### Install ugorji/go/codec Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/ugorji/go/codec/README.md Use 'go get' to install the library. Consider build tags for specific features like 'safe' mode. ```bash go get github.com/ugorji/go/codec ``` -------------------------------- ### Install Flask Echo Server Helm Chart (Quick Start) Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/eks-fargate/flask-echo-server/ReadMe.md Use this command for a quick installation of the Flask Echo Server Helm chart, setting the management console IP. ```bash helm install flask-echo-server flask-echo-server \ --set managementConsoleIp=40.40.40.40 ``` -------------------------------- ### Install codecgen Tool Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/ugorji/go/codec/codecgen/README.md Download and install the codecgen tool using the go get command. This command fetches the latest version and installs it into your Go binary path. ```bash go get -u github.com/ugorji/go/codec/codecgen ``` -------------------------------- ### Install sqlc using go install Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_utils/postgresql/readme.md Install the sqlc CLI globally using the go install command. ```shell go install -v github.com/sqlc-dev/sqlc/cmd/sqlc@latest ``` -------------------------------- ### Install and Start ThreatMapper Console Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/docker.md Execute this command to install and start the latest build of the ThreatMapper Management Console in detached mode. ```bash docker compose up -d ``` -------------------------------- ### Install Deepfence Agent with Values File Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/deepfence-agent/ReadMe.md Installs the Deepfence Agent using a custom values file for configuration. This method allows for a more detailed and customized deployment compared to the quick start. ```bash helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ --namespace deepfence \ --create-namespace ``` -------------------------------- ### Start Local Development Server Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/README.md Starts a local development server for live preview. Changes are reflected without a server restart. Use --port to specify a different port. ```bash $ yarn start ``` -------------------------------- ### Fine-tune Helm Deployment and Install Source: https://github.com/deepfence/threatmapper/wiki/Installing-Sensors-in-Kubernetes Adds the Deepfence Helm repository, exports default values to a YAML file for customization, and then installs the agent using the customized values. Update `managementConsoleUrl`, `deepfenceKey`, and optionally `image:name` and `image:clusterAgentImageName`. Set `containerdSock` to `false` if the agent fails to start. ```shell helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper helm show values deepfence/deepfence-agent > deepfence_agent_values.yaml # You will need to update the following values: # managementConsoleUrl and deepfenceKey - specify your URL/IP and API key value # You may wish to update other values, including: # image:name and image:clusterAgentImageName - change to point to custom images # containerdSock - set to false if agent fails to start on some Kubernetes platforms e.g. Minikube vim deepfence_agent_values.yaml helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent ``` -------------------------------- ### Install and Run Management Console on Docker Host Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Management-Console Log in to your Docker Hub account and then use docker-compose to start the Management Console, specifying your custom image repository. ```shell ACC=myorg # the name of the dockerhub account docker login -u $ACC # log in to the account IMAGE_REPOSITORY=$ACC docker-compose -f docker-compose.yml up --detach ``` -------------------------------- ### Install and Run Deepfence Agent on Docker Host Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Sensor-Agents Use this command to install and start the Deepfence agent on a Docker host. Ensure you have logged into your Docker Hub account and replace placeholder values for console URL, port, and API key. ```shell ACC=myorg # the name of the dockerhub account docker login -u $ACC # log in to the account docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \ --privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \ -e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="---CONSOLE-IP---" -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ $ACC/deepfence_agent_ce:latest ``` -------------------------------- ### Install Project Dependencies Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/README.md Run this command to install all necessary project dependencies using Yarn. ```bash $ yarn ``` -------------------------------- ### Install ThreatMapper Python SDK Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Use pip to install the SDK from the GitHub repository. ```shell pip install git+https://github.com/deepfence/threatmapper-python-client.git ``` -------------------------------- ### Install and Run Sensor Agents on Docker Host Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/deploy-agent.md Execute this command to install and start the Deepfence agent on a Docker host. Ensure you have logged into your Docker account and replace placeholders for console IP, API key, and image version. ```bash ACC=myorg # the name of the dockerhub account docker login -u $ACC # log in to the account docker run -dit \ --cpus=".2" \ --name=deepfence-agent \ --restart on-failure \ --pid=host \ --net=host \ --log-driver json-file \ --log-opt max-size=50m \ --privileged=true \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /:/fenced/mnt/host/:ro \ -e DF_LOG_LEVEL="info" \ -e CUSTOM_TAGS="" \ -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ -e http_proxy="" \ -e https_proxy="" \ -e no_proxy="" \ $ACC/deepfence_agent_ce:THREATMAPPER_VERSION ``` -------------------------------- ### Install ThreatMapper Management Console with Docker Compose Source: https://github.com/deepfence/threatmapper/blob/release-2.5/README.md Use this command to download the Docker Compose file and start the ThreatMapper Management Console in detached mode. Ensure Docker and Docker Compose are installed. ```shell wget https://github.com/deepfence/ThreatMapper/raw/release-2.5/deployment-scripts/docker-compose.yml docker-compose -f docker-compose.yml up --detach ``` -------------------------------- ### Install Metrics Server Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/kubernetes.md Apply the metrics server components YAML to install the metrics server if it's not already present. This is an optional but recommended step for monitoring. ```bash kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml ``` -------------------------------- ### Install Management Console Components Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/index.md Use this to display documentation cards related to the installation of the Management Console. ```mdx import DocCardList from '@theme/DocCardList'; import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; item.label.includes( "Installation" ) )}/> ``` -------------------------------- ### Start Storybook Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_frontend/packages/ui-components/Readme.md Run this command to start the Storybook development server for the UI components. This allows for interactive development and testing of components. ```shell pnpm run storybook ``` -------------------------------- ### Develop All Apps and Packages Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_frontend/README.md Execute this command to start the development server for all applications and packages. ```bash pnpm run dev ``` -------------------------------- ### Install sqlc using Homebrew Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_utils/postgresql/readme.md Use this command to install the sqlc CLI on macOS using Homebrew. ```shell brew install sqlc ``` -------------------------------- ### Install Deepfence Router Helm Chart Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/deepfence-router/ReadMe.md Use this command for a quick installation of the Deepfence Router Helm chart. ```bash helm install deepfence-router deepfence-router ``` -------------------------------- ### Install ThreatMapper Sensor with Docker Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/sensors/docker.md Run this command to start the ThreatMapper sensor on a Linux host using Docker. Ensure you replace placeholder values for console URL and API key. This command mounts necessary host directories and configures logging. ```bash docker run -dit \ --cpus=".2" \ --name=deepfence-agent \ --restart on-failure \ --pid=host \ --net=host \ --log-driver json-file \ --log-opt max-size=50m \ --privileged=true \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /:/fenced/mnt/host/:ro \ -e DF_LOG_LEVEL="info" \ -e CUSTOM_TAGS="" \ -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ -e http_proxy="" \ -e https_proxy="" \ -e no_proxy="" \ quay.io/deepfenceio/deepfence_agent_ce:THREATMAPPER_VERSION ``` -------------------------------- ### Install ThreatMapper Sensor Agent on Docker Source: https://github.com/deepfence/threatmapper/blob/release-2.5/README.md Run this command to start the ThreatMapper sensor on a Docker host. Ensure you replace placeholder values for console IP and API key. ```shell docker run -dit \ --cpus=".2" \ --name=deepfence-agent \ --restart on-failure \ --pid=host \ --net=host \ --log-driver json-file \ --log-opt max-size=50m \ --privileged=true \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /:/fenced/mnt/host/:ro \ -e CUSTOM_TAGS="" \ -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ -e http_proxy="" \ -e https_proxy="" \ -e no_proxy="" \ quay.io/deepfenceio/deepfence_agent_ce:2.5.8 ``` -------------------------------- ### Install Deepfence Cloud Scanner Helm Chart Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/cloudscanner/aws.md Installs the Deepfence cloud scanner Helm chart using the specified values file and namespace. Ensure the namespace exists or is created during installation. ```bash helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ --namespace deepfence \ --create-namespace \ --version CLOUD_SCANNER_HELM_CHART_VERSION ``` -------------------------------- ### Install Nginx Ingress Controller using Kubectl Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/deepfence-router/ReadMe.md Install the Nginx Ingress Controller using kubectl. Ensure it is installed before configuring the Deepfence Router to use Ingress type. ```bash kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/aws/deploy.yaml ``` -------------------------------- ### Install Flask Echo Server Helm Chart with Values File Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/eks-fargate/flask-echo-server/ReadMe.md Install the Flask Echo Server Helm chart using a custom values file for detailed configuration. ```bash helm install -f flask_echo_server_values.yaml flask-echo-server flask-echo-server ``` -------------------------------- ### Docker: Post-upgrade steps Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/upgrade-from-v2.1.md After upgrading to the new release and allowing the scheduler to complete Neo4j setup, execute the post-upgrade script. ```bash docker exec deepfence-neo4j /startup/post-upgrade-to-v5.sh ``` -------------------------------- ### Example Usage of Procspy Connections (Go) Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/procspy/README.md This is a complete example demonstrating how to use the procspy.Connections function to retrieve TCP connection information. It prints the local port for each connection. Ensure you have necessary imports and error handling. ```go package main import ( "fmt" "github.com/deepfence/procspy" ) func main() { cs, err := procspy.Connections(false, []uint{1,10}, dfUtils.GetAllLocalIps()) if err != nil { panic(err) } fmt.Printf("TCP Connections:\n") for c := cs.Next(); c != nil; c = cs.Next() { //fmt.Printf(" - %v\n", c) fmt.Print(c.LocalPort) fmt.Print(", ") } } ``` -------------------------------- ### Install Nginx Ingress Controller using Helm Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/deepfence-router/ReadMe.md Install the Nginx Ingress Controller using Helm. Ensure it is installed before configuring the Deepfence Router to use Ingress type. ```bash helm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ --namespace ingress-nginx --create-namespace ``` -------------------------------- ### Install Metrics Server Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Applies the Kubernetes metrics server configuration. This is necessary if the metrics server is not already installed. ```shell kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml ``` -------------------------------- ### Quick Install Deepfence Agent Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/deepfence-agent/ReadMe.md Installs the Deepfence Agent with essential parameters like management console URL, authentication key, cluster name, and image tag. It also creates the 'deepfence' namespace if it doesn't exist. ```bash helm install deepfence-agent deepfence/deepfence-agent \ --set managementConsoleUrl=40.40.40.40 \ --set deepfenceKey="" \ --set clusterName="prod-cluster" \ --set global.imageTag="2.0.1" \ --namespace deepfence \ --create-namespace ``` -------------------------------- ### Start Deepfence Sensor Agent on Linux Source: https://github.com/deepfence/threatmapper/wiki/Installing-Sensors-in-Bare-OS Run this command to start the Sensor Agent on a Linux host. Ensure you have your Deepfence API key and the console IP address. ```bash docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \ --privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \ -e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="---CONSOLE-IP---" -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ deepfenceio/deepfence_agent_ce:latest ``` -------------------------------- ### Download docker-compose.yml for Docker Host Installation Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Management-Console Use wget to download the docker-compose.yml file to the system that will host the Management Console. ```shell wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml ``` -------------------------------- ### Linux Host Agent Installation Script Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/sensors/linux-host.md This script installs the Deepfence agent on Linux hosts. It sets up environment variables, installs dependencies, downloads the agent binary, and configures it as a systemd service. Run with 'sudo bash install_deepfence.sh'. ```bash # MGMT_CONSOLE_URL: Example: threatmapper.customer.com or 65.65.65.65 export MGMT_CONSOLE_URL="${MGMT_CONSOLE_URL}" export DEEPFENCE_KEY="${DEEPFENCE_KEY}" if [[ -z "$MGMT_CONSOLE_URL" ]]; then echo "env MGMT_CONSOLE_URL is not set" exit 1 fi if [[ -z "$DEEPFENCE_KEY" ]]; then echo "env DEEPFENCE_KEY is not set" exit 1 fi export MGMT_CONSOLE_PORT="443" export MGMT_CONSOLE_URL_SCHEMA="https" export DF_HOSTNAME="$(hostname)" export DF_LOG_LEVEL="info" MANAGEMENT_CONSOLE_URL="$MGMT_CONSOLE_URL_SCHEMA://$MGMT_CONSOLE_URL:$MGMT_CONSOLE_PORT" OS_ID=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"') if [[ "$OS_ID" == "amzn" || "$OS_ID" == "centos" ]]; then # Do necessary installs for Amazon Linux yum -y install logrotate jq curl if [[ "$?" != "0" ]]; then echo "Failed to install logrotate" exit 1 fi else # Do necessary installs for Ubuntu apt-get -y install logrotate jq curl if [[ "$?" != "0" ]]; then echo "Failed to install logrotate" exit 1 fi fi access_token_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/auth/token" \ --header 'Content-Type: application/json' \ --data "{\"api_token\": \"$DEEPFENCE_KEY\"}") if [[ $access_token_response == "" ]]; then echo "Failed to connect to the management console" exit 1 fi access_token=$(jq -r '.access_token' <<< "$access_token_response") if [[ $access_token == "" || $access_token == "null" ]]; then echo "Failed to authenticate" echo "$access_token_response" exit 1 fi download_url_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/agent-deployment/binary/download-url" \ --header "Authorization: Bearer $access_token") if [[ $download_url_response == "" ]]; then echo "Failed to get agent binary download url" exit 1 fi start_agent_script_download_url=$(jq -r '.start_agent_script_download_url' <<< "$download_url_response") if [[ $start_agent_script_download_url == "" ]]; then echo "Failed to get agent binary download url" echo "$download_url_response" exit 1 fi cat << EOF > uninstall_deepfence.sh #!/bin/bash systemctl stop deepfence-agent.service systemctl disable deepfence-agent.service rm -f /etc/systemd/system/deepfence-agent.service rm -rf /opt/deepfence EOF echo "Uninstalling existing Deepfence agent installation, if any" chmod +x uninstall_deepfence.sh bash uninstall_deepfence.sh if [[ ! -d "/opt/deepfence" ]]; then mkdir -p /opt/deepfence /opt/deepfence/var/log/ fi architecture="" case $(uname -m) in i386) architecture="386" ;; i686) architecture="386" ;; x86_64) architecture="amd64" ;; arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;; aarch64) architecture="arm64" ;; esac echo "Detected architecture: $architecture" agent_binary_download_url=$(jq -r --arg architecture "agent_binary_${architecture}_download_url" '.[$architecture]' <<< "$download_url_response") agent_binary_filename=$(basename "$agent_binary_download_url") agent_binary_filename=$(cut -f1 -d"?" <<< "$agent_binary_filename") if [[ $agent_binary_download_url == "" || $agent_binary_filename == "" ]]; then echo "Failed to get agent binary download url" echo "$download_url_response" exit 1 fi echo "Downloading agent binary from $agent_binary_download_url to /opt/deepfence/$agent_binary_filename" curl -k -o "/opt/deepfence/$agent_binary_filename" "$agent_binary_download_url" curl -k -o /opt/deepfence/start_deepfence_agent.sh "$start_agent_script_download_url" chmod +x "/opt/deepfence/start_deepfence_agent.sh" tar -xzf "/opt/deepfence/$agent_binary_filename" -C /opt/deepfence/ echo "MGMT_CONSOLE_URL: $MGMT_CONSOLE_URL" echo "MGMT_CONSOLE_PORT: $MGMT_CONSOLE_PORT" echo "DF_HOSTNAME: $DF_HOSTNAME" echo "Installing Deepfence agent as daemon service" cat << EOF > /etc/systemd/system/deepfence-agent.service [Unit] Description=Deepfence Agent Service After=network.target [Service] Environment="MGMT_CONSOLE_URL=$MGMT_CONSOLE_URL" Environment="DEEPFENCE_KEY=$DEEPFENCE_KEY" Environment="MGMT_CONSOLE_PORT=$MGMT_CONSOLE_PORT" Environment="MGMT_CONSOLE_URL_SCHEMA=$MGMT_CONSOLE_URL_SCHEMA" Environment="DF_HOSTNAME=$(hostname)" Environment="DF_LOG_LEVEL=$DF_LOG_LEVEL" User=root Group=root Restart=on-failure Type=forking ExecStart=/opt/deepfence/start_deepfence_agent.sh WorkingDirectory=/opt/deepfence [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable deepfence-agent.service systemctl start deepfence-agent.service systemctl status deepfence-agent.service ``` -------------------------------- ### Install and Run Sensor Agents in Kubernetes Cluster Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/deploy-agent.md Use these Helm commands to add the Deepfence Helm repository, update it, and then install the agent. You must update the `deepfence_agent_values.yaml` file with your custom image details, console URL, and API key before installation. ```bash helm repo add deepfence https://artifacts.threatmapper.org/helm-charts/threatmapper helm repo update helm show values deepfence/deepfence-agent --version TM_AGENT_HELM_CHART_VERSION > deepfence_agent_values.yaml # You will need to update the following values: # image:name and image:clusterAgentImageName - change the account to point to your images # managementConsoleUrl and deepfenceKey - specify your IP and API key value vim deepfence_agent_values.yaml helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ --namespace deepfence \ --create-namespace \ --version TM_AGENT_HELM_CHART_VERSION ``` -------------------------------- ### Install OpenEBS Storage Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Installs the OpenEBS storage solution in a dedicated namespace. This is a prerequisite for the ThreatMapper console. ```shell kubectl create ns openebs helm install openebs --namespace openebs --repo "https://openebs.github.io/charts" openebs --set analytics.enabled=false ``` -------------------------------- ### Install ThreatMapper Console Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Installs the ThreatMapper Management Console using Helm. This command deploys the core console components. ```shell helm install deepfence-console deepfence/deepfence-console ``` -------------------------------- ### Install Deepfence Cloud Scanner Helm Chart Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/cloudscanner/aws.md Installs the Deepfence cloud scanner using the customized `cloud-scanner.yaml` values file. Ensure the namespace 'deepfence' exists or is created. Replace CLOUD_SCANNER_HELM_CHART_VERSION with the desired chart version. ```bash helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ --namespace deepfence \ --create-namespace \ --version CLOUD_SCANNER_HELM_CHART_VERSION ``` -------------------------------- ### Post-Installation Tasks for Management Console Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/index.md Use this to display documentation cards for tasks following the Management Console installation, excluding troubleshooting. ```mdx item.label.includes( "Installation" ) == false && item.label.includes( "Troubleshooting" ) == false )}/> ``` -------------------------------- ### Install ThreatMapper Console with Helm Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/deploy-console.md Install the ThreatMapper Console using Helm, applying your custom values file to specify your image repository and other configurations. ```bash helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console --version TM_CONSOLE_HELM_CHART_VERSION ``` -------------------------------- ### Install Deepfence Router Helm Chart Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/README.md Installs the Deepfence router Helm chart into the specified namespace. Ensure you are in the directory containing the chart. ```sh helm install router ./deepfence-router --namespace threatmapper ``` -------------------------------- ### Describe Deployment Status with Kubectl Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/eks-fargate/flask-echo-server/templates/NOTES.txt Use this command to get detailed information about the deployment in the specified namespace. ```bash kubectl describe deployment -n {{ .Values.namespace }} ``` -------------------------------- ### Install Deepfence Router with Helm Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/deploy-console.md Install the deepfence-router using Helm, applying your custom values file to specify your image repository and other configurations for enabling external access. ```bash helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router --version TM_ROUTER_HELM_CHART_VERSION ``` -------------------------------- ### Install ThreatMapper Sensor with Podman Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/sensors/docker.md Deploy the ThreatMapper sensor using Podman. This requires the Podman system service to be running. It includes similar volume mounts and environment variables as the Docker installation, with adjustments for Podman's socket path. ```bash sudo podman run -dit \ --cpus=".2" \ --name=deepfence-agent \ --restart on-failure \ --pid=host \ --net=host \ --log-driver json-file \ --log-opt max-size=50m \ --privileged=true \ -v /sys/kernel/debug:/sys/kernel/debug:rw \ -v /var/log/fenced \ -v /run/podman/podman.sock:/run/podman/podman.sock \ -v /run/systemd/:/run/systemd/ \ -v /:/fenced/mnt/host/:ro \ -e DF_LOG_LEVEL="info" \ -e CUSTOM_TAGS="" \ -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ -e http_proxy="" \ -e https_proxy="" \ -e no_proxy="" \ quay.io/deepfenceio/deepfence_agent_ce:THREATMAPPER_VERSION ``` -------------------------------- ### Configure and Use Decoder/Encoder Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/ugorji/go/codec/README.md Demonstrates how to configure Binc, Msgpack, or Cbor handles and then use them to create decoders and encoders for reading from and writing to various sources. ```go var ( bh codec.BincHandle mh codec.MsgpackHandle ch codec.CborHandle ) mh.MapType = reflect.TypeOf(map[string]interface{}(nil)) // configure extensions // e.g. for msgpack, define functions and enable Time support for tag 1 // mh.SetExt(reflect.TypeOf(time.Time{}), 1, myExt) // create and use decoder/encoder var ( r io.Reader w io.Writer b []byte h = &bh // or mh to use msgpack ) dec = codec.NewDecoder(r, h) dec = codec.NewDecoderBytes(b, h) err = dec.Decode(&v) enc = codec.NewEncoder(w, h) enc = codec.NewEncoderBytes(&b, h) err = enc.Encode(v) ``` -------------------------------- ### RPC Server Setup with go-codec Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/ugorji/go/codec/README.md Illustrates how to set up an RPC server that accepts incoming connections and uses go-codec to handle the communication, supporting different codec types like GoRpc or MsgpackSpecRpc. ```go go func() { for { conn, err := listener.Accept() rpcCodec := codec.GoRpc.ServerCodec(conn, h) //OR rpcCodec := codec.MsgpackSpecRpc.ServerCodec(conn, h) rpc.ServeCodec(rpcCodec) } }() ``` -------------------------------- ### Run Neo4j Load Setup Tool Source: https://github.com/deepfence/threatmapper/blob/release-2.5/tests/loading/neo4j-setup/filler/README.md Execute the Go program to populate Neo4j with specified amounts of data. Ensure DF_CONSOLE and DF_NEO4J_PASS environment variables are set. ```bash DF_CONSOLE=ip DF_NEO4J_PASS=pass go run ./main.go -image_num=1000 -host_num=1000 -container_num=1000 -vuln_num=1000 -aws_lambda_num=1000 ``` -------------------------------- ### RPC Client Setup with go-codec Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_agent/tools/apache/deepfence/ugorji/go/codec/README.md Shows how to establish an RPC client connection to a server and configure it with a go-codec client codec, enabling communication using either GoRpc or MsgpackSpecRpc. ```go conn, err = net.Dial("tcp", "localhost:5555") rpcCodec := codec.GoRpc.ClientCodec(conn, h) //OR rpcCodec := codec.MsgpackSpecRpc.ClientCodec(conn, h) client := rpc.NewClientWithCodec(rpcCodec) ``` -------------------------------- ### Monitor ThreatMapper Console Pods Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/kubernetes.md Watch the pods in the deepfence-console namespace to ensure they have started up correctly after installation. ```bash kubectl get pods --namespace deepfence-console -o wide -w ``` -------------------------------- ### Monitor Console Pods Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Waits for the ThreatMapper console pods to start up after installation. Use this to confirm the console is running. ```shell kubectl get pods -o wide -w ``` -------------------------------- ### Create a Basic Client Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Instantiate the Client with your console URL. This client does not handle authentication. ```python from threatmapper import Client client = Client(base_url="YOUR_CONSOLE_URL") ``` -------------------------------- ### Monitor OpenEBS Pods Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Waits for OpenEBS pods to start up after installation. Useful for verifying the storage component is ready. ```shell kubectl get pods -o wide --namespace openebs -w ``` -------------------------------- ### Connect to AKS Cluster Source: https://github.com/deepfence/threatmapper/wiki/Installing-Sensors-in-Azure-Kubernetes-Service Use this command to get the credentials for your AKS cluster. Ensure you have the Azure CLI installed and are logged in. ```bash az aks get-credentials --name MyCluster --resource-group MyResourceGroup ``` -------------------------------- ### Client Initialization Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Demonstrates how to create a basic client instance for accessing the ThreatMapper API. ```APIDOC ## Client Initialization ### Description Instantiate the `Client` class to interact with the ThreatMapper API. Replace `YOUR_CONSOLE_URL` with your actual Deepfence console URL. ### Code ```python from threatmapper import Client client = Client(base_url="YOUR_CONSOLE_URL") ``` ``` -------------------------------- ### Kubernetes: Pre-upgrade steps Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/upgrade-from-v2.1.md Copy the pre-upgrade script to the identified Neo4j pod and execute it before upgrading the release. ```bash kubectl cp -n $NAMESPACE pre-upgrade-to-v5.sh $PODNAME:/startup kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/pre-upgrade-to-v5.sh ``` -------------------------------- ### Docker: Pre-upgrade steps Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/upgrade-from-v2.1.md Copy the pre-upgrade script to the Neo4j container and execute it before upgrading the release. ```bash docker cp pre-upgrade-to-v5.sh deepfence-neo4j:/startup docker exec deepfence-neo4j /startup/pre-upgrade-to-v5.sh ``` -------------------------------- ### Install Deepfence Sensor Agents on Linux Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/sensors/linux-host.md Save this shell script to install the Deepfence sensor agents on a Linux host. Ensure a Docker runtime is installed prior to execution. ```bash #!/bin/bash ``` -------------------------------- ### Kubernetes: Post-upgrade steps Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/upgrade-from-v2.1.md After upgrading to the new release and allowing the scheduler to complete Neo4j setup, execute the post-upgrade script on the specified pod. ```bash kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/post-upgrade-to-v5.sh ``` -------------------------------- ### Install Deepfence Console with Helm v3 Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Management-Console Install the Deepfence Console using Helm v3, applying configurations from a custom values file. Ensure you have Helm v3 installed. ```shell helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console ``` -------------------------------- ### Install Deepfence Console with Helm v2 Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Management-Console Install the Deepfence Console using Helm v2, applying configurations from a custom values file. Ensure you have Helm v2 installed. ```shell helm install -f deepfence_console_values.yaml deepfence/deepfence-console --name=deepfence-console ``` -------------------------------- ### Build All Apps and Packages Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deepfence_frontend/README.md Run this command to build all applications and packages within the monorepo. ```bash pnpm run build ``` -------------------------------- ### Install Deepfence Agent in Kubernetes Cluster using Helm Source: https://github.com/deepfence/threatmapper/wiki/Deploying-Custom-Sensor-Agents These commands are for Helm-based installations in Kubernetes. You need to add the Deepfence Helm repository, show and edit the agent values, and then install the agent. ```shell helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper helm show values deepfence/deepfence-agent > deepfence_agent_values.yaml # You will need to update the following values: # image:name and image:clusterAgentImageName - change the account to point to your images # managementConsoleUrl and deepfenceKey - specify your IP and API key value vim deepfence_agent_values.yaml helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent ``` -------------------------------- ### Build Wheel Package with Poetry Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Builds a wheel (.whl) file for the client package using Poetry, which can then be installed in projects not using Poetry. ```bash poetry build -f wheel ``` -------------------------------- ### Install Wheel Package with Pip Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Installs a previously built wheel package into a Python environment using pip. ```bash pip install ``` -------------------------------- ### Describe Failing Deepfence Agent Pod Source: https://github.com/deepfence/threatmapper/wiki/Troubleshooting-Sensor-Agent-does-not-start If the agent pod is not starting, describe it to view events and identify the root cause, such as a 'MountVolume.SetUp failed' error. ```shell kubectl describe pod -n deepfence deepfence-agent-8lxng ``` -------------------------------- ### Download docker-compose.yml Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/console/docker.md Download the docker-compose.yml file to set up the ThreatMapper Management Console. ```bash wget https://github.com/deepfence/ThreatMapper/raw/release-2.5/deployment-scripts/docker-compose.yml ``` -------------------------------- ### Install Specific Tagged Release of ThreatMapper Console Source: https://github.com/deepfence/threatmapper/wiki/Installing-the-Management-Console Installs a specific tagged release of the ThreatMapper Console, recommended for production environments. ```shell helm install deepfence-console deepfence/deepfence-console --set image.tag=1.3.1 ``` -------------------------------- ### Install Deepfence Console Helm Chart Source: https://github.com/deepfence/threatmapper/blob/release-2.5/deployment-scripts/helm-charts/README.md Installs the Deepfence console Helm chart into the specified namespace. Ensure you are in the directory containing the chart. ```sh helm install console ./deepfence-console --namespace threatmapper ``` -------------------------------- ### Authenticated Client Initialization (API Key) Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Shows how to initialize an `AuthenticatedClient` using an API key for secure access to endpoints. ```APIDOC ## Authenticated Client Initialization (API Key) ### Description Use `AuthenticatedClient` for accessing protected endpoints. Obtain an API key from the User Management section in Deepfence settings. Replace `YOUR_CONSOLE_URL` and `Api Key` with your specific values. ### Code ```python from threatmapper import AuthenticatedClient client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="Api Key") ``` ``` -------------------------------- ### Initialize Client with SSL Disabled/Enabled Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Instantiate the Client with options for disabling SSL verification or specifying a custom certificate bundle. ```python client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl=False) ``` ```python client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl="/path/to/certificate_bundle.pem") ``` -------------------------------- ### Initialize Authenticated Client with SSL Verification Source: https://github.com/deepfence/threatmapper/blob/release-2.5/docs/docs/developers/python-sdk.md Instantiate an AuthenticatedClient, providing the console URL, refresh token, and a path to a certificate bundle for SSL verification. ```python client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") ```