Installation

Please report any errors you encounter at https://github.com/certtools/intelmq/issues

For upgrade instructions, see Upgrade instructions. For setting up a development environment see the Developers Guide section Development Environment. For testing pre-releases see also the Developers Guide section Testing Pre-releases.

Requirements

The following instructions assume the following requirements. Python versions >= 3.6 are supported.

Supported and recommended operating systems are:

  • CentOS 7 and 8

  • Debian 10 Buster and 11 Bullseye

  • openSUSE Leap 15.2, 15.13

  • Ubuntu: 18.04, 20.04

  • Docker Engine: 18.x and higher

Other distributions which are (most probably) supported include RHEL, Fedora, openSUSE Tumbleweed and FreeBSD 12.

A short guide on hardware requirements can be found on the page Hardware Requirements.

Install Dependencies

If you are using native packages, you skip this section as all dependencies are installed automatically.

Ubuntu / Debian

apt install python3-pip python3-dnspython python3-psutil python3-redis python3-requests python3-termstyle python3-tz python3-dateutil
apt install redis-server

Optional dependencies:

apt install bash-completion jq
apt install python3-pymongo python3-psycopg2

CentOS 7 / RHEL 7

yum install epel-release
yum install python36 python36-devel python36-requests
yum install gcc gcc-c++
yum install redis

CentOS 8

dnf install epel-release
dnf install python3-dateutil python3-dns python3-pip python3-psutil python3-pytz python3-redis python3-requests redis

Optional dependencies:

dnf install bash-completion jq
dnf install python3-psycopg2 python3-pymongo

openSUSE 15.2 / 15.3

zypper install python3-dateutil python3-dnspython python3-psutil python3-pytz python3-redis python3-requests python3-python-termstyle
zypper install redis

Optional dependencies:

zypper in bash-completion jq
zypper in python3-psycopg2 python3-pymongo

Docker (beta)

ATTENTION Currently you can’t manage your botnet via intelmqctl documentation. You need to use IntelMQ-Manager currently!

Follow Docker Install and Docker-Compose Install instructions.

The latest image is hosted on Docker Hub

Installation

Installation methods available:

  • native packages (.deb, .rpm)

  • PyPi (latest releases as python package)

Note: installation for development purposes must follow the instructions available on Development Environment.

Native Packages

These are the operating systems which are currently supported by packages:

  • CentOS 7 (run yum install epel-release first)

  • CentOS 8 (run dnf install epel-release first)

  • Debian 10 Buster

  • Debian 11 Bullseye

  • Fedora 33

  • Fedora 34

  • openSUSE Leap 15.2

  • openSUSE Leap 15.3 (make sure the openSUSE:Backports:SLE-15-SP3 repository is enabled)

  • openSUSE Tumbleweed

  • Ubuntu 18.04 (enable the universe repositories by appending universe in /etc/apt/sources.list to deb http://[…].archive.ubuntu.com/ubuntu/ bionic main first)

  • Ubuntu 20.04 (enable the universe repositories by appending universe in /etc/apt/sources.list to deb http://[…].archive.ubuntu.com/ubuntu/ focal main first)

Get the installation instructions for your operating system here: Installation Native Packages. The instructions show how to add the repository and install the intelmq package. You can also install the intelmq-manager package to get the Web-Frontend IntelMQ Manager.

Please report any errors or improvements at IntelMQ Issues. Thanks!

PyPi

sudo -i

pip3 install intelmq

useradd -d /opt/intelmq -U -s /bin/bash intelmq
sudo intelmqsetup

intelmqsetup will create all necessary directories, provides a default configuration for new setups. See the Configuration for more information on them and how to influence them.

Docker without docker-compose

NOTE If not already installed, please install Docker

Navigate to your preferred installation directory and run git clone https://github.com/certat/intelmq-docker.git --recursive.

You need to prepare some volumes & configs. Edit the left-side after -v, to change paths.

Change redis_host to a running redis-instance. Docker will resolve it automatically. All containers are connected using Docker Networks.

In order to work with your current infrastructure, you need to specify some environment variables

sudo docker pull redis:latest

sudo docker pull certat/intelmq-full:latest

sudo docker pull certat/intelmq-nginx:latest

sudo docker network create intelmq-internal

sudo docker run -v ~/intelmq/example_config/redis/redis.conf:/redis.conf \
                --network intelmq-internal \
                --name redis \
                redis:latest

sudo docker run --network intelmq-internal \
                --name nginx \
                certat/intelmq-nginx:latest

sudo docker run -e INTELMQ_IS_DOCKER="true" \
                -e INTELMQ_PIPELINE_DRIVER="redis" \
                -e INTELMQ_PIPELINE_HOST=redis_host \
                -e INTELMQ_REDIS_CACHE_HOST=redis_host \
                -v ~/intelmq/example_config/intelmq/etc/:/opt/intelmq/etc/ \
                -v ~/intelmq/example_config/intelmq-api:/opt/intelmq-api/config \
                -v /var/log/intelmq:/opt/intelmq/var/log \
                -v ~/intelmq/lib:/opt/intelmq/var/lib \
                --network intelmq-internal \
                --name intelmq \
                certat/intelmq-full:1.0

Additional Information

Following any one of the installation methods mentioned before, will setup the IntelMQ base. However, some bots may have additional dependencies which are mentioned in their own documentation).