Installation on a Linux system
To create an integration server on a Linux® system, install the Resilient® Circuits framework which includes its dependent modules.
Downloading Resilient Circuits (offline only)
If your integration server is not connected to the Internet, follow this procedure to download the Resilient Circuits package.
If your integration server is online, see Installing Resilient Circuits for instructions on how to download the package by using the pip installation procedure.
On the online computer, follow these steps to create the .tar.gz file of the required dependencies.
- Create a new virtual environment.
- Upgrade pip and the setup tools.
pip3 install -U pip setuptools - Install the python library.
pip3 install resilient-circuits - Make a directory for the downloads and change into it.
- Create the requirements.txt
file.
pip3 freeze > requirements.txt - Download all requirements into the current
directory.
pip3 download -r requirements.txt - Compress the
wheels.
tar czf resilient-circuits-offline.tar.gz resilient-circuits-offline
Install the Resilient Circuits package on the offline server.
- Copy the .tar.gz file that you created earlier to the offline computer.
- Extract it and change into the directory that is created by the extraction process.
- Run this command to install the
requirements.
pip3 install --no-index --find-links . -r requirements.txt
Installing Resilient Circuits
You install and configure Resilient Circuits as the integration user.
Install and configure the Resilient Circuits framework as follows:
- Use SSH to access the command line interface on the integration server.
- If you do not have an OS user for the service, create one now. To create an OS user called integration on RHEL Linux, use the following command:
sudo adduser integration --home /home/integrationOnce created, use the following command to assign a password:sudo passwd integration - As the root user, install Resilient Circuits using the following command. This command also installs its dependent modules.
pip3 install --upgrade resilient-circuits - Verify that the Python modules, resilient and resilient-circuits, are installed.
pip3 list - Auto-generate the app.config file as follows. This creates a directory, .resilient, in your home directory with a file in it called app.config, which is the default and preferred option. The Resilient Circuits configurations are maintained in the app.config file.
The output of the command shows the directory where it installed the config file. By default, this directory is:resilient-circuits config -c
If you require the configuration file to be in a different location or have a different name, you need to store the full path to the environment variable, APP_CONFIG_FILE./home/integration/.resilient/app.configresilient-circuits config -c /path/to/<filename>.config - Open the app.config file in your text editor. If using vi, the command would be:
vi /home/integration/.resilient/app.config - Replace the contents with the following settings. Your actual path names may be different.
[resilient] host=localhost port=443 email=resilient_account@example.com password=ResilientPassword org=Dev # componentsdir=/home/resadmin/.resilient/components logdir=/home/resadmin/.resilient logfile=app.log loglevel=INFOFor authentication, determine if you are using a user account or API key account then enter the actual email and password, or api_key_id and api_key_secret, but not both. See Editing the configuration file for a details.
Use the actual SOAR organization name for the org name.
See Editing the configuration file for a detailed description of all the app.config settings, especially cafile if your SOAR Platform does not have a valid certificate.
- Save the file.
- Test your installation by running the following command:
Resilient Circuits starts, loads its components, and continues to run until interrupted. If it stops immediately with an error message, check your configuration values and retry.resilient-circuits run
You are ready to download and deploy app packages.
Configuring Resilient Circuits for restart
For normal operation, Resilient Circuits must run continuously. The recommend way to do
this is to configure it to automatically run at startup. On a RHEL system, this is done using a
systemd unit files to define services. The configuration file defines the following properties:
- OS user account to use.
- Directory from where it should run.
- Any required environment variables.
- Command to run the apps, such as resilient-circuits run.
- Dependencies.
You may need to change the paths to your working directory and app.config.
- The unit file must be named resilient_circuits.service. To create the file, enter the following
command:
sudo vi /etc/systemd/system/resilient_circuits.service - Add the following contents to the file and change as necessary:
[Unit] Description=Resilient-Circuits Service [Service] Type=simple User=integration WorkingDirectory=/home/integration ExecStart=/usr/local/bin/resilient-circuits run Restart=always TimeoutSec=10 Environment=APP_CONFIG_FILE=/home/integration/.resilient/app.config Environment=APP_LOCK_FILE=/home/integration/.resilient/resilient_circuits.lock [Install] WantedBy=multi-user.targetNOTE: If you are installing Resilient Circuits on the same system as the SOAR Platform (not recommended), you need to add the following lines in the [Unit] section after Description:[Unit] Description=Resilient-Circuits Service After=resilient.service Requires=resilient.service - Ensure that the service unit file is correctly permissioned, as
follows:
sudo chmod 664 /etc/systemd/system/resilient_circuits.service - Reload and enable the new
service:
sudo systemctl daemon-reload sudo systemctl enable resilient_circuits.service
You can use the systemctl command to manually start, stop, restart and return status on the
service:
sudo systemctl [start|stop|restart|status] resilient_circuitsYou can view log files for systemd and the resilient-circuits service using the journalctl
command, as
follows:
sudo journalctl -u resilient_circuits --since "2 hours ago"