Deploy Cyberwatch with Podman

The Podman orchestrator is available on an experimental basis. To ensure deployment stability, the Swarm orchestrator is recommended. If you have any questions or require assistance, please contact Cyberwatch support.

The Cyberwatch installation procedure requires:

• a virtual machine that meets the technical requirements for the software
• valid credentials to access the Cyberwatch software repository
• a valid license file for access to the Cyberwatch vulnerability database

The installation then proceeds as follows:

1. Connect to the server that will host the Cyberwatch application with a root or sudoer account

2. Install the software dependencies:

   • Podman version 4.9.3 or higher
   • Podman-compose version 1.5.0 or higher github/podman-compose

3. Add the Cyberwatch repositories for your distribution, then install Cyberwatch:

   For Debian-based distributions:

   sudo install -m 0755 -d /etc/apt/keyrings
   curl https://dl.cyberwatch.com/apt/APT-CYBERWATCH-GPG-KEY | sudo gpg --dearmor -o /etc/apt/keyrings/cyberwatch.gpg
   sudo chmod a+r /etc/apt/keyrings/cyberwatch.gpg
   echo "deb [signed-by=/etc/apt/keyrings/cyberwatch.gpg] https://dl.cyberwatch.com/apt any main" | sudo tee /etc/apt/sources.list.d/cyberwatch.list > /dev/null
   sudo apt update
   sudo apt install cyberwatch-podman
   

   For Red Hat based distributions:

   sudo dnf config-manager --add-repo https://dl.cyberwatch.com/rpm/cyberwatch.repo
   sudo dnf install cyberwatch-podman
   

The installation will create a cyberwatch user that is used to run containers without root access. Make sure that the cyberwatch user has access to Podman using the podman ps command and to the podman-compose command with podman-compose version.

1. Configure subuid/subgid ranges:

   To allow Podman to execute rootless container, we need to define a subuid/subgid range in the files /etc/subuid and /etc/subgid:

   # Minimal length that we need for the range: 327680.
   
   cyberwatch:100000:327680
   

   Be careful not to overlap this range with the range of another user already present in these files.

   Then validate the changes for Podman with the user cyberwatch.

   sudo su - cyberwatch -c "podman system migrate"
   

2. Configure the installation:

   sudo cyberwatch configure
   

   The installation process will ask you for a username/password combination that will allow you to access the container repositories.

   The application may take a few minutes to start up while it downloads the images and launches the containers. To monitor the status of the containers, use the following command:

   sudo cyberwatch status
   

3. When all services are in Running status, open a web browser and enter the IP address (or DNS alias) of the Cyberwatch server in HTTPS

   Since ports <1024 are privileged ports, the application is exposed by default on ports 8080 and 8443. To learn how to change this behavior, see the page Changing the ports used by the nginx container.