How to Install GRR on EndeavourOS

GRR is an open-source incident response framework that can automate investigations and hunt threats. In this tutorial, we will explain how to install GRR on EndeavourOS.

Prerequisites

Before starting this tutorial, you need to make sure you have installed the following prerequisites on your system:

• EndeavourOS latest version
• Python 3.7+ installed (check with python3 --version)

Step 1: Install Dependencies

First, we need to install some dependencies for GRR to work properly. Open a terminal window and enter the following commands:

sudo pacman -S python python-pip python-virtualenv build-essential python-dev libssl-dev libffi-dev libsqlite3-dev

Step 2: Create Virtual Environment

Now, we will create a virtual environment to install GRR. To create a virtual environment, enter the following commands:

mkdir ~/grr
cd ~/grr

Next, create the virtual environment and activate it:

virtualenv --python=/usr/bin/python3 grr_virtualenv
source grr_virtualenv/bin/activate

Step 3: Install GRR

With the virtual environment activated, we will now install GRR. To install GRR, enter the following commands:

pip3 install grr-response-server
pip3 install grr-response-templates

Step 4: Configure GRR

Now that we have installed GRR, we need to configure it before we can use it. To configure GRR, enter the following commands:

grr_config_updater initialize

This will create a configuration file located in ~/grr/grr-server.yaml.

Next, start the GRR console with the following command:

grr_console

Step 5: Setup GRR

Now we need to do some initial setup of GRR. In the GRR console, enter the following commands:

config WriteKey "changeme"
config AdminUI.url "http://localhost:8000"
config Server.renderer "Native"
config Server.foreman_check_frequency 60
config Server.binary_whitelist [".*/python3", ".*getent"]

disallow AllUsers # Disallow all normal users access to the console
grant Wheel AdminUI # Grant admin access to members of the wheel group

If you want to change the default password for the admin user, run the following command:

grr_console --username=admin --password=newpassword

Step 6: Starting GRR

Now we are ready to start GRR. To start GRR, open a new terminal window and enter the following commands:

cd ~/grr
source grr_virtualenv/bin/activate
grr_admin_ui &
grr_worker &
grr_server &

Conclusion

Congratulations! You have successfully installed GRR on EndeavourOS. You can now use GRR to automate incident response and threat hunting.

If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!

Alternatively, for the best virtual desktop, try Shells!