Initial Setup

System Setup

Create the user:

adduser mozdef -d /opt/mozdef
mkdir /opt/mozdef/envs
chown -R mozdef:mozdef /opt/mozdef

Clone repository:

yum install -y git
su mozdef
cd ~/
git clone https://github.com/mozilla/MozDef.git /opt/mozdef/envs/mozdef

Python Setup

Setting up a Python 3.6 virtual environment (as root):

yum install -y epel-release
yum install -y python36 python36-devel python3-pip libcurl-devel gcc
pip3 install virtualenv
su mozdef
cd /opt/mozdef/envs
/usr/local/bin/virtualenv -p /bin/python3 /opt/mozdef/envs/python

Install MozDef python requirements (as mozdef user):

source /opt/mozdef/envs/python/bin/activate
cd /opt/mozdef/envs/mozdef
PYCURL_SSL_LIBRARY=nss pip install -r requirements.txt
mkdir /opt/mozdef/envs/mozdef/data

Syslog Setup

Copy over mozdef syslog file (as root):

cp /opt/mozdef/envs/mozdef/config/50-mozdef-filter.conf /etc/rsyslog.d/50-mozdef-filter.conf

Ensure log directory is created:

mkdir -p /var/log/mozdef/supervisord
chown -R mozdef:mozdef /var/log/mozdef

Restart rsyslog:

systemctl restart rsyslog