Deploy Cyberwatch with Swarm (Recommended)
The setup procedure requires:
- a virtual machine compliant to the software’s technical prerequisites;
- valid credentials to access the repository of the software;
- a valid license file to access the Cyberwatch Vulnerability Database.
The procedure goes as follow:
- Connect to the machine that will host Cyberwatch with a “root” or sudoer account.
Install Docker with the official documentation
By default, Docker uses two IP addresses ranges on the host machine for communication between containers:
- 172.17.0.0/16: for the bridge network (also called docker0)
- 172.18.0.0/16: for the docker_gwbridge network
OPTIONAL: if you plan on scanning assets using IP addresses inside the default Docker IP ranges, modify the Docker IP ranges by following this procedure.
If you decide to install Docker on your own, please make sure Docker is at least in version 23.0.6.
Do not install Docker using
snap
.Install Cyberwatch:
For Debian-based distributions:
sudo install -m 0755 -d /etc/apt/keyrings curl https://dl.cyberwatch.fr/apt/APT-CYBERWATCH-GPG-KEY | sudo gpg --dearmor -o /etc/apt/keyrings/cyberwatch.gpg sudo chmod a+r /etc/apt/keyrings/cyberwatch.gpg echo "deb [signed-by=/etc/apt/keyrings/cyberwatch.gpg] https://dl.cyberwatch.fr/apt any main" | sudo tee /etc/apt/sources.list.d/cyberwatch.list > /dev/null sudo apt update sudo apt install cyberwatch
For Red Hat based distributions:
sudo dnf config-manager --add-repo https://dl.cyberwatch.fr/rpm/cyberwatch.repo sudo dnf install cyberwatch
Configure Cyberwatch:
sudo cyberwatch configure
A login and password will be prompted by the script. These credentials are available in the section Docker Credentials on the Cyberwatch license generated for you.
The first start of Cyberwatch can take few minutes because all the containers images needs to be pulled. To monitor the status of the containers, use the following command:
sudo cyberwatch status
When all the services are in the Running state, open a web browser on the IP address (or DNS alias) of the Cyberwatch server using HTTPS.
- Create the first user account and follow the installation assistant wizard, which will guide you through the following steps:
- Launch the assistant by clicking the “Start the installation” button.
- On the Instance configuration menu, configure the application URL, which will be used by agents to push scans results to Cyberwatch.
- On the same menu, upload your license file for the vulnerability database synchronization.
- Depending on your license, Cyberwatch will perform a database connection test.
- If the test passes, the next step is enabling optional features.
- The last menu should indicate that Cyberwatch is ready for use.
If you happen to not have the license or encounter any other problem, please contact support@cyberwatch.fr for any question or technical assistance.