Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

FAQ

Jump to bottom
Wes edited this page Jan 16, 2018 · 29 revisions

CIFv2 is Entering End of Life

CIFv2 was developed around Ubuntu14, CIFv3 has been developed against Ubuntu16. If you're just starting out, you should be test driving CIFv3:

https://github.com/csirtgadgets/bearded-avenger-deploymentkit

Table of Contents

Also see our FAQ-History

Troubleshooting CIF

See the wiki page Troubleshooting CIF.

Asking for help

if what you're looking for doesn't appear in the FAQ, here's what info we'll probably need when you log an issue or ask the list, be sure to post the relevant information:

  • [SEARCH THE MAILING LIST] (https://groups.google.com/forum/?fromgroups#!forum/ci-framework), there's a lot of good info in there.

  • steps to reproduce the problem

  • release version of your OS, and of CIF

  • your obfuscated config

  • recent apache logs as a result of the problem

  • a list of running processes that might be useful:

    $ sudo ps aux | grep cif

  • use something like Github Gists to paste the relevant information

  • BE SURE TO OBFUSCATE SENSITIVE DATA

Upgrade from v1

You cannot upgrade a v1 instance to a v2 instance but you can migrate your data from v1 to v2

Custom otypes

See cif-users thread titled CIF custom data types

DNS Warnings

  • this can be an EC2-like instance, but be ware of the network activity coming from the box, it could be flagged as malicious, check with your provider's policies
  • with post processing, these boxes make a lot of threaded DNS resolution requests, make sure you understand your operating environment and work with your network team to address high volume dns queries

DNS References

CIF Client

The 'CIF Client' bin/cif is now provided by an SDK of your choice!

Purge Database

How can I delete all the data in the ElasticSearch database but preserve my API keys?

  1. Find the massive-octo-spice git repo on your CIF server
  2. $ cd massive-octo-spice/elasticsearch
  3. $ make reload-data

Elasticsearch

Elasticsearch has a lot of moving parts- generally troubleshooting starts with checking the cluster health, and figuring out that you probably need to add more memory (up to ~32GB), or past that, new nodes:

  1. https://www.google.com/search?q=check+cluster+health
  2. https://discuss.elastic.co/t/how-to-fix-cluster-health-yellow-with-elastic-search/23484
  3. https://www.google.com/search?q=elasticsearch+add+node+to+cluster

Generally- a single node install should have the correct configuration to add new nodes, but in certain instances you may need to rebuild your cluster from scratch.

Creative Commons License

Clone this wiki locally