Build Apache Metron single node without Docker, Ansible – Part #1

Apache Metron provides a scalable advanced security analytics framework built with the Hadoop Community evolving from the Cisco OpenSOC Project. A cyber security application framework that provides organizations the ability to detect cyber anomalies and enable organizations to rapidly respond to identified anomalies.

Introduction

We will be installing Metron 0.7.2 with HDP 2.5 on CentOS 7. We will also install MySQL as a database for Metron REST. Additionally, we’ll also install Apache NiFi.
I installed Metron in a test environment with 4 VMs to try it out as well as a single node. I’ll try to write this guide so that the necessary steps can easily be adapted for other environments.

Environment(by Apache)

  • Single node: 8 CPUs, 32GB RAM.
  • Multiple nodes:
  • 4 VMs, 4 CPUs per VM and 16 GB RAM per VM.
  • Hosts:
    10.10.10.1 node1
    10.10.10.2 node2
    10.10.10.3 node3
    10.10.10.4 node4
  • My guide use one host: 1 VMs, 4 CPUs and 8~16 GB RAM

Prerequisites

  • CentOS 7 (Centos 7 support devtoolset-7-gcc-c++ for gcc to build metron now)
  • Add the epel repository and update your system
     
yum install epel-release -y
yum update -y

And then install some packages:

yum install -y tar wget java-1.8.0-openjdk java-1.8.0-openjdk-devel zlib-dev openssl-devel sqlite-devel bzip2-devel libffi-devel
yum groupinstall -y "Development tools"

Install c++:

yum install -y centos-release-scl
yum install -y devtoolset-7-gcc-c++ devtoolset-7-gcc

Install python 2.7

yum install -y python2 python2-devel

After, we download and install maven 3.6.3:

wget http://apache.cs.utah.edu/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
tar xzvf apache-maven-3.6.3-bin.tar.gz
mv apache-maven-3.6.3 /opt/maven
ln -s /opt/maven/bin/mvn /usr/bin/mvn

Install rpm tools to build metron RPMS

yum install -y asciidoc rpm-build rpm2cpio tar unzip xmlto zip rpmlint make
# Enable gcc-g++
touch /root/.bashrc
echo '/opt/rh/devtoolset-7/enable' >> /root/.bashrc

Install NodeJs

curl --silent --location https://rpm.nodesource.com/setup_12.x | bash -
yum install -y nodejs

Done, all requirement tools are installed. Go to github and get Metron:

git clone https://github.com/apache/metron.git
cd metron
# Build Metron(Internet require)
mvn clean install -DskipTests
cd metron-deployment/packaging/docker/rpm-docker
mvn clean install -DskipTests -PHDP-2.5.0.0

If you build failed on metron-config, go to metron-config folder and run mvn command again with “-X” to debug
Go to part #2 to install.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: