Quick Start Guide
Technical Overview
The Syntmon application is comprised of four parts:
- The web frontend
- The backend service
- An InfluxDB (version 1.8) for storing all file information
- A MySQL Database (version 5.7) for application configuration, logging, and authentication
The frontend and backend components are provided by BrythonicBytes as Docker containers, the database components are provided by third parties and can be setup according to your use case.
The default root password is “Brythonic@1”Quick Install Walkthrough
This covers how to quickly set up Syntmon for evaluation using Docker on Linux. Here we walk through the install process, host addition, manual report uploading, alert creation, API key creation, and automated report uploading.
Web Frontend
The web frontend runs on port 80, it takes no environment variables, and it requires the backend to be accessible no the same port and URI.
registry.brythonicbytes.com/brythonic/syntmon-frontend:latest
Backend Service
The backend service is responsible for accepting data from clients, processing information, and serving content for web frontend users.
registry.brythonicbytes.com/brythonic/syntmon-backend:latest
The required environment variables are:
| Variable | Description | Examples |
|---|---|---|
| INFLUXDB_HOST | The InfluxDB endpoint | “http://10.1.2.3:8086” |
| DOMAIN_NAME | The domain name that the backend API (and web frontend) are accessible on | “syntmon.example.com” |
| MYSQLDB_HOST | The MYSQL endpoint | “mysql.syntmon.svc.cluster.local” “mysql.example.com” |
| MYSQLDB_USER | A username for accessing the MYSQL database | “admin” “user01” |
| MYSQLDB_PASSWORD | The corresponding password for MYSQLDB_USER | “P@5sw0rd” |
| MYSQLDB_PORT | The corresponding port for MYSQLDB_HOST | “3306” |
Quick Start Configs
Docker
Kubernetes
AWS EKS
Docker
---
version: "3"
services:
mysql_svc:
image: mysql:5.7
command: '--default-authentication-plugin=mysql_native_password'
volumes:
- mysql_data:/var/lib/mysql
restart: always
environment:
- MYSQL_DATABASE=syntmon
- MYSQL_PASSWORD=password
- MYSQL_ROOT_PASSWORD=password
- MYSQL_USER=user
expose:
- 3306
influx_svc:
image: influxdb:1.8
volumes:
- influx_data:/var/lib/influxdb
restart: always
environment:
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=password
- INFLUXDB_ADMIN_USER_PASSWORD=password
expose:
- 8086
frontend:
image: registry.brythonicbytes.com/brythonic/syntmon-frontend:latest
environment:
- VIRTUAL_HOST=syntmon.localhost
ports:
- 81:80
restart: always
backend:
image: registry.brythonicbytes.com/brythonic/syntmon-backend:latest
ports:
- 5000:5000
environment:
- INFLUXDB_HOST=http://influx_svc:8086
- DOMAIN_NAME=syntmon.localhost
- PORT=5000
- VIRTUAL_HOST=syntmon.localhost
- MYSQLDB_HOST=mysql_svc
- MYSQLDB_USER=root
- MYSQLDB_PASSWORD=password
- MYSQLDB_PORT=3306
- VIRTUAL_PATH=/api/
restart: always
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
environment:
DEFAULT_HOST: syntmon.localhost
volumes:
mysql_data:
influx_data:
Kubernetes
Copy and apply with:
$ kubectl apply -f <filename>
This is for reference only. It uses: local storage, no secrets, the Nginx ingress controller, and features no redundancy.
$ kubectl apply -f <filename>
This is for reference only. It uses: local storage, no secrets, the Nginx ingress controller, and features no redundancy.
---
apiVersion: v1
kind: Namespace
metadata:
name: syntmon
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-backend
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-backend
template:
metadata:
labels:
app: syntmon-backend
spec:
containers:
- name: syntmon-backend
image: registry.brythonicbytes.com/brythonic/syntmon-backend:latest
ports:
- containerPort: 5000
env:
- name: INFLUXDB_HOST
value: "http://influxdb.syntmon.svc.cluster.local:8086"
- name: DOMAIN_NAME
value: "syntmon-frontend"
- name: PORT
value: "5000"
- name: MYSQLDB_HOST
value: "mysql.syntmon.svc.cluster.local"
- name: MYSQLDB_USER
value: "root"
- name: LOGLEVEL
value: "3"
- name: MYSQLDB_PASSWORD
value: "password"
- name: MYSQLDB_PORT
value: "3306"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: syntmon-backend
namespace: syntmon
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 100m
nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
spec:
rules:
- host: syntmon-frontend
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: syntmon-backend
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: syntmon-backend
namespace: syntmon
spec:
ports:
- name: http
targetPort: 5000
port: 80
selector:
app: syntmon-backend
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-frontend
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-frontend
template:
metadata:
labels:
app: syntmon-frontend
spec:
containers:
- name: syntmon-frontend
image: registry.brythonicbytes.com/brythonic/syntmon-frontend:latest
ports:
- containerPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: syntmon-frontend
namespace: syntmon
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: syntmon-frontend
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: syntmon-frontend
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: syntmon-frontend
namespace: syntmon
spec:
ports:
- name: http
targetPort: 80
port: 80
selector:
app: syntmon-frontend
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-influxdb
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-influxdb
template:
metadata:
labels:
app: syntmon-influxdb
spec:
containers:
- name: syntmon-influxdb
image: influxdb:1.8
ports:
- containerPort: 8086
volumeMounts:
- mountPath: /var/lib/influxdb
name: data
env:
- name: INFLUXDB_ADMIN_USER
value: "admin"
- name: INFLUXDB_ADMIN_PASSWORD
value: "password"
- name: INFLUXDB_ADMIN_USER_PASSWORD
value: "password"
volumes:
- name: data
hostPath:
path: /var/lib/containers/storage/syntmon/influxdb
---
apiVersion: v1
kind: Service
metadata:
name: influxdb
namespace: syntmon
spec:
ports:
- name: syntmon-influxdb
port: 8086
targetPort: 8086
selector:
app: syntmon-influxdb
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: mysql
name: mysql
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- env:
- name: MYSQL_DATABASE
value: syntmon
- name: MYSQL_PASSWORD
value: "password"
- name: MYSQL_ROOT_PASSWORD
value: "password"
- name: MYSQL_USER
value: "user"
image: mysql:5.7
name: mysql
ports:
- containerPort: 3306
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql-data
volumes:
- name: mysql-data
hostPath:
path: /var/lib/containers/storage/syntmon/mysql
---
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: syntmon
spec:
selector:
app: mysql
ports:
- name: mysql
targetPort: 3306
port: 3306
AWS EKS
Copy and apply with:
$ kubectl apply -f <filename>
This is for reference only as it uses insecure cookies, it does not use end to end encryption, it does not use secrets, and it features no redundancy.
This uses AWS Elastic Block Storage (ELB) and Application Load Balancer (ALB), which is well documented here and here.
This also requires the AWS ELB domain name to be set in the DOMAIN_NAME environment var for the backend.
$ kubectl apply -f <filename>
This is for reference only as it uses insecure cookies, it does not use end to end encryption, it does not use secrets, and it features no redundancy.
This uses AWS Elastic Block Storage (ELB) and Application Load Balancer (ALB), which is well documented here and here.
This also requires the AWS ELB domain name to be set in the DOMAIN_NAME environment var for the backend.
---
apiVersion: v1
kind: Namespace
metadata:
name: syntmon
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: awsgp2vol
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
iopsPerGB: "10"
fsType: ext4
reclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-mysql
namespace: syntmon
spec:
resources:
requests:
storage: 20Gi
accessModes:
- ReadWriteOnce
storageClassName: awsgp2vol
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-influxdb
namespace: syntmon
spec:
resources:
requests:
storage: 50Gi
accessModes:
- ReadWriteOnce
storageClassName: awsgp2vol
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-backend
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-backend
template:
metadata:
labels:
app: syntmon-backend
spec:
containers:
- name: syntmon-backend
image: registry.brythonicbytes.com/brythonic/syntmon-backend:latest
ports:
- containerPort: 5000
env:
- name: INFLUXDB_HOST
value: "http://influxdb.syntmon.svc.cluster.local:8086"
- name: DOMAIN_NAME
value: "k8s-syntmon-syntmonf-efb1b0cc3e-1963918450.eu-west-1.elb.amazonaws.com"
- name: PORT
value: "5000"
- name: MYSQLDB_HOST
value: "mysql.syntmon.svc.cluster.local"
- name: SECURE_LOGIN #remove the secure flag on the login cookie to allow testing with elb generated domains
value: "false"
- name: MYSQLDB_USER
value: "root"
- name: LOGLEVEL
value: "3"
- name: MYSQLDB_PASSWORD
value: "password"
- name: MYSQLDB_PORT
value: "3306"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: syntmon-frontend
namespace: syntmon
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: syntmon-backend
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: syntmon-frontend
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: syntmon-backend
namespace: syntmon
spec:
ports:
- name: http
targetPort: 5000
port: 80
selector:
app: syntmon-backend
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-frontend
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-frontend
template:
metadata:
labels:
app: syntmon-frontend
spec:
containers:
- name: syntmon-frontend
image: registry.brythonicbytes.com/brythonic/syntmon-frontend:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: syntmon-frontend
namespace: syntmon
spec:
ports:
- name: http
targetPort: 80
port: 80
selector:
app: syntmon-frontend
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: syntmon-influxdb
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: syntmon-influxdb
template:
metadata:
labels:
app: syntmon-influxdb
spec:
containers:
- name: syntmon-influxdb
image: influxdb:1.8
ports:
- containerPort: 8086
volumeMounts:
- mountPath: /var/lib/influxdb
name: data
env:
- name: INFLUXDB_ADMIN_USER
value: "admin"
- name: INFLUXDB_ADMIN_PASSWORD
value: "password"
- name: INFLUXDB_ADMIN_USER_PASSWORD
value: "password"
volumes:
- name: data
persistentVolumeClaim:
claimName: pvc-influxdb
---
apiVersion: v1
kind: Service
metadata:
name: influxdb
namespace: syntmon
spec:
ports:
- name: syntmon-influxdb
port: 8086
targetPort: 8086
selector:
app: syntmon-influxdb
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: mysql
name: mysql
namespace: syntmon
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- env:
- name: MYSQL_DATABASE
value: syntmon
- name: MYSQL_PASSWORD
value: "password"
- name: MYSQL_ROOT_PASSWORD
value: "password"
- name: MYSQL_USER
value: "user"
image: mysql:5.7
name: mysql
args:
- "--ignore-db-dir=lost+found"
ports:
- containerPort: 3306
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql-data
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: pvc-mysql
---
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: syntmon
spec:
selector:
app: mysql
ports:
- name: mysql
targetPort: 3306
port: 3306
Client Configuration
Configuring clients to produce and upload reports to Syntmon requires Aide and cURL to be installed along with the ability to POST data to the backend.
A suitable Aide configuration to scan all files on a system is:
/ p+u+g+sha512 database_out=file:/var/db/aide.db database_new=file:/var/db/aide.dbAfter generating an API key from the users page within the web frontend, this can then be automated from crontab with something like:
aide -ic /etc/aide.conf&&mv /var/db/aide.db.new /var/db/aide.db&&curl -k -XPOST https://<ENDPOINT>/api/v1/upload-report -H"content-Type: multipart/form-data" -H'Accept: application/json' -H "Authorization: Bearer <APIKEY>" -Ftype="aidelogfile" -Fdata=@/var/db/aide.db -Fhost=$(hostname -f)Since Aide does not run on Windows, this limits Syntmon clients to Linux and any modern Unix.