This guide walks through installing several components.
Installing Zeek is recommended. RITA needs Zeek logs as input so if you already have Zeek or its logs you can skip installing Zeek.
- Follow the directions at https://zeek.org/get-zeek/.
- Use the quick start guide to configure.
RITA requires Mongo for storing and processing data. The current supported version is 4.2, but anything >= 4.0.0 may work.
- Follow the MongoDB installation guide at https://docs.mongodb.com/v4.2/installation/
- Alternatively, this is a direct link to the download page. Be sure to choose version 4.2
- Ensure MongoDB is running before running RITA.
You have a few options for installing RITA.
- The main install script. You can disable Zeek and Mongo from being installed with the
--disable-zeek
and--disable-mongo
flags. - A prebuilt binary is available for download on RITA's release page. In this case you will need to download the config file from the same release and create some directories manually, as described below in the "Configuring the system" section.
- Compile RITA manually from source. See below.
In order to compile RITA manually you will need to install Golang (v1.13 or greater).
At this point you can build RITA from source code.
git clone https://github.com/activecm/rita-legacy.git
cd rita
make
(Note that you will need to havemake
installed. You can use your system's package manager to install it.)
This will yield a rita
binary in the current directory. You can use make install
to install the binary to /usr/local/bin/rita
or PREFIX=/ make install
to install to a different location (/bin/rita
in this case).
RITA requires a few directories to be created for it to function correctly.
sudo mkdir /etc/rita && sudo chmod 755 /etc/rita
sudo mkdir -p /var/lib/rita/logs && sudo chmod -R 755 /var/lib/rita
sudo chmod 777 /var/lib/rita/logs
Copy the config file from your local RITA source code.
sudo cp etc/rita.yaml /etc/rita/config.yaml && sudo chmod 666 /etc/rita/config.yaml
At this point, you can modify the config file as needed and test using the rita test-config
command. There will be empty quotes or 0's assigned to empty fields. RITA's readme has more information on changing the configuration.