Prerequisites

Prerequisites for Nybble installation on CentOS 7.

Install EPEL repo

EPEL repo is mandatory to install redis for MISP and DNS cache.

sudo yum update
sudo yum install epel-release

Install Java

sudo yum install java-11-openjdk-devel
# Check installation
java -version

If multiple version of Java are installed on the server, you can change version used by default with :

sudo alternatives --config java

Set JAVA_HOME environment variable :

export JAVA_HOME=/usr/lib/jvm/$Your_Java_Version

JAVA_HOME Environment variable must be set. It will be use by Nybble installation script to create a profile script and permanently set the environment variable.

Disable swap

sudo swapoff -a

To permanently disable swap, comment the swap line in fstab file :

sudo vi /etc/fstab
#UUID=871908ba-890a-4a9a-9b93-f471629d2940 swap swap defaults,noatime 0 0

Modify limits

Modify the limits.conf file and add the following lines at the end:

sudo vi /etc/security/limits.conf
nybble soft nproc 65535
nybble hard nproc 65535
nybble soft nofile 65535
nybble hard nofile 65535

Modify the sysctl.conf and add the following line :

sudo vi /etc/sysctl.conf
fs.file-max = 100000

Firewall ports

Open firewall ports for Kafka consumer, to reach MISP and TheHive APIs, for Flink frontend and RPC connection and to send logs to Elasticsearch :

# Kafka
sudo firewall-cmd --zone=public --permanent --add-port=9092/tcp # 9093 if TLS is used.
# TheHive, MISP
sudo firewall-cmd --zone=public --permanent --add-port=9000/tcp
sudo firewall-cmd --zone=public --permanent --add-service=https
# Flink Frontend, RPC
sudo firewall-cmd --zone=public --permanent --add-port=8081/tcp
sudo firewall-cmd --zone=public --permanent --add-port=6123/tcp
# Elasticsearch
sudo firewall-cmd --zone=public --permanent --add-port=9200/tcp
# Apply configuration
sudo firewall-cmd --reload