Setup Utility

The Setup Utility found in ~/flowpro/setup.sh is responsible for interface management and Plixer FlowPro configuration.

  1. From the Hyper-Visor, launch the virtual console, and then log in to the Plixer FlowPro as the root user and password plixer.

  2. Accept the FlowPro End User Agreement, and then proceed with the initial setup.

  3. When prompted, enter the values for the following:

    • Flowpro Hostname (this must be a fully qualified hostname)

    • IP Address

    • CIDR (provide the CIDR mask only (i.e. 8,16,24,etc.))

    • Gateway

    • DNS IP

    • root user’s new password

    • plixer user’s new password

    Note

    The system will reboot after all the information is provided.

  4. After the system reboots, you can now SSH to the newly configured IP address using the plixer user and password that you set in the previous step.

  5. Run the following command to setup Plixer FlowPro: $ sudo /home/plixer/flowpro/setup.sh.

  6. When prompted, enter the values for the following:

    • plixer user’s current password

    • Primary Plixer Scrutinizer reporter address

    • Plixer Scrutinizer Collector address (This should be the Collector that will receive flows from the Plixer FlowPro appliance. This can be the same as the reporter address.)

    • Plixer Scrutinizer admin auth_token (This is important as part of the initial Plixer FlowPro licensing steps.)

  7. When prompted, enter the values for the following to generate a new SSL certificate:

    • Country Name (2-letter country code)

    • State or Province Name (Complete state or province name)

    • Locality Name (Complete locality or city name)

    • Organizational Unit Name (Section)

    • Common Name (Server FQDN or your name)

    • DNS alternative name 1

      Note

      Press Enter to stop adding values.

  8. When prompted, enter if your Plixer FlowPro appliance has internet access.

    • If yes, proceed with the next steps that follow. This may require a docker account.

    • If no, the setup will be done locally.

  9. When prompted, confirm if you will be configuring an ERSPAN.

  10. If setting up ERSPAN, enter the following details when prompted:

    • IP address to assign to a monX interface

    • ERSPAN source IP

    • ERSPAN destination IP

    • ERSPAN ID and key

    Note

    For more information, refer to the ERSPAN section.

Flow data and/or events should begin to populate in Plixer Scrutinizer with an exporter address of the local MGMT interface IP.

Setup Utility Runmodes

After inital setup, Plixer Flowpro configuration changes can be made by running the whole setup utility or individual sections.

$ sudo ~/flowpro/setup.sh - Full application re-configuration

$ sudo ~/flowpro/setup.sh --monitor-ports - Re-configuration of monitor ports, used when adding additonal interface post-deployment

$ sudo ~/flowpro/setup.sh --exporter-config - Re-configuration of flow export and destination Scrutinizer

$ sudo ~/flowpro/setup.sh --cert-generation - Regeneration of local certificates

$ sudo ~/flowpro/setup.sh --container-setup - Update suricata execution container

$ sudo ~/flowpro/setup.sh --erspan-config - IP and configure erspan destination post-deployment

$ sudo ~/flowpro/setup.sh --firewall-mgmt - Reset Firewall to default posture

Plixer FlowPro service

The operation is orchestrated through the Plixer FlowPro system service and can be controlled using the following command: service flowpro [start|stop|restart].

Note

The setup will generate a certificate signing request ~flowpro/server.csr. Sign this request and replace the existing ~/flowpro/server.crt file. Then, restart the Plixer FlowPro service to avoid self-signed operation.