SaltMiner System Requirements
System Requirements vary depending on the number of servers and load factors. SaltMiner can be installed on a single server or distributed across multiple servers to provide data replication and better performance for larger data sets. Requirements for some typical configurations found here: https://saltminer.io/docs/system-requirements/
SaltMiner Prerequisites
- Internet access from the servers
- SSL certificate for SaltMiner
- SSL certificate for elasticsearch
- Custom DNS name (e.g. saltminer.company.com)
- SSL certificate for SaltMiner
- Access/logins to sources
- Firewall access to sources (SaaS and local)
- Local firewall configuration information if applicable (for example, only allow customer F5 IP to access SaltMiner’s nginx host)
- Shared storage (S3, etc.) for elasticsearch node snapshots
- Service account for elasticsearch that has network access to shared storage for snapshots
- SMTP email relay server information for notifications / subscriptions
- License files for non-prod and prod (to be generated by Saltworks)
OS packages required – servers must be able to access:
- nginx
- elasticsearch/kibana 8
- aspnetcore-runtime-6.0
- python 3.7 or better (recommend 3.9 or better), including matching pip
Account access
- sudo – full access for installation
- sudo – full access for post-installation support or at a minimum
- su to the service account (if it is not our access account)
- sudo systemctl
- sudo journalctl
- cron (as service account)
SaltMiner Integration Requirements Gathering
- Identify source(s) and connection details
- Sources and asset counts for each source (need for license setup as well as for sizing)
- Custom attributes (for example if SSC, which to bring into SM)
- Custom sidecar / enrichment requirements
- SaltMiner reporting requirements (custom visualizations / dashboarding)
- Pentest PDF report customizations
- Inventory asset key strategy (if any)
Default File Locations
These are the official default SaltMiner locations. Config and logging locations are separable from the main application.
If the config location is separate, we will have to let SaltMiner know how to locate its configuration. This can be accomplished with and environment variable (v2.5 and v3), a “locator” file (v3), and by passing a config path into the init for an Application in startup programs (v2.5). Both v2.5 and v3 will default to the config locations below by default if not “told” otherwise.
Linux
Elasticsearch – standards as previously documented, kibana similar:
Configuration: /etc/elasticsearch
Main config file: /etc/elasticsearch/elasticsearch.yml
Data: /var/lib/elasticsearch
Logs: /var/log/elasticsearch
Binaries: /usr/share/elasticsearch/bin
SaltMiner:
V3 Configuration: /etc/saltworks/saltminer-3.0.0 (all config files in same directory with app-specific names)
V2.5 Configuration: /etc/saltworks/saltminer-2.5.0
V3 Logging: /var/log/saltworks/saltminer-3.0.0 (all log files in same directory with app-specific names, i.e. mgr-[date].log, agent-[date].log, api-[date].log)
V2.5 Logging: /var/log/saltworks/saltminer-2.5.0
V3 Binaries: /usr/share/saltworks/saltminer-3.0.0/manager, /agent, /api
V2.5 Code: /usr/share/saltworks/saltminer-2.5.0
Custom scripting
/usr/share/saltworks/scripting
Windows
- Elasticsearch – Everything falls under c:\Elastic\elasticsearch-[version], unless data and/or logs are moved to a data drive
- Kibana – Everything falls under c:\Elastic\kibana-[version], unless logs are moved to a data drive
SaltMiner
- V3 – c:\Saltworks\SaltMiner-3.0.0\Manager, \Agent, \API
- V2.5 – c:\Saltworks\SaltMiner-2.5.0
Custom scripting:
c:\Saltworks\Scripting