How to install and configure ?

Please watch demo video<< coming soon>> (For Installation and Configuration) or follow below instructions

You can run KloudDB Shield on your server by cloning repo or installing package (rpm , deb etc..) . Installing the package will automatically install all necessary dependencies

Method 1 - Cloning Repo

Clone the repo and build

git clone https://github.com/klouddb/klouddbshield
NOTE - You need to run below commands from the cloned repo location

$ go build -o ./ciscollector ./cmd/ciscollector
# Edit kshieldconfig.toml at path /etc/klouddbshield/kshieldconfig.toml 
$ ./ciscollector -r

Method 2 - Installing package

You can directly download the package from releases section of repo https://github.com/klouddb/klouddbshield/releases and install the package (for example – rpm for centos ; deb package for Ubuntu etc..) NOTE: Install the latest release only

E.g

For Ubuntu -

ciscollector_1.9_linux_amd64.deb

For Centos -

ciscollector_1.9_linux_amd64.rpm

NOTE - Scanning a large number of files may take a considerable amount of time. To expedite the process, please narrow your search to a specific time range or use wildcards to target a subset of log files

Configuration(Postgres) -

Once you install it , you need to populate the config file /etc/klouddbshield/kshieldconfig.toml in /etc/klouddbshield directory . Please fill username , dbname and password (sample entry below)

[postgres]
host="54.xxx.xxx.xx"
port="5432"
user="xxxxx"
dbname="postgres"
password="xxxxx"
maxIdleConn = 2
maxOpenConn = 2

How to execute after installing ?

Run the command "ciscollector -r " after cloning repo or installing package(Note - you need to populate /etc/klouddbshield/kshieldconfig.toml as described above)

Perform All Checks (Option 1) -

It is recommended to use Option 1 - All Postgres checks (as shown in the screenshot below). This option provides a comprehensive security report.

NOTE - Scanning a large number of files may take a considerable amount of time. To expedite the process, please narrow your search to a specific time range or use wildcards to target a subset of log files

Configuration(RDS) -

Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly. NOTE - You need to run this tool from bastion host or from some place where you have access to your RDS instances(It only needs basic aws rds describe priivs and sns read privs )

export AWS_ACCESS_KEY_ID="ASXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXX"
export AWS_REGION="XXXXXXXXX"

Configuration(MySQL) -

Once you install it , you need to populate the config file /etc/klouddbshield/kshieldconfig.toml in /etc/klouddbshield directory . Please fill username , dbname and password (sample entry below)

[mysql]
host="xxxxxxx"
port="3306"
user="xxxxx"
password="xxxxx"
maxIdleConn = 2
maxOpenConn = 2

I am trying to use this tool but running into some issues , Can you help?

Please open an issue on repo or email us at support@klouddb.io

Last updated