Skip to content

Installation from DockerHub

This guide provides instruction on how to install IntelMQ and it's components using Docker.

Warning

Docker installation is currently in Beta state and things might break. Consider this if you plan to use IntelMQ as a production level system.

Warning

Currently you can't manage your botnet via intelmqctl command line tool. You need to use IntelMQ-Manager currently!

The latest IntelMQ image is hosted on Docker Hub and the image build instructions are in our intelmq-docker repository.

Follow Docker Install and Docker-Compose Install instructions.

Before you start using docker-compose or any docker related tools, make sure docker is running:

# To start the docker daemon
systemctl start docker.service
# To enable the docker daemon for the future
systemctl enable docker.service

Docker with docker-compose

Now we can download IntelMQ and start the containers. Navigate to your preferred installation directory and run the following commands:

git clone https://github.com/certat/intelmq-docker.git --recursive
cd intelmq-docker
sudo docker-compose pull
sudo docker-compose up

Your installation should be successful now. You're now able to visit http://127.0.0.1:1337/ to access the intelmq-manager. You have to login with the username intelmq and the password intelmq, if you want to change the username or password, you can do this by adding the environment variables INTELMQ_API_USER for the username and INTELMQ_API_PASS for the password.

Note

If you get an Permission denied error, you should run chown -R $USER:$USER example_config

Docker without docker-compose

If not already installed, please install Docker.

Navigate to your preferred installation directory and run git clone https://github.com/certat/intelmq-docker.git --recursive.

You need to prepare some volumes & configs. Edit the left-side after -v, to change paths.

Change redis_host to a running redis-instance. Docker will resolve it automatically. All containers are connected using Docker Networks.

In order to work with your current infrastructure, you need to specify some environment variables

sudo docker pull redis:latest

sudo docker pull certat/intelmq-full:latest

sudo docker pull certat/intelmq-nginx:latest

sudo docker network create intelmq-internal

sudo docker run -v ~/intelmq/example_config/redis/redis.conf:/redis.conf \
                --network intelmq-internal \
                --name redis \
                redis:latest

sudo docker run --network intelmq-internal \
                --name nginx \
                certat/intelmq-nginx:latest

sudo docker run -e INTELMQ_IS_DOCKER="true" \
                -e INTELMQ_SOURCE_PIPELINE_BROKER: "redis" \
                -e INTELMQ_PIPELINE_BROKER: "redis" \
                -e INTELMQ_DESTIONATION_PIPELINE_BROKER: "redis" \
                -e INTELMQ_PIPELINE_HOST: redis \
                -e INTELMQ_SOURCE_PIPELINE_HOST: redis \
                -e INTELMQ_DESTINATION_PIPELINE_HOST: redis \
                -e INTELMQ_REDIS_CACHE_HOST: redis \
                -v $(pwd)/example_config/intelmq/etc/:/etc/intelmq/etc/ \
                -v $(pwd)/example_config/intelmq-api/config.json:/etc/intelmq/api-config.json \
                -v $(pwd)/intelmq_logs:/etc/intelmq/var/log \
                -v $(pwd)/intelmq_output:/etc/intelmq/var/lib/bots \
                -v ~/intelmq/lib:/etc/intelmq/var/lib \
                --network intelmq-internal \
                --name intelmq \
                certat/intelmq-full:latest

If you want to use another username and password for the intelmq-manager / api login, additionally add two new environment variables.

-e INTELMQ_API_USER: "your username"
-e INTELMQ_API_PASS: "your password"