SELKS Minimum Requirements

• 2 cores
• 8-10 GB of free RAM
• 100GB (10 GB for Docker package) of free disk space (high-performance SSD is recommended)

Installing SELKS

SELKS can be built from the ground up on Linux, I did this when I first started learning Linux. I figured if I attempted to install each component separately I could develop my Linux skills at the same time.

SELKS ISO

You can download the latest SELKS ISO here.

For this walkthrough we will be using the “complete image with no desktop” version.

Deploying Selks

Download ISO , In this guide we will be using the ISO with no desktop and only have access to the CLI.

Install using Vmware

Create an New Virtual Machine

Choose Custom (advanced)

Click Next

Hardware Compatibility: Workstation 17.5 or later

Click Next

Choose Installer disk image file (iso):

Click Browse > Select SELKS-10-no-desktop.iso

Click Next

Guest Operating System:

Select Linux > Debian 12.x 64-bit

Click Next

Name VM:

I prefer to name the VM based on the project: SELKS (you can name this whatever you like)

Click Next

Processor Configuration: Please take note of SELKS minimum requirements (2 cores)

Memory configuration: Please take note of SELKS minimum configuration (8 – 10 GB of RAM)

Network configuration ( we will configure this later)

Select Do not use a network connection

Click Next

I/O Controller Types

Choose recommended (LSI Logic)

Click Next

Disk Type: Choose Recommended (SCSI)

Click Next

Select a Disk

Choose: Create a new virtual disk

Click Next

Disk Capacity: Please take note of the minimum requirements for SELKS (100GB)

Click Next

Specify Disk File:

Keep Default

Click Next

Ready To Create? Not yet

Click Customize Hardware:

Click On Add

Select Network Adapter

We will be choosing two of our configured adapters: PentestNet and MonitorNet

Repeat to add two separate network adapters, Your Hardware Summary will look something like this:

Click Close

Ready to Create Virtual Machine: Yes

Click Finish

We are ready to power on this VM and get started with the SELKS installation

Click on Power on this Virtual Machine

You will see the boot menu, make sure to select “Start Installer”

Press enter to boot

Choose Your preferred language

Click Continue

Select a location

Click Continue

Configure a keyboard layout

Click Continue

Configure the network:

This would be the adapter that will be used for internet access and IP of your SELKS, in my configuration ens33 is the adapter I am choosing, ens34 will be my listening interface.

Enter your preferred hostname

Click Continue

Configure domain name

Click continue

Configure Clock

Click continue

Partition Disks

Select Guided – use entire disk

Click Continue

Select Disk to use

Partitioning disk

Select All files in one partition (recommended for new users)

Click Continue

Click Finish portioning and write changes to disk

Click continue

Write changes to Disks?

Select Yes

Click Continue

Configuring the package manager:

User a network mirror?

Select Yes

Click continue

Click the mirror closest to your location

Click continue

Choose a mirror (deb.debian.org)

Click continue

If using a proxy, enter proxy or leave blank

Click continue

Install the Grub boot loader

Select Yes

Click Continue

Select the device to install grub boot loader on (/dev/sda)

Click continue

Finish the installation!

Click continue

On successful reboot you will see the login screen:

Let’s login to grab the IP address and change that default password, after all this is a security tool:

Default username:password is selks-user:selks-user

In your terminal type in the following command:

ip a

We will see both of our interfaces:

ens33 and ens34

Note down the interface IP address for ens33: 172.20.20.205

For ens34 we will see that it is down.

Lets go ahead and turn on promiscuous mode for this interface and bring this interface up.

In your terminal type in the follow commands:

sudo ip link set ens34 promisc on

sudo ip link set ens34 up

Now if we take a look at our interface we will see a change in ens34 status

Now lets change the password for selks-user:

In your terminal type the following command:

sudo passwd

enter new secure password and confirm.

This will not change the web interface selks-user password, this will only effect access to CLI and sudo

Lets move our work to powershell.

On your host machine open a new powershell window and type in the following command:

ssh [email protected] (your IP will vary)

This step does not have to be done, but it is much easier typing into a full size terminal rather than working directly in vmware.

Once we are logged back in to the terminal, we can begin to install SELKS with a few commands, SELKS can be installed using docker, this is the easiest and quickest way to getting started.

Update and upgrade packages:

sudo apt update -y && sudo apt upgrade -y

Change directory to /opt/selksd/SELKS/docker

cd /opt/selksd/SELKS/docker

ls to view contents of docker directory

Run easy setup script:

sudo ./easy-setup.sh -i ens34 –es-memory 8G –iA –restart-mode always -n

break down of the script arguments:

-i (interface that suricata will listen on)

–es-memory (elastic search memory cap) you may want to set this lower depending on how much memory you configured your VM for.

–iA (install docker docker compose and portainer automatically if not installed on system)

–restart-mode (always restart containers on system reboot)

-n ( non-interactive mode for script, will not prompt you for any other options)

Once complete we can run the following docker commands:

sudo -E docker compose pull

sudo -E docker compose up -d –force-recreate

Now lets access selks web interface!

In your preferred browser type in the ens33 interface IP address that we noted down

Note depending on the browser you will see a certificate warning:

In firefox you click Advanced > Accept the risk and Continue

Login in with username:password selks-user:selks-user

Welcome to the Selks Dashboard!

Please see my SELKS configuration guide to test and configure SELKS.