Vigiles Setup Guide

To install the Timesys Enterprise Vigiles stack you will need to have access to the Linuxlink on-prem Vigiles installer page.

Navigate to the URL - Vigiles On Prem Installer
Place the .tar.gz you downloaded onto your host machine and unpack it

If you are upgrading from a previous installation, skip to the upgrade section.

Installing Dependencies

You will next need to install the Vigiles package dependencies on your host machine. For this to work your machine must be an Ubuntu release 20.04 or greater, and your system architecture x86_64. After verifying those details, in the main Vigiles Enterprise On-prem directory run the following script:

sudo ./scripts/install_deps.sh

Vigiles Enterprise CLI Installation Tool

The next tool you will need to use is the Vigiles Enterprise CLI Installation Tool. It will walk you through the critical settings to get the system up and running on your host. To start, run the following command:

sudo python3 vigiles-enterprise-cli.py install

There are several prompted and command line options for this script. They are outlined below:

Miscellaneous

CLI	Prompt	Description
--verbose/--no-verbose	Unprompted	Verbose Output
--url-base	Vigiles Installation Base URL	Vigiles Installation Base URL
--admin-pass	Vigiles Admin Password	Vigiles Admin Password
--generate-certificates/--no-generate-certificates	Generate Certificates	Generate Certificates
--generate-missing-certificates/--no-missing-generate-certificates	Generate Missing Certificates	Generate Missing Certificates
--populate-certificates/--no-populate-certificates	Populate Certificates	Populate Certificates
--skip-load	Use already loaded images	Skip loading docker images
--image-registry-path	Local folder containing docker images	Path to tarred docker images to be loaded

CLI	Prompt	Description
--crontab	Autoadjust Crontab = ['none', 'backups', 'alerts', 'updates', 'all']	Automatically add cron jobs for backups, alerts, updates, or all three.

CLI	Prompt	Description
--sso-enabled/--no-sso-enabled	SSO Enabled	SSO Enabled
--sso-idp-mode	IDP Mode = ['okta', 'azure_ad']	IDP Mode
--idp-metadata-uri	IDP Metadata URI	IDP Metadata URI

CLI	Prompt	Description
--send-emails/--no-send-emails	Send Emails	Send Emails
--email-sender	Email Sender	Email Sender
--email-server	Email Server	Email Server

Deployment.env Options

CLI	Prompt	Description
--vigiles-port	Vigiles Port	Vigiles Port
--ca-cert	Cert Authority Certificate	Cert Authority Certificate
--ca-key	Cert Authority Key	Cert Authority Key

Certificate Authority Options

CLI	Prompt	Description
--ca-root-pass	CA Root Private Key Password	CA Root Private Key Pass
--ca-int-pass	CA Intermediate Private Key Password	CA Intermediate Private Key Pass
--ca-country	CA Country Name	CA Country Name
--ca-state-province	CA State/Province	CA State/Province
--ca-locality-name	CA Locality Name	CA Locality Name
--ca-organization-name	CA Organization Name	CA Organization Name
--ca-organizational-unit	CA Organizational Unit Name	CA Organizational Unit Name
--ca-email-address	CA Email Address	CA Email Address

Vigiles Enterprise CLI MongoDB Tool

The final step in setting up Vigiles is to update your vulnerability database with an initial dumpfile or download it from the Linuxlink server.

If downloading the vulnerability database manually, the update-db script will by default look for the file in the root of the project. Place the file there, or specify its path appropriately when running the script.

sudo python3 vigiles-enterprise-cli.py update-db

Vulnerability database update-db command line options:

CLI	Prompt	Description
--verbose/--no-verbose	Unprompted	Verbose Output
--restore-file	Filename to download/restore	Filename to download/restore
--backup-path	Path to store database backup	Path to store database backup before restoring
--container-name	MongoDB Container	Name of the MongoDB docker container
--download/--no-download	Download from LinuxLink	Download from Timesys or use a pre-existing local file
--download-url	Download URL	Base URL for the download
--download-api-key	Path to LinuxLink API Key	Key file to authenticate downloads
--delete-backup-file-on-success / --no-delete-backup-file	Unprompted	Delete backup file on success

Upgrade Vigiles

To upgrade to the latest release of Timesys Enterprise Vigiles, please follow these steps:

Prerequisites

Open a terminal and change to main vigiles directory, e.g. cd vigiles-enterprise-on-prem
Stop/Remove the already running docker containers of vigiles.

sudo python3 vigiles-enterprise-cli.py stop

Download and upgrade steps

Download the latest release of Timesys Enterprise Vigiles setup tar by navigating to Vigiles On Prem Installer
Go to your download directory and extract the tar file into previously installed main vigiles directory

sudo tar -zxvf `<download tar file name>` -C `<older main vigiles directory path>` --strip-components=1

e.g.

 sudo tar -zxvf vigiles-enterprise-on-prem-installer-1.1.0.tar.gz -C /home/timesys/vigiles-enterprise-on-prem --strip-components=1

Change to main vigiles directory in terminal and run the install command to upgrade Vigiles. Please note: If certificates are not generated for all services, --generate-missing-certificates may be added to the install argument to only generate certificates for services that do not currently have one.

sudo python3 vigiles-enterprise-cli.py install

Once the installation is successful, you will see the message Success: Installed Vigiles Enterprise

MongoDB data load steps

To update your vulnerability database, please follow the steps detailed in the document provided above.

How to verify your upgraded instance

To verify the latest version of your upgraded Vigiles instance, follow these steps:

Login to the Vigiles.
Click on About in side navigation.
Verify in the About page that the latest version of Vigiles is running.

To view details of the changes applied in the latest version, click on What's New in side navigation.