Ubuntu新机

sudo apt upgrade

sudo apt install open-vm-tools-desktop -y

sudo reboot

然后换源

cp /etc/apt/source.list /etc/apt/source.list.bak

sudo apt update

nano /etc/apt/source.list

deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse

# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse

 1.添加 Elasticsearch 仓库 

 wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch --no-check-certificate | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

 echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

sudo apt update

sudo apt install elasticsearch

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

curl http://localhost:9200

安装arkime
如果选择使用 arkime-4.3.1-1.x86_64，去别的博客看看.dep包或者rpm怎么安装

wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-20.04/arkime_3.4.2-1_amd64.deb

apt install ./arkime_3.4.2-1_amd64.deb

/opt/arkime/bin/Configure

下载ipv4-address-space.csv 和oui.txt,并复制到/opt/arkime/etc/下赋权

ipv4-address-space.csv下载地址：https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv

oui.txt下载地址：项目文件预览 - manuf:Parser library for Wireshark's OUI database. - GitCode

把manuf改名oui.txt

然后
mv ipv4-address-space.csv /opt/arkime/etc/

mv oui.txt /opt/arkime/etc/

chmod a+r /opt/arkime/etc/oui.txt
chmod a+r /opt/arkime/etc/ipv4-address-space.csv
/opt/arkime/db/db.pl http://localhost:9200 init

/opt/arkime/bin/arkime_add_user.sh admin “Admin” 1234 --admin

##用户名admin 密码1234

启动服务
systemctl start arkimecapture.service
systemctl start arkimeviewer.service
systemctl enable arkimecapture.service
systemctl enable arkimeviewer.service

访问
http://IP:8005