{"id":1205,"date":"2021-10-06T11:58:39","date_gmt":"2021-10-06T09:58:39","guid":{"rendered":"https:\/\/ndk.sytes.net\/wordpress\/?p=1205"},"modified":"2021-10-06T11:58:39","modified_gmt":"2021-10-06T09:58:39","slug":"set-up-parsedmarc-elasticsearch-kibana-and-nginx-on-freebsd-13","status":"publish","type":"post","link":"https:\/\/ndk.sytes.net\/wordpress\/?p=1205","title":{"rendered":"Set up ParseDMARC, Elasticsearch, Kibana and NGINX on FreeBSD 13"},"content":{"rendered":"\n

ParseDMARC is an open-source, self-hosted DMARC report analyzer. To generate visualized data, ParseDMARC relies on Elasticsearch and Kibana, both of which are RAM hungry in the default configuration. Elasticsearch is written in JAVA and JVM’s RAM usage can be configured in \/usr\/local\/etc\/elasticsearch\/jvm.options<\/p>\n\n\n\n

Installing ParseDMARC and GeoIP<\/h2>\n\n\n\n

Please following commands:<\/p>\n\n\n\n

# pkg install python38-pip geoipupdate<\/pre>\n\n\n\n
Maxmind, the creator of the widely used GeoIP database requires you to create an account and get an API key to update the local installed database. Please go to https:\/\/www.maxmind.com\/en\/home<\/a> in order to create your account.<\/p>\n\n\n\n
As ParseDMARC is a python module, please install it with:<\/p>\n\n\n\n
# pip install parsedmarc<\/pre>\n\n\n\n
Installing Elasticsearch and Kibana<\/h2>\n\n\n\n
Simply use following install commands:<\/p>\n\n\n\n
# pkg install elasticsearch kibana7<\/pre>\n\n\n\n
After installation adopt your RAM usage in the \/usr\/local\/etc\/elasticsearch\/jvm.options file, right at the top.<\/p>\n\n\n\n
Now let’s make the two start at boot time:<\/p>\n\n\n\n
# sysrc elasticsearch_enable=\"YES\"\n# sysrc kibana_enable=\"YES\"<\/pre>\n\n\n\n
and start them right away:<\/p>\n\n\n\n
# service elasticsearch start\n# service kibana start<\/pre>\n\n\n\n
Installing NginX<\/h2>\n\n\n\n
# pkg install nginx<\/pre>\n\n\n\n
After installation you need to proxy pass to the kibana interface. Change \/usr\/local\/etc\/nginx\/nginx.conf:<\/p>\n\n\n\n
...\nlocation \/ {\n    proxy_pass http:\/\/127.0.0.1:5601;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n}\n...<\/pre>\n\n\n\n
Find the line “location \/” and replace the content with the above lines.<\/p>\n\n\n\n
Now start nginx at boot and immediately:<\/p>\n\n\n\n
# sysrc nginx_enable=\"YES\"\n# service nginx start<\/pre>\n\n\n\n
Configuring ParseDMARC<\/h2>\n\n\n\n
Create following config \/usr\/local\/etc\/parsedmarc.ini<\/p>\n\n\n\n
[general]\n# Save aggregate and forensic reports to Elasticsearch\nsave_aggregate = True\nsave_forensic = True\n\n[imap]\n# Log into the DMARC report email address and download data.\nhost = mail.yourdomain.com\nport = 993\nssl = True\nuser = dmarc@yourdomain.com\npassword = your_password_here\nwatch = False\n\n[elasticsearch]\n# Send data to Elastichsearch, which listens on port 9200.\nhosts = 127.0.0.1:9200\nssl = False\n\n[smtp]\n# For sending email\nhost = mail.yourdomain.com\nport = 587\nssl = True\nuser = dmarc@yourdomain.com\npassword = your_password_here\nfrom = dmarc@yourdomain.com\n\n# send results to this address\nto = admin@yourdomain.com<\/pre>\n\n\n\n
and run the script:<\/p>\n\n\n\n
parsedmarc -c \/usr\/local\/etc\/parsedmarc.ini<\/p>\n\n\n\n
WARNING: the specified inbox will be emptied when the script is running! Be aware.<\/strong><\/p>\n\n\n\n
Configuring geoipupdate<\/h2>\n\n\n\n
As stated at the beginning of this tutorial, pleaase create a Maxmind account to get an account ID and API key. Now edit \/usr\/local\/etc\/GeoIP.conf and your personal datat in there and run:<\/p>\n\n\n\n
# geoipupdate -v<\/pre>\n\n\n\n
Keeping data up to date<\/h2>\n\n\n\n
Last but not least, you need to create cron jobs for updating DMARC data and the GeoIP database. Please refer to the CRON documentation on FreeBSD<\/a> for that purpose.<\/p>\n","protected":false},"excerpt":{"rendered":"
ParseDMARC is an open-source, self-hosted DMARC report analyzer. To generate visualized data, ParseDMARC relies on Elasticsearch and Kibana, both of which are RAM hungry in the default configuration. Elasticsearch is written in JAVA and JVM’s RAM usage can be configured in \/usr\/local\/etc\/elasticsearch\/jvm.options Installing ParseDMARC and GeoIP Please following commands: # pkg install python38-pip geoipupdate Maxmind, the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,7],"tags":[],"class_list":["post-1205","post","type-post","status-publish","format-standard","hentry","category-linuxunix","category-servers"],"_links":{"self":[{"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1205"}],"version-history":[{"count":1,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1205\/revisions"}],"predecessor-version":[{"id":1206,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1205\/revisions\/1206"}],"wp:attachment":[{"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ndk.sytes.net\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}