition.

Validate the Installation Configuration #

Execute the following command to validate the installation configuration:
plaintext
```
sh validation.sh prepare-to-install
```
When the system prompts for the ingester installation path, enter the following:
plaintext
```
/Securonix
```
Press Enter to start the validation script.
When prompted for a password, enter your password.
At this stage, the installer validates the connection details. If the connection is unsuccessful the system generates an error and provides a command to resolve the condition.
Confirm that the last line of the message above the command prompt reads as follows:
>Info: To Install Securonix Hub Agent, please execute the command as securonix user.

Installing the Securonix Hub Agent #

Execute the following command to complete the installation of the RIN:
plaintext
```
./SecuronixHub.bin
```
Verify one of the two messages below are included in the results of the installation attempt:
- While a message stating “The Installation of Ingester is complete.” is expected, an additional message may also be displayed.
- You may receive what appears to be an error message stating: “Cannot run program “/bin/sh”: error=0, Failed to exec spawn helper….” This is a known condition and currently does not impact functionality.
If the system returns others errors, refer Troubleshooting the Securonix Hub Agent.

Performing Post Installation Procedures #

Execute the following command, to confirm that the RIN installation was completed successfully:

plaintext

sh validation.sh post-check

If the connection is unsuccessful, the system generates an error. Refer to Troubleshooting the Securonix Hub Agent for any error not covered in this section.

To avoid disk utilization issues in the future, let’s make sure we have the right scheduled tasks. Run the following commands as the securonix user:

crontab -l

**Make sure the asterisk in enclosed in double quotes.**

Resolving Bash_profile Condition #

A common problem in the lab environment is an error condition with regards to the environmental variable not being set by the installer. The error message may read “ERROR: INGESTER_HOME environment variable not set.

Please set it in bash_profile of securonix user and then source ~/.bash_profile”

Run the following command, to resolve this issue:
plaintext
```
source /home/securonix/.bash_profile
```
Next, re-run the validation command:
plaintext
```
sh validation.sh post-check
```
The expected condition of this message is that Ingester service is not running and will need to be started. Continue with the steps below to start services.
To change to root and start services to confirm that the installation was completed correctly, run the following command:
plaintext
```
exit
```
As root, run the following commands to manually start the services. Select option 2 for each or running as securonix if prompted:
Start, Stop, Restart and Status of the services (gateway, ingester, syslog-ng) will work correctly without .service in the command as well.
plaintext
```
systemctl start scnx-ingester.service
```
plaintext
```
systemctl start scnx-gateway.service
```
plaintext
```
systemctl start scnx-syslog-ng.service
```