Netify for Debian

Requirements

If you have network switches with port mirroring capabilities, you can connect the port to a standalone Netify agent. You can install the agent on Debian on a baremetal appliance or inside a virtual machine.
Netify with Port Mirroring

You will need to install Debian on a system with at least 2 network cards:

  • Network Interface #1: used to access the operating system and Netify
  • Network Interface #2: used to ingest port mirror traffic from LAN segment 1
  • Network Interface #N: used to ingest port mirror traffic from LAN segment N (optional)

Netify should have a route to the Internet in order to send metadata to our Netify cloud engine.

Installation

Up-to-date Netify packages are maintained in our Debian repository.

If you are unsure of the version of Debian you are using, run lsb_release -a

Debian 9

apt-get update
apt-get install curl gnupg2
curl http://download.netify.ai/netify/debian/apt-gpg-key-netify.asc -o Netify.gpg
apt-key add - < Netify.gpg 
echo 'deb http://download.netify.ai/netify/debian/9.0/ /' > /etc/apt/sources.list.d/netify.list
apt-get update
apt-get -y install netifyd

Debian 10

apt-get update
apt-get install curl gnupg2
curl http://download.netify.ai/netify/debian/apt-gpg-key-netify.asc -o Netify.gpg
apt-key add - < Netify.gpg 
echo 'deb http://download.netify.ai/netify/debian/10/ /' > /etc/apt/sources.list.d/netify.list
apt-get update
apt-get -y install netifyd

Configuration

Network Configuration

You will need at least two network cards configured. Edit /etc/network/interfaces. A sample configuration is provided below for a server having 2 physical network cards. enp0s3 is being used as the control/reporting port while enp0s8 is configured to ingest mirrored flows from the switch.

allow-hotplug enp0s3
iface enp0s3 inet dhcp

auto enp0s8
iface enp0s8 inet manual
up ifconfig enp0s8 up

Reboot the server to test your configuration/network settings.

Next, edit /etc/default/netifyd to disable auto-detect of the interface roles and manually configure the interfaces to run DPI through. Again, an example is provided below.

# Netify Agent command-line options
# Copyright (C) 2016-2019 eGloo, Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
# See the netifyd(8) manual for common options.

# Auto-detect (when possible) network interface roles (yes/no)?
NETIFYD_AUTODETECT="no"

# Set desired custom options here:
# NETIFYD_EXTRA_OPTS=""

# Define internal network interfaces and if needed, corresponding network
# addresses.  Normally network addresses are discovered via Netlink but for
# cases where Netlink is unavailable or when capturing from a mirrored port,
# they should be specified as a comma-delimited list as shown below:
# NETIFYD_INTNET="eth1 eth2 eth3,192.168.0.0/24,10.0.0.0/16"
NETIFYD_INTNET="enp0s8"

# Define external network interfaces.  For PPPoE interfaces, you can optionally
# specify the associated physical ethernet interface to set the MAC address.
# NETIFYD_EXTNET="eth4 ppp0,eth5"

The final step is to enable the Netify daemon to report metadata back to the Netify Informatics cloud sink, restart the daemon and configure it to start on boot.

/usr/sbin/netifyd --enable-sink
systemctl restart netifyd
systemctl enable netifyd

Provisioning

With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent