Versions Compared

Version Old Version 31 New Version Current
Changes made by

Mark Zuk

Yaron Bialik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Ensure both OVA files are available before beginning the installation process.

...

  1. Ensure you have created two static IP address records and two DNS names for both the Services and PostgreSQL servers.

Import and Configure the GYTPOL PostgreSQL OVA

...

  1. GYTPOL_URL:

    • Enter the DNS name of the GYTPOL server. Make sure it’s FQDN.

    • Example: gytpol-app.yourdomain.com

  2. MASTER_PASSWORD:

  3. POSTGRES_HOST:

    • Enter the IP address of the PostgreSQL VM.

    • Example: 192.168.1.100

  4. GYTPOL_ADMIN_USER_EMAIL (default):

    • Enter the email address for the first administrator user in the system.

    • Example: admin@yourdomain.com

  5. USER_MANAGEMENT_ADMIN_PASSWORD:

    • Set a password for accessing the User Management Console. (separate screen for Admin access)

    • Choose a secure and memorable password. This is a new password.

...

  1. The setup will request you to create an Initial User Password for the first user account in the system.

  • This is a new password for the first local user created in the GYTPOL_ADMIN_USER_EMAIL step (#4).

...

Wait for the installation to complete. Once finished, you should see the message: “Finished - Creating buckets” and return to the ubuntu@gytpol-services:~$ prompt.

At this point:

  1. The Access Key ID, Secret Access Key and API key will be displayed. Make sure to copy and save them, as they will be required in the next step.

    1. The Secret Access Key will be 16-32 characters long. Ensure you copy it correctly, as the SSH/console may sometimes split the string into two lines.

  2. If the API key is needed for future use (reporting, BI etc.), copy and store it securely.

  3. Run the following command to retrieve the License ID, which will also be used in the next step: sudo gyt get-license-id

...

  • Send the following details to license@gytpol.com:

    • License ID (5 characters)

    • Access Key ID

    • Secret Access Key

    • API Key

    • GYTPOL Services Server FQDN and IP address

      • FQDN for Windows sensors and IP for Linux/macOS sensors

  • The GYTPOL team will respond with the license key and sensor installation files.

...

  • Access the server using PuTTY or any other SSH client, connecting over port 12222.

  • Retrieve the S3 keys by running: sudo gyt get-s3-keys

  • Retrieve the License ID by running: sudo gyt get-license-id

  • Retrieve the API Key by running: sudo gyt get-api-key

Copying Sensor Installation Files/Packages to the Services OVA

The sensor files are provided in a ZIP format. Before copying the files, ensure you extract the sensor files into a folder.

...

  1. Copy All Sensor Installation Files:

    • Use WinSCP or the scp command (as described earlier) to transfer all sensor installation files you receive to the services OVA.

  2. Log in to the Services OVA:

    • Open the VMware console or use SSH to access the GYTPOL services server.

    • Use the credentials you configured during the setup.

  3. Run the Command for Each Sensor Installation File: sudo gyt copy-client <OS> <VERSION> <FILENAME>, for example:

Code Block
languagebash
sudo gyt copy-client linux 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.deb #for Debian
sudo gyt copy-client mac 2.4.9.18 gytpol-client_2.4.9.18-18_amd64.pkg #for macOS
sudo gyt copy-client windows 2.36.3.0 gytpolClient_x64.msi #for 64-bit Windows
sudo gyt copy-client windows 2.36.3.0 gytpolClient_x86.msi #for 32-bit Windows

...

Replace <LICENSE-FILENAME.txt> with the full path or name of the license file.

...

...

Adding SSL Certificate to GYTPOL

By default, GYTPOL will run on http if no certificate is added. https with self-signed certificate.

...

To enable HTTPSadd a personal certificate, you will need to provide SSL certificate files (.crt and .key) for the DNS domain name associated with your GYTPOL server.

  • Obtain Certificate Files:

    • Acquire an SSL certificate (.crt file) and its corresponding private key (.key file) for your DNS domain name from a trusted Certificate Authority (CA) or generate self-signed certificates for testing.

Info

If you only have a PFX or CER format certificate, please follow this guide. Once the necessary files are generated, you can proceed with the steps below.

  • Copy Certificate Files to the Services VM:

    • Use WinSCP or the scp command to transfer the .crt and .key files to the services VM.

    • Example Command: scp -P 12222 -o StrictHostKeyChecking=no /path/to/your/cert.crt /path/to/your/key.key ubuntu@<services-OVA-IP>:/home/ubuntu

...

  • Replace:

    • /path/to/your/cert.crt: Path to the .crt file on your local machine.

    • /path/to/your/key.key: Path to the .key file on your local machine.

    • <services-OVA-IP>: The IP address of the services VM.

Adding SSL Certificate to Enable HTTPS

To enable HTTPS for GYTPOL, you can add the SSL certificate directly to the services OVA by following these steps:

Steps to Add SSL Certificate

Replace the self-signed certificate with a personal SSL certificate

  1. SSH into the Services OVA:

    • Use an SSH client (e.g., terminal, PuTTY) to connect to the services OVA over port 12222.

      • Example:ssh -p 12222 ubuntu@<services-OVA-IP> (replace <services-OVA-IP> with the IP address of the services OVA).

  2. Run the Command to Add SSL Certificate:

    • Once logged in, use the sudo gyt add-ssl-certificate <CRT FILENAME> <KEY FILENAME> command to apply the certificate.

...

  1. Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
    Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

  2. Log In:

    • Use the following credentials:

      • Username: admin

      • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation (#5 in this step).

  3. After logging in, select Users from the left-hand navigation pane.

    image-20250113-092807.png

  4. Click on Add User button

    image-20250113-092843.png

  5. Select “Email Verified” and ensure that both the username and email fields are filled with valid email addresses.

    image-20250113-093006.png

  6. After creating the user, navigate to “Role Mapping” and click on “Assign Role”.

    image-20250113-093058.png

    1. Assign “gytpol”:

    image-20250113-093127.png

  7. Navigate to “Credentials” and click on “Set Password”:

    image-20250113-093216.png

  8. Enter the password and choose whether the user should be required to change it upon their first login by setting it as Temporary or not.

...

This setup will enable you to log in using Active Directory (AD) users from your domain, utilizing their email and domain password.Before connecting GYTPOL to Active Directory, ensure that all users have a valid email configured, utilizing their userPrincipalName and domain password.

Next, create a new user in your Active Directory:

  1. The user should be a regular domain user Domain User without any administrative rights.

  2. The user must be a member of the "Performance Log Users" group (this user will be used for the AD and GPO screens).

Ensure the user is configured correctly before proceeding with the AD connection.

...

  • Set the Edit Mode to READ_ONLY.

  • Enter the Users DN for the OU containing GYTPOL's allowed users.

  • For Username LDAP Attribute, enter sAMAccountName UserPrincipalName.

    image-20250114-083620.pngImage Removedimage-20250220-112113.pngImage Added

  1. Click “Save” once done.

  2. Select the provider name that was created

    image-20250220-112233.pngImage Added

  3. Select “Mappers

    image-20250220-112313.pngImage Added

  4. Select the “email” mapper

    image-20250220-112341.pngImage Added

  5. Change the “LDAP Attribute” to userPrincipalName and”Save

    image-20250220-112426.pngImage Added

Change session timeouts

  1. Open the User Management Console:

  2. Log In:

    • Use the following credentials:

      • Username: admin

      • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

  3. After logging in, navigate to Realm settings from the left-hand navigation pane and click on Sessions.

    image-20250114-092730.png

  4. Change the settings you would like to change and click the Save button

...

  1. Open the User Management Console:

  2. Log In:

    • Use the following credentials:

      • Username: admin

      • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

  3. After logging in, navigate to Identity providers

    image-20250116-110537.png

  4. Select SAML v2.0

...

  1. Enter an Alias and then copy the Redirect URI and Service provider entity ID (copy must be done after entering the alias)

...

  1. Select SAML 2.0

    image-20250116-111204.png

  2. Enter the Single sign-on URL (the Redirect URI from step 5) and the Audience URI (service provider entity ID from step 5).

    1. in Name ID format select EmailAddress

    2. in Application username select Email

      image-20250116-111536.png

  3. continue Continue with the rest of the application setup

  4. copy Copy the Metadata URL

    image-20250116-111957.png

  5. Assign the application to the users you want

...

  1. Go back to GYTPOL, paste the URL you copied in the SAML entity descriptor

    image-20250116-112239.png

  2. click Click on the Add button and you should see a success popup

    image-20250116-112512.png

  3. You should now be able to login to GYTPOL using Okta

    image-20250116-113120.png

...