Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
tl;dr natlas/docker install

Natlas/Docker Install

https://github.com/natlas/natlas/blob/main/natlas-server#installation-production https://github.com/natlas/natlas/blob/main/natlas-agent#installation-production

You should probably read the above instructions but if you just want to get up and running, this should do it.

Install Docker, configure directories

apt install docker.io

mkdir -p /opt/natlas/data
cd /opt/natlas

cat >  .env  << EOF
SECRET_KEY=$(openssl rand -hex 32)
FLASK_ENV=production
ELASTICSEARCH_URL=http://<DOCKER-IP-HERE>:9200
EOF

ElasticSearch (tmux window 1)

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.8.1
docker run -p 9200:9200 -p 9300:9300 -v /data:/usr/share/elasticsearch/data:rw -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.8.1

Natlas Server (tmux window 2)

docker run -d -p 5000:5000 --name natlas_server --restart=always -v /mnt/natlas_data:/opt/natlas/data:rw -v /opt/natlas/.env:/opt/natlas/natlas-server/.env natlas/server
docker exec -e SERVER_NAME=localhost:5000 -it $(docker ps | grep natlas/server | cut -d' ' -f1) flask user new --admin

Troubleshooting

docker logs --tail 50 --follow --timestamps $(docker ps | grep natlas | cut -d' ' -f1)

Check file permissions. Running as root? Are /data and /opt/natlas writable?

Setup Server

  1. Connect to to http://localhost:5000
  2. Create a new user with the invite link from the server setup
  3. Profile > Admin, change settings as appropriate (Scope [Mandatory], nmap options, etc)

Natlas Agent (tmux window 3)

By default Natlas continuously scans its given scope

docker pull natlas/agent

mkdir /opt/natlas
cat > agent_env << EOF
NATLAS_SERVER_ADDRESS=https://127.0.0.1:5000
NATLAS_IGNORE_SSL_WARN=True
NATLAS_MAX_THREADS=10
NATLAS_MAX_RETRIES=2
NATLAS_AGENT_TOKEN=$(openssl rand -hex 32)
EOF

wget https://raw.githubusercontent.com/natlas/natlas/main/natlas-agent/chrome.json -O /opt/natlas/chrome.json

docker run -d --name natlas_agent --restart=always --security-opt seccomp=/opt/natlas/chrome.json --cap-add=NET_ADMIN -v /opt/natlas/agent_env:/opt/natlas/natlas-agent/.env natlas/agent

Kibana

docker run --link $(docker ps | grep elasticsearch | cut -d' ' -f1):elasticsearch -p 5601:5601 docker.elastic.co/kibana/kibana:latest

SSH

If this is running on a remote host, and you have an SSH session to it

<Enter>
<Shift> + ~
<Shift> + C
-L 5000:<remote-ip>:5000
-L 5601:<remote-ip>:5601

Now browse to localhost:5000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment