Note: This post is Part 1 in a series on using Splunk in a Virtual Lab – The full series is Introduction, Part 1, Part 2, Part 3, and Part 4.
Resources
- Video: Splunk Development - Creating a Linux Virtual Machine
- Video: Splunk Development - Creating a Virtual Machine using VirtualBox
Notes/Instructions
Follow YouTube videos (links above - watch parts 1 to 3). They will assist in setting up the virtual machine or continue reading. Below, you will find updates that are required for using CentOS 7.
Downloads/Required Software
- Download CentOS - Minimal ISO
- CentOS - Mirror (find the one closest to you)
- Click on HTTP link
- Download the latest version
- Click "isos" folder
- Select the folder for your architecture
- Download CentOS-X.X-x86_64-minimal.iso (Make sure it is the minimal iso)
- Download and install VirtualBox
Creating a VirtualBox virtual machine
- Open VirtualBox
- Click "New" for a new VM
- Name: lab_splunk
- Type: Linux
- Version: Other Linux (64-bit)
- "Next"
- RAM: 1000 MB
- "Next"
- "Create a virtual hard disk now" (default option)
- "Next"
- "VDI (VirtualBox Disk Image)" (default option)
- "Next"
- "Dynamically allocated" (default option)
- "Next"
- Storage: 20 GB
- "Create"
- Mount ISO file to Optical Drive
- Right click on lab_splunk (VM that was just created)
- Click "Settings"
- Click "Storage"
- Click "Empty"
- Select Disc image, next to "IDE Secondary Master"
- "Choose Virtual Optical Disk File"
- Browse to your downloaded CentOS mininal ISO
- Start the virtual machine
- Install CentOS
- At the end, do not forget to eject the ISO file
- Configure CentOS VM
- Login as root to CentOS vm
- Create a "Snapshot" of the VM
- Configure network adapter (see below)
- sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
- Modify
ONBOOT=notoONBOOT=yes - Press "ESC" key, enter :wq!
- ifconfig (not installed by default, see below for more information
- ifconfig eth0 up
- dhclient
- ifconfig - "inet addr" is the VM IP address
- Note: To be able to SSH into VM, see below for addition instructions.
Linux Note:
(Part of my Security Lab)
Below, you will find a summary of CentOS VM system requirements.
Below, you will find a summary of CentOS VM system requirements.
| VM Name: | lab_splunk |
|---|---|
| Operating System: | CentOS 7 - x86_64 - Minimal |
| Base Memory (RAM): | 1000 MB or 1GB |
| Storage: | 20.0 GB (Dynamic Allocation) |
| Network: | NAT |
Create "Eth0" Adapter
CentOS 7 does not include "Eth0" by default. To fix this, we need to move the existing network adapter to be named as "eth0". Let's run sudo mv /etc/sysconfig/network-scripts/ifcfg-enp0s3 /etc/sysconfig/network-scripts/ifcfg-eth0, this will create the eth0 adapter. Next you will need toreboot your CentOS VM.Install ifconfig
CentOS 7 does not have ifconfig by default, so you need to update and upgrade CentOS: sudo apt-get update && apt-get upgrade. Next, you will need to install net-tools: yum install net-toolsLinux Note:
ip addr is similar to ifconfig, but they have different parameters.SSH into a VirtualBox VM
To allow SSH into our VirtualBox VM, we need to setup a port forwarding rule. To establish a port forwarding on VirtualBox, we need to go into the network settings for our VM. Next, we need to go to the "Advanced box" and click the "Port Forwarding" button. Add a rule by clicking the "+" button (green) and add a rule:- Name: "SSH from Host"
- Host IP: "127.0.0.1"
- Host Port: "2222"
- Guest IP: "10.0.2.15" (VM IP address)
- Guest Port: "22"
(Thanks to user63668, for the post on StackExchange)
Note: Continue reading...Part Two: Install Splunk on CentOS VM.
No comments :
Post a Comment