Download & Install STINGAR Application

Before you start, enter information about your STINGAR server in the box below.

STINGAR_HOSTNAME: Do not include the https prefix.

Then follow the instructions below...

You need to be logged onto your STINGAR server: STINGAR_HOSTNAME as STINGAR_ADMIN_USER.

ssh STINGAR_ADMIN_USER@STINGAR_HOSTNAME

While logged onto this server as STINGAR_ADMIN_USER, follow the instructions below to step through the process to download STINGAR & run a script to install & configure it.

Download QuickStart Script

The STINGAR QuickStart script is available in Forewarned's public github repository. The script will prompt you for configuration specs and will then do all the work to download, install & configure your implementation of STINGAR. When done, you will be able to enter your STINGAR server hostname in a browser (https://STINGAR_HOSTNAME) to access your running implementation of STINGAR. Run the following command to download the script:

git clone https://github.com/4warned/stingar-quickstart.git stingar
cd stingar

The command above creates a directory named 'stingar' in the root directory of STINGAR_ADMIN_USER & pulls down all files needed to install STINGAR, saving them to this new 'stingar' directory.

Install Basic SSL

To implement simple SSL certification for STINGAR, you may choose to create public/private keys for STINGAR using the following commands: First, from within the stingar directory, create a 'certs' directory in which the keys will be stored.

mkdir certs
Next create the keys using the following command.
openssl req -subj /CN=STINGAR_HOSTNAME -x509 -newkey rsa:4096 -nodes -keyout certs/key.pem -out certs/cert.pem -days 365


Verify that the two expected files were created in the certs directory:

ls certs

You should find these 2 files in that directory:

  • cert.pem
  • key.pem

To install permanent certificates

See more details https://communityhoneynetwork.readthedocs.io/en/stable/certificates/

Run the QuickStart Script

At this point you should have docker, docker-compose & python3 installed on this server and the QuickStart script (file: configure_stingar.py) downloaded to the current directory.

You will need the password provided by the STINGAR team to retrieve STINGAR from the registry where the code resides. Contact the STINGAR team (info@forewarned.io) if you don't have a STINGAR Registry account or do not know your username/password for it.

Now it's just a matter of running the script and responding to the prompts:

python3 configure_stingar.py

A sample script session is shown below (Input values for a default configuration appear in blue.)

Checking if docker is installed...
Checking if docker-compose is installed...
Enter the URL where your STINGAR web app will be available. The domain must be resolvable. E.g.: sub.domain.tld or localhost/stingar. Domain: STINGAR_HOSTNAME
Please enter your SSL certificate path. [./certs]:[Return]
Do you wish to specify an alternate Docker registry? (y/n): [y][Return]
Please enter the URL for the Docker registry: [stingarregistry.azurecr.io][Return]
Please enter your Docker registry username:STINGAR_REGISTRY_USER
Please enter your Docker registry password:Enter the registry password that was provided to you by the STINGAR team (Note: The password will not display.)
Testing registry authentication...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
Authentication to stingarregistry.azurecr.io succeeded.

Do you wish to enable Syslog logging to a remote Syslog server? (y/n): [n] [Return]
If you have a Syslog server you wish indicators (IP, hash, url) from your honeypots to be logged to, answer y to this question.
If you answer y to this question, you will be presented with the follow-up question:
Please enter the URL for the remote Syslog server:

Do you wish to enable logging to a remote CIFv3 server? (y/n): [n] [Return]
If you don't know what a CIF server is, or don't have one available, answer n or hit enter.
If you have a CIF server you wish indicators (IP, hash, url) from your honeypots to be submitted to (such as the STINGAR project, answer y to this question.
If you answer y to this last question, you will be presented with three follow-up questions:
Configuring for Collective Intelligence Framework (CIF)
Please enter the URL for the remote CIF server:
Please enter the API token for the remote CIF server:
This token must have write privileges to the remote CIF instance.
Please enter a name you wish to be associated with your organization:
For more information about CIF and its configuration, please refer to our [CIF documentation](https://csirtgadgets.com/collective-intelligence-framework/).

QuickStart Script Results

Upon completion, the script should report that it has created three files:

  • stingar.env
  • nginx.conf
  • docker-compose.yml

These files define the way your instance of STINGAR appears & functions. They may be modified to add or change the behavior and appearance of your implementation of STINGAR. More detailed information about these files is available here.