ThreatQ on Your Own Device (BYOD)
ThreatQuotient supports bring your own device (BYOD) installations of ThreatQ. We provide the following warnings to ensure the success of these installations and optimize your use of the application:
After you install ThreatQ, it must be treated as an appliance. As such, you should not enable custom repos, install custom packages, or manually upgrade packages to unsupported versions since these changes may have a negative impact on performance.
Using repositories other than ThreatQ's to install or upgrade your instance is not supported and may result in package conflicts during the install/upgrade process. ThreatQuotient recommends that you disable all repositories other than ThreatQ.
For the ThreatQ platform to function optimally, EFI should be disabled because it is not supported.
BYOD Prerequisites
- A functional CentOS/RHEL 7.2 or later minimal install (7.2 to 7.9 minimal)
- Whitelisting of the following repository servers for software upgrades and system updates:
- rpm.threatq.com
- system-updates.threatq.com
- ThreatQuotient Version 5 install script (
tqadmin) - System time standard set to UTC.
Amazon Web Services (AWS) Guidelines
If you are using AWS for your installation, we recommend using an r5 instance family of at least a size matching the Virtual and BYOD System Requirements table found in the ThreatQ System Requirements chapter.
Throughout this document, $ identifies commands that can be run as any user, and # identifies commands that must be run as root.
BYOD Partitioning
For BYOD installations, we recommend the following partitioning scheme to attain the best ThreatQ experience:
| Filesystem | Size | Used | Available | Use % | Mounted on |
|---|---|---|---|---|---|
| /dev/mapper/Vol Group00-LogVol00 |
1.9T | 66G | 1.8T | 4% | / |
| devtmpfs | 63G | 0 | 63G | 0% | /dev |
| tmpfs | 63G | 0 | 63G | 0% | /dev/shm |
| tmpfs | 63G | 17M | 63G | 1% | /run |
| tmpfs | 63G | 0 | 63G | 0% | /sys/fs/cgroup |
| /dev/sda1 | 244M | 164M | 80M | 68% | /boot |
| tmpfs | 13G | 0 | 13G | 0% | /run/user/1002 |
BYOD Pre-installation
Before running the installation script, double-check the following system Timezone and SELinux configuration settings:
Timezone
The system time standard must be set to UTC.
If not, change where the /etc/localtime symlink points.
# ln -s /usr/share/zoneinfo/UTC /etc/localtime
SELinux
SELinux must be enabled. You can check this with the sestatus command.
SELinux status: |
enabled |
SELinuxfs mount: |
/sys/fs/selinux |
SELinux root directory: |
/etc/selinux |
Loaded policy name: |
targeted |
Current mode: |
permissive |
Mode from config file: |
disabled |
Policy MLS status: |
enabled |
Policy deny_unknown status: |
allowed |
Max kernel policy version: |
28 |
If SELinux is not enabled, enable it by editing the config file in the SELinux root directory as output by sestatus.
You are not required to change the SELINUX=line in the configuration file to SELINUX=permissive. However, the install process changes this value to permissive and resets it to the original value during the first boot process.
After this configuration change, you must reboot the system.