Installation

Please report any errors an suggest improvements at IntelMQ Issues. Thanks!

For upgrade instructions, see Upgrade instructions. For testing pre-releases see also Testing Pre-releases.

Following any one of the installation methods will setup the IntelMQ base. Some bots may have additional special dependencies which are mentioned in their own documentation.

The following installation methods are available:

  • native .deb/.rpm packages

  • Docker, with and without docker-compose

  • Python package from PyPI

  • From the git-repository, see Development Environment

Base Requirements

The following instructions assume the following requirements. Python versions >= 3.7 are supported.

Supported and recommended operating systems are:

  • Debian Debian 11 Bullseye, Debian 12 Bookworm

  • openSUSE Tumbleweed, Leap 15.5

  • Ubuntu: 20.04 Focal, 22.04 Jammy

  • For the Docker-installation: Docker Engine: 18.x and higher

Other distributions which are (most probably) supported include AlmaLinux, CentOS, Fedora, FreeBSD 12, RHEL and RockyLinux.

A short guide on hardware requirements can be found on the page Hardware Requirements.

Native deb/rpm packages

These are the operating systems which are currently supported by packages:

  • Debian 11 Bullseye

  • openSUSE Tumbleweed

  • Ubuntu 20.04 Focal Fossa

    • Enable the universe repositories by appending universe in /etc/apt/sources.list to deb http://[...].archive.ubuntu.com/ubuntu/ focal main first.

    • intelmq-api is only available with hug-based version 3.0.1, not the latest fastapi-based 3.1.0).

Get the installation instructions for your operating system here: Installation Native Packages. The instructions show how to add the repository and install the intelmq package. You can also install the intelmq-manager package to get the Web-Frontend IntelMQ Manager.

Docker

Attention: Currently you can’t manage your botnet via intelmqctl documentation. You need to use IntelMQ-Manager currently!

The latest IntelMQ image is hosted on Docker Hub and the image build instructions are in our intelmq-docker repository <https://github.com/certat/intelmq-docker>.

Follow Docker Install and Docker-Compose Install instructions.

Before you start using docker-compose or any docker related tools, make sure docker is running:

# To start the docker daemon
systemctl start docker.service
# To enable the docker daemon for the future
systemctl enable docker.service

Now we can download IntelMQ and start the containers. Navigate to your preferred installation directory and run the following commands:

git clone https://github.com/certat/intelmq-docker.git --recursive
cd intelmq-docker
sudo docker-compose pull
sudo docker-compose up

Your installation should be successful now. You’re now able to visit http://127.0.0.1:1337/ to access the intelmq-manager. You have to login with the username intelmq and the password intelmq, if you want to change the username or password, you can do this by adding the environment variables INTELMQ_API_USER for the username and INTELMQ_API_PASS for the password.

NOTE: If you get an Permission denied, you should use chown -R $USER:$USER example_config.

With pip from PyPI

Requirements

Ubuntu / Debian

apt install python3-pip python3-dnspython python3-psutil python3-redis python3-requests python3-termstyle python3-tz python3-dateutil redis-server bash-completion jq
# optional dependencies
apt install python3-pymongo python3-psycopg2

CentOS 7 / RHEL 7:

yum install epel-release
yum install python36 python36-dns python36-requests python3-setuptools redis bash-completion jq
yum install gcc gcc-c++ python36-devel
# optional dependencies
yum install python3-psycopg2

Note

We no longer support already end-of-life Python 3.6, which is the last Python version officially packaged for CentOS Linux 7. You can either use alternative Python source, or stay on the IntelMQ 3.0.2.

CentOS 8:

dnf install epel-release
dnf install python3-dateutil python3-dns python3-pip python3-psutil python3-redis python3-requests redis bash-completion jq
# optional dependencies
dnf install python3-psycopg2 python3-pymongo

openSUSE:

zypper install python3-dateutil python3-dnspython python3-psutil python3-redis python3-requests python3-python-termstyle redis bash-completion jq
# optional dependencies
zypper in python3-psycopg2 python3-pymongo

Installation

The base directory is /opt/intelmq/, if the environment variable INTELMQ_ROOT_DIR is not set to something else, see /opt and LSB paths for more information.

sudo -i
pip3 install intelmq
useradd -d /opt/intelmq -U -s /bin/bash intelmq
sudo intelmqsetup

intelmqsetup will create all necessary directories, provides a default configuration for new setups. See the Configuration for more information on them and how to influence them.

Docker without docker-compose

If not already installed, please install Docker.

Navigate to your preferred installation directory and run git clone https://github.com/certat/intelmq-docker.git --recursive.

You need to prepare some volumes & configs. Edit the left-side after -v, to change paths.

Change redis_host to a running redis-instance. Docker will resolve it automatically. All containers are connected using Docker Networks.

In order to work with your current infrastructure, you need to specify some environment variables

sudo docker pull redis:latest

sudo docker pull certat/intelmq-full:latest

sudo docker pull certat/intelmq-nginx:latest

sudo docker network create intelmq-internal

sudo docker run -v ~/intelmq/example_config/redis/redis.conf:/redis.conf \
                --network intelmq-internal \
                --name redis \
                redis:latest

sudo docker run --network intelmq-internal \
                --name nginx \
                certat/intelmq-nginx:latest

sudo docker run -e INTELMQ_IS_DOCKER="true" \
                -e INTELMQ_SOURCE_PIPELINE_BROKER: "redis" \
                -e INTELMQ_PIPELINE_BROKER: "redis" \
                -e INTELMQ_DESTIONATION_PIPELINE_BROKER: "redis" \
                -e INTELMQ_PIPELINE_HOST: redis \
                -e INTELMQ_SOURCE_PIPELINE_HOST: redis \
                -e INTELMQ_DESTINATION_PIPELINE_HOST: redis \
                -e INTELMQ_REDIS_CACHE_HOST: redis \
                -v $(pwd)/example_config/intelmq/etc/:/etc/intelmq/etc/ \
                -v $(pwd)/example_config/intelmq-api/config.json:/etc/intelmq/api-config.json \
                -v $(pwd)/intelmq_logs:/etc/intelmq/var/log \
                -v $(pwd)/intelmq_output:/etc/intelmq/var/lib/bots \
                -v ~/intelmq/lib:/etc/intelmq/var/lib \
                --network intelmq-internal \
                --name intelmq \
                certat/intelmq-full:latest

If you want to use another username and password for the intelmq-manager / api login, additionally add two new environment variables.

-e INTELMQ_API_USER: "your username"
-e INTELMQ_API_PASS: "your password"