Self-Hosted-GYTPOL 2.0 installation and configuration guide

OVAs Provided by the GYTPOL Team

You will receive the following 2 OVA files from the GYTPOL team to set up your environment:

1. PostgreSQL (Database) Server OVA:

   • This virtual appliance contains the pre-configured PostgreSQL database server required for storing and managing GYTPOL data.

2. GYTPOL Services (Application) Server OVA:

   • This virtual appliance contains the core GYTPOL services and application required to manage and monitor your environment.

Open

3. Ensure you have created two static IP address records and two DNS names for both the Services and PostgreSQL servers.

Import and Configure the GYTPOL PostgreSQL OVA

1. Open the VMware Console:

   • Launch the VMware vSphere Client or VMware Workstation, depending on your environment.

2. Import the GYTPOL PostgreSQL OVA:

   • Select File > Deploy OVF Template option.

   • Browse to the location of the gytpol-postgres.ova file.

   • Follow the on-screen instructions to complete the import process.

3. Post-Import Configuration:

   • Once the import is complete, locate the newly created VM in your VMware environment.

     • Edit the VM settings to ensure it meets the required specifications -
       please refer to System Requirements for Self-Hosted GYTPOL 2.0 guide.

       • Set CPUs and the Memory according to the specifications document.

       • Add another 100 GB Hard Disk (resulting in a total of 2 disks):

         • Ensure the first disk has a size of 100 GB.

         • Add a second hard disk with a size of 100 GB.

         • Verify that both disks are SSD.

Steps to Access and Initialize PostgreSQL in the VM

1. Open the Console of the PostgreSQL VM:

   • Use VMware to access the console of the VM where PostgreSQL is installed.

2. Log in to the VM:

   • Enter the following credentials to log in:

     • Username: ubuntu

     • Password: m-33W8]aiUh

       • (Optional) To change the password, follow these steps:

         • Type passwd.

         • You will be prompted to enter your current password, followed by the new password twice for confirmation.

3. Initialize PostgreSQL:

   • Once logged in, execute the following command to initialize PostgreSQL: sudo gyt postgres-init

4. Verify the Initialization:

   • Check the output to ensure PostgreSQL has been successfully initialized.

Open

Configure the Network for PostgreSQL VM

1. Follow Network Configuration Prompts:

   • When prompted during the setup process, configure the network settings for the VM.

   • You will be asked to choose between static and DHCP IP address allocation.

2. Recommendation: Use a Static IP:

   • We recommend typing ‘static’ to manually configure the IP address for better reliability and control.

   • Enter the following details:

     • IP Address: Your desired static IP.

     • Subnet Mask: As per your network configuration (e.g., /24 or 24 ).

     • Gateway: Your network gateway IP address.

     • DNS Servers: Enter your preferred DNS servers.
       If you have multiple servers, input them one at a time. When finished, type done.

3. Verify the Network Configuration:

   • Once the setup is complete, test the network connectivity:

     • Ping the configured IP from another device on the network to confirm accessibility.

     • If static, ensure the settings align with your network’s configuration to avoid IP conflicts.

Password Configuration During Setup

As part of the setup process, you will be prompted to configure two important passwords. Follow these steps carefully:

1. Wait for Password Prompts:

   • During the initialization process, the setup will ask you to provide passwords for critical components.

2. Passwords to Set:

   • PostgreSQL Master Password:

     • This password secures the PostgreSQL database and will be required for administrative tasks.

     • Choose a strong and secure password. Record it safely for future reference

3. Input the Passwords When Prompted:

   • When the setup script prompts you, type in the passwords carefully and confirm them when asked.

4. Verify the Passwords:

   • Ensure you see a confirmation message or successful setup output for each password entry.

Recommendations:

• Use a password manager to securely generate and store these credentials.

• Avoid reusing passwords from other systems for added security.

After successfully initializing the PostgreSQL server, you will see a “PostgreSQL Initialization Completed” message and be returned to the ubuntu@gytpol-postgresql:~$ prompt.

Import and Configure the GYTPOL Services OVA

1. Open the VMware Console:

   • Launch the VMware vSphere Client or VMware Workstation, depending on your environment.

2. Import the GYTPOL Services OVA:

   • Select File > Deploy OVF Template option.

   • Browse to the location of the gytpol-services.ova file.

   • Follow the on-screen instructions to complete the import process.

3. Post-Import Configuration:

   • Once the import is complete, locate the newly created VM in your VMware environment.

   • Edit the VM settings to ensure it meets the required specifications:

     • Set CPUs:

       • Assign 6 CPUs to the VM.

     • Set Memory:

       • Allocate 12 GB of RAM.

     • Add a 50 GB Hard Disk (resulting in a total of 2 disks):

       • Ensure the first disk has a size of 100 GB.

       • Add a second hard disk with a size of 50 GB.

       • Verify that both disks are SSD.

4. Power On the VM:

   • Start the VM from the VMware console.

5. Verify DNS Record:

   • Ensure the DNS record for the GYTPOL server is resolvable:

     • Use a command like nslookup <server-name> or ping <server-name> from another machine to confirm.

Access the Services VM Console

1. Open Services VM Console:

   • Switch to the console of the Services VM in VMware.

2. Log in to the Services VM:

   • Use the following credentials to access the VM:

     • Username: ubuntu

     • Password: m-33W8]aiUh

       • (Optional) To change the password, follow these steps:

         • Type passwd.

         • You will be prompted to enter your current password, followed by the new password twice for confirmation.

3. Run the command sudo gyt install

Network Configuration for the GYTPOL Services VM

1. Follow the Network Configuration Prompts:

   • During the initial setup of the GYTPOL Services VM, you will be prompted to configure the network settings.

2. Choose an IP Address Configuration:

   • We recommend selecting ‘static’ to manually configure the IP address for better reliability and control.

     • Enter the following details:

       • IP Address: Your desired static IP.

       • Subnet Mask: As per your network configuration (e.g., /24 or 24)

       • Gateway: Your network's gateway IP address.

       • DNS Servers: Enter your preferred DNS servers.
         If you have multiple servers, input them one at a time. When finished, type done.

At this stage, the GYTPOL Services server will initialize and install the required components, including Docker containers and configurations. Please wait until you see the message: “Finished - Mounting config volume.” Once this appears, you will proceed to the configuration values prompts, which are detailed in the steps below.

Providing Required Information During Setup

When prompted during the setup process, supply the following details carefully.

1. GYTPOL_URL:

   • Enter the DNS name of the GYTPOL server. Make sure it’s FQDN.

   • Example: gytpol-app.yourdomain.com

2. MASTER_PASSWORD:

   • Provide the PostgresDB Master Password created in Password Configuration During Setup section.

   • This is the administrative password for the database.

3. POSTGRES_HOST:

   • Enter the IP address of the PostgreSQL VM.

   • Example: 192.168.1.100

4. GYTPOL_ADMIN_USER_EMAIL (default):

   • Enter the email address for the first administrator user in the system.

   • Example: admin@yourdomain.com

5. USER_MANAGEMENT_ADMIN_PASSWORD:

   • Set a password for accessing the User Management Console (separate screen for Admin access)

   • Choose a secure and memorable password. This is a new password.

6. The setup will request you to create an Initial User Password for the first user account in the system.

• This is a new password for the first local user created in the GYTPOL_ADMIN_USER_EMAIL step (#4).

Wait for the installation to complete. Once finished, you should see the message: “Finished - Creating buckets” and return to the ubuntu@gytpol-services:~$ prompt.

At this point:

1. The Access Key ID, Secret Access Key and API key will be displayed. Make sure to copy and save them, as they will be required in the next step.

   1. The Secret Access Key will be 16-32 characters long. Ensure you copy it correctly, as the SSH/console may sometimes split the string into two lines.

2. If the API key is needed for future use (reporting, BI etc.), copy and store it securely.

3. Run the following command to retrieve the License ID, which will also be used in the next step: sudo gyt get-license-id

License request

• Send the following details to license@gytpol.com:

  • License ID (5 characters)

  • Access Key ID

  • Secret Access Key

  • API Key

  • GYTPOL Services Server FQDN and IP address

    • FQDN for Windows sensors and IP for Linux/macOS sensors

• The GYTPOL team will respond with the license key and sensor installation files.

If you need to retrieve the keys after the installation is complete, run the following commands.
Note: Copy-paste may not work directly in the console screen.

• Access the server using PuTTY or any other SSH client, connecting over port 12222.

• Retrieve the S3 keys by running: sudo gyt get-s3-keys

• Retrieve the License ID by running: sudo gyt get-license-id

• Retrieve the API Key by running: sudo gyt get-api-key

Copying Sensor Installation Files/Packages to the Services OVA

The sensor files are provided in a ZIP format. Before copying the files, ensure you extract the sensor files into a folder.

To transfer sensor installation files to the services OVA, you can use a file transfer tool like WinSCP (graphical interface) or the scp command (command-line). Both options connect over port 12222.

Option 1: Using WinSCP

1. Launch WinSCP and configure the connection:

   • File Protocol: SCP

   • Host name: The IP address or the Host name of the GYTPOL Services server.

   • Port: 12222

   • Username: ubuntu.

   • Password: The corresponding password.

2. Transfer Files:

   • Drag and drop the extracted sensor files from your local machine to the target directory on the GYTPOL Services server.

     Please keep the default directory as /home/ubuntu for the file transfer.

Option 2: Using scp Command (Terminal)

1. Open your terminal and use the following command:

2. Copy code example: scp -P 12222 -o StrictHostKeyChecking=no ~/Downloads/gytpol-client_2.4.9.18-18_amd64.deb ubuntu@10.60.0.103:/home/ubuntu

Options Explained:

• -P 12222: Specifies the port 12222.

• -o StrictHostKeyChecking=no: Skips the SSH host key verification for faster connections.

• ~/Downloads/gytpol-client_2.4.9.18-18_amd64.deb: Local path to the file (on macOS for example).
  Can be also c:\temp\gytpol-client_2.4.9.18-18_amd64.deb for Windows.

• ubuntu@10.60.0.103: Username and IP address of the GYTPOL Services server.

• /home/ubuntu: The destination directory on the GYTPOL Services server.

Copy and Install Sensor Files in the Services OVA

1. Copy All Sensor Installation Files:

   • Use WinSCP or the scp command (as described earlier) to transfer all sensor installation files you receive to the services OVA.

2. Log in to the Services OVA:

   • Open the VMware console or use SSH to access the GYTPOL services server.

   • Use the credentials you configured during the setup.

3. Run the Command for Each Sensor Installation File: sudo gyt copy-client <OS> <VERSION> <FILENAME>, for example:

Finalizing Sensor Setup

1. Generate Sensor Links:

   • Run the following command in the GYTPOL Services server to generate sensor links in the GYTPOL UI: sudo kubectl create job --from cj/gytpol-analyzer-periodic-client-signer-cj signer-job -n gytpol

2. Alternatively, Wait:

   • If you do not run the command, the system will automatically generate sensor links within 30 minutes.

3. Access GYTPOL:

   Once the sensor links are available, you can start using GYTPOL through the configured interface.

Installing the License for GYTPOL

Installing the License:

Once you receive the license file from the GYTPOL team, upload it to the services VM using WinSCP or the scp command: sudo gyt install-license <LICENSE-FILENAME.txt>

Replace <LICENSE-FILENAME.txt> with the full path or name of the license file.

Adding SSL Certificate to GYTPOL

By default, GYTPOL will run on https with self-signed certificate.

To add a personal certificate, you will need to provide SSL certificate files (.crt and .key) for the DNS domain name associated with your GYTPOL server.

• Obtain Certificate Files:

  • Acquire an SSL certificate (.crt file) and its corresponding private key (.key file) for your DNS domain name from a trusted Certificate Authority (CA) or generate self-signed certificates for testing.

• Copy Certificate Files to the Services VM:

  • Use WinSCP or the scp command to transfer the .crt and .key files to the services VM.

  • Example Command: scp -P 12222 -o StrictHostKeyChecking=no /path/to/your/cert.crt /path/to/your/key.key ubuntu@<services-OVA-IP>:/home/ubuntu

• Replace:

  • /path/to/your/cert.crt: Path to the .crt file on your local machine.

  • /path/to/your/key.key: Path to the .key file on your local machine.

  • <services-OVA-IP>: The IP address of the services VM.

Replace the self-signed certificate with a personal SSL certificate

1. SSH into the Services OVA:

   • Use an SSH client (e.g., terminal, PuTTY) to connect to the services OVA over port 12222.

     • Example:ssh -p 12222 ubuntu@<services-OVA-IP> (replace <services-OVA-IP> with the IP address of the services OVA).

2. Run the Command to Add SSL Certificate:

   • Once logged in, use the sudo gyt add-ssl-certificate <CRT FILENAME> <KEY FILENAME> command to apply the certificate.

• Replace:

  • <CRT FILENAME>: The full path or name of the .crt file you uploaded.

  • <KEY FILENAME>: The full path or name of the .key file you uploaded.

Restart Services:

• The command will automatically restart the necessary services to apply the certificate.

Access the GYTPOL UI:

• After adding the SSL certificate, you can access the GYTPOL UI securely using HTTPS.

Adding Local Users in GYTPOL

Follow these steps to add users to the GYTPOL system:

1. Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
   Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

2. Log In:

   • Use the following credentials:

     • Username: admin

     • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation (#5 in this step).

3. After logging in, select Users from the left-hand navigation pane.

4. Click on Add User button

    

5. Select “Email Verified” and ensure that both the username and email fields are filled with valid email addresses.

    

6. After creating the user, navigate to “Role Mapping” and click on “Assign Role”.

   7. Assign “gytpol”:

    

7. Navigate to “Credentials” and click on “Set Password”:

8. Enter the password and choose whether the user should be required to change it upon their first login by setting it as Temporary or not.

Resetting user password

Follow these steps to add users to the GYTPOL system:

1. Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
   Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

2. Log In:

   • Use the following credentials:

     • Username: admin

     • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

3. After logging in, select Users from the left-hand navigation pane.

4. Select the user, navigate to Credentials, and click the “Reset Password” button.

Connecting GYTPOL to Active Directory

This setup will enable you to log in using Active Directory (AD) users from your domain, utilizing their userPrincipalName and domain password.

Next, create a new user in your Active Directory:

1. The user should be a regular Domain User without any administrative rights.

2. The user must be a member of the "Performance Log Users" group (this user will be used for the AD and GPO screens).

Ensure the user is configured correctly before proceeding with the AD connection.

1. Open the User Management Console:

   • Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
     Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

2. Log In:

   • Use the following credentials:

     • Username: admin

     • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

3. After logging in, navigate to User Federation from the left-hand navigation pane and click on Add LDAP Provider.

4. On the next screen, enter the Connection URL (in ldap:// or ldaps:// format) and click the Test Connection button.

You should receive a success notification.

5. In the Bind DN field, enter the distinguished name (DN) of the account you created. This account will be used by GYTPOL to authenticate with the Active Directory (AD) server for operations such as user searches or group lookups.

   In the Bind Credentials field, enter the password for the account.

   Once you've entered the required information, click the Test Authentication button to ensure the connection is successful.

   You should receive a success notification.

    

6. In the LDAP Searching and Updating section:

• Set the Edit Mode to READ_ONLY.

• Enter the Users DN for the OU containing GYTPOL's allowed users.

• For Username LDAP Attribute, enter UserPrincipalName.

   

7. Click “Save” once done.

8. Select the provider name that was created

9. Select “Mappers”

10. Select the “email” mapper

     

11. Change the “LDAP Attribute” to userPrincipalName and”Save”

Change session timeouts

1. Open the User Management Console:

   • Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
     Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

2. Log In:

   • Use the following credentials:

     • Username: admin

     • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

3. After logging in, navigate to Realm settings from the left-hand navigation pane and click on Sessions.

4. Change the settings you would like to change and click the Save button

Connecting GYTPOL to Okta

1. Open the User Management Console:

   • Open a web browser and navigate to https://<gytpol-services-dns>:9093/admin
     Replace <gytpol-services-dns> with the DNS name of your GYTPOL services.

2. Log In:

   • Use the following credentials:

     • Username: admin

     • Password: The password configured as USER_MANAGEMENT_ADMIN_PASSWORD during installation.

3. After logging in, navigate to Identity providers

4. Select SAML v2.0

5. Enter an Alias and then copy the Redirect URI and Service provider entity ID (copy must be done after entering the alias)

6. Keep this window open and go to Okta and click Create App Integration

7. Select SAML 2.0

8. Enter the Single sign-on URL (the Redirect URI from step 5) and the Audience URI (service provider entity ID from step 5).

   1. in Name ID format select EmailAddress

   2. in Application username select Email

       

9. Continue with the rest of the application setup

10. Copy the Metadata URL

11. Assign the application to the users you want

12. Go back to GYTPOL, paste the URL you copied in the SAML entity descriptor

     

13. Click on the Add button and you should see a success popup

     

14. You should now be able to login to GYTPOL using Okta

Getting the API Key for GYTPOL User API (Optional)

To use the GYTPOL User API, you need to retrieve the API key from the services VM. Follow the steps below:

Steps to Retrieve the API Key:

1. SSH into the Services VM: ssh -p 12222 ubuntu@<services-OVA-IP>

2. Run the API Key Command: sudo gyt get-api-key