Views: 12
Introduction
In today’s rapidly evolving cybersecurity landscape, organizations need robust tools to test their security posture and validate their defenses. OpenBAS (Open Breach and Attack Simulation) emerges as a powerful open-source platform that enables security teams to conduct comprehensive security exercises, simulate realistic attack scenarios, and assess organizational resilience against cyber threats.
This guide will walk you through the complete installation process of OpenBAS using Docker, highlighting its capabilities and sharing real-world installation experiences to help you successfully deploy this valuable security tool.
What is OpenBAS?
OpenBAS is an open-source Breach and Attack Simulation (BAS) platform developed by Filigran, the same team behind OpenCTI (Cyber Threat Intelligence platform). It provides organizations with the ability to:
- Simulate realistic attack scenarios against their infrastructure
- Test detection and response capabilities of security teams
- Conduct tabletop exercises and crisis management simulations
- Assess security awareness through targeted phishing campaigns
- Generate comprehensive reports on organizational security posture
Key Features and Capabilities
1. Comprehensive Attack Simulation
- MITRE ATT&CK Integration: Leverages the MITRE ATT&CK framework to simulate real-world tactics, techniques, and procedures (TTPs)
- Multi-vector Attacks: Supports email, network, and endpoint-based attack simulations
- Customizable Scenarios: Create tailored attack scenarios based on your organization’s specific threat landscape
2. Security Awareness Training
- Phishing Simulations: Deploy realistic phishing campaigns to test and educate employees
- Social Engineering Tests: Simulate various social engineering attacks to assess human factor vulnerabilities
- Training Integration: Seamlessly integrate security awareness training based on simulation results
3. Crisis Management and Tabletop Exercises
- Scenario Planning: Design and execute crisis management scenarios
- Team Coordination: Test incident response procedures and team communication
- Decision Making: Evaluate decision-making processes under pressure
4. Advanced Reporting and Analytics
- Detailed Metrics: Comprehensive reporting on attack simulation results
- Performance Tracking: Monitor improvements in security posture over time
- Executive Dashboards: High-level summaries for leadership and stakeholders
5. Integration Capabilities
- SIEM Integration: Connect with Security Information and Event Management platforms
- Threat Intelligence: Leverage threat intelligence feeds for realistic attack scenarios
- API Support: Extensive API support for custom integrations and automation
Prerequisites
Before beginning the installation, ensure your system meets the following requirements:
System Requirements
- Operating System: Linux (Ubuntu 20.04+ recommended) or Docker-compatible OS
- RAM: Minimum 8GB, recommended 16GB+
- Storage: At least 50GB free disk space
- CPU: 4+ cores recommended
- Network: Internet connectivity for pulling Docker images and updates
Required Software
- Docker: Version 20.10+
- Docker Compose: Version 2.0+
- Git: For cloning the repository
Step-by-Step Installation Guide
Step 1: System Preparation
First, ensure Docker and Docker Compose are installed on your system:
<span class="line"><span style="color: #93A1A1; font-style: italic"># Install Docker (Ubuntu/Debian)</span></span>
<span class="line"><span style="color: #268BD2">curl</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-fsSL</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">https://get.docker.com</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-o</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">get-docker.sh</span></span>
<span class="line"><span style="color: #268BD2">sudo</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">sh</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">get-docker.sh</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Install Docker Compose</span></span>
<span class="line"><span style="color: #268BD2">sudo</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">apt-get</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">update</span></span>
<span class="line"><span style="color: #268BD2">sudo</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">apt-get</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">install</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">docker-compose-plugin</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Verify installations</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">--version</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">version</span></span>
<span class="line"></span>Step 2: Clone the OpenBAS Repository
<span class="line"><span style="color: #93A1A1; font-style: italic"># Clone the official OpenBAS repository</span></span>
<span class="line"><span style="color: #268BD2">git</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">clone</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">https://github.com/OpenBAS-Platform/openbas.git</span></span>
<span class="line"><span style="color: #268BD2">cd</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">openbas</span></span>
Step 3: Configure Environment Variables
Create and customize the .env file with your specific configuration:
<span class="line"><span style="color: #93A1A1; font-style: italic"># Copy the example environment file</span></span>
<span class="line"><span style="color: #268BD2">cp</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">.env.example</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">.env</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Edit the configuration file</span></span>
<span class="line"><span style="color: #268BD2">nano</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">.env</span></span>
<span class="line"></span>Critical Configuration Parameters:
<span class="line"><span style="color: #93A1A1; font-style: italic"># PostgreSQL Configuration</span></span>
<span class="line"><span style="color: #268BD2">POSTGRES_USER</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">POSTGRES_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourSecurePassword123!</span></span>
<span class="line"><span style="color: #268BD2">POSTGRES_DB</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">openbas</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Spring Database Configuration</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_URL</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">jdbc:postgresql://postgres:5432/openbas</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_USERNAME</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourSecurePassword123!</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_DRIVER_CLASS_NAME</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">org.postgresql.Driver</span></span>
<span class="line"><span style="color: #268BD2">SPRING_JPA_HIBERNATE_DDL_AUTO</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">none</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># MinIO Configuration</span></span>
<span class="line"><span style="color: #268BD2">MINIO_ROOT_USER</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">MINIO_ROOT_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourSecurePassword123!</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># RabbitMQ Configuration</span></span>
<span class="line"><span style="color: #268BD2">RABBITMQ_DEFAULT_USER</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">RABBITMQ_DEFAULT_PASS</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourSecurePassword123!</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># ElasticSearch Configuration</span></span>
<span class="line"><span style="color: #268BD2">ELASTIC_MEMORY_SIZE</span>
<span style="color: #859900">=</span>
<span style="color: #D33682">4</span>
<span style="color: #2AA198">G</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># OpenBAS General Configuration</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_BASE_URL</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">http://your-server-ip:8080</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_ADMIN_EMAIL</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">[email protected]</span>
<span style="color: #657B83"> </span>
<span style="color: #93A1A1; font-style: italic">#use a valid generic email address</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_ADMIN_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourSecurePassword123!</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_ADMIN_TOKEN</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">your-unique-uuid-token-here</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_HEALTHCHECK_KEY</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">your-healthcheck-key-here</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Email Configuration (Optional but recommended)</span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_HOST</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">your-smtp-server.com</span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_PORT</span>
<span style="color: #859900">=</span>
<span style="color: #D33682">587</span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_USERNAME</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">[email protected]</span>
<span style="color: #657B83"> </span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourEmailPassword</span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH</span>
<span style="color: #859900">=</span>
<span style="color: #B58900">true</span></span>
<span class="line"><span style="color: #268BD2">SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE</span>
<span style="color: #859900">=</span>
<span style="color: #B58900">true</span></span>
<span class="line"></span>Please use a valid generic email address. Email addresses ending with .local will be rejected because .local domains are typically reserved for local network resolution and may not pass email validation. If you don’t have a real domain, use a placeholder that passes validation (e.g., [email protected] instead of [email protected]).
Step 4: Deploy OpenBAS
Launch the OpenBAS platform using Docker Compose:
<span class="line"><span style="color: #93A1A1; font-style: italic"># Start all services</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">up</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-d</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Monitor the deployment</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">logs</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-f</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">openbas</span></span>
<span class="line"></span>Step 5: Verify Installation
Check that all services are running correctly:
<span class="line"><span style="color: #93A1A1; font-style: italic"># Check service status</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">ps</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Verify container health</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">logs</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">openbas</span>
<span style="color: #657B83"> </span>
<span style="color: #859900">|</span>
<span style="color: #657B83"> </span>
<span style="color: #268BD2">grep</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">"Started App"</span></span>
<span class="line"></span>
Common Installation Issues and Solutions
Issue 1: Database Authentication Errors
Problem: FATAL: password authentication failed for user "admin"
Solution: Ensure database credentials match between PostgreSQL and Spring configuration:
<span class="line"><span style="color: #93A1A1; font-style: italic"># These must match exactly</span></span>
<span class="line"><span style="color: #268BD2">POSTGRES_USER</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_USERNAME</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">admin</span></span>
<span class="line"><span style="color: #268BD2">POSTGRES_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourPassword</span></span>
<span class="line"><span style="color: #268BD2">SPRING_DATASOURCE_PASSWORD</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">YourPassword</span></span>
<span class="line"></span>Issue 2: Email Validation Errors
Problem: Config properties 'openbas.admin.email' should be a valid email address
Solution: Use a proper email domain (avoid .local domains):
<span class="line"><span style="color: #93A1A1; font-style: italic"># Change from:</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_ADMIN_EMAIL</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">[email protected]</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># To:</span></span>
<span class="line"><span style="color: #268BD2">OPENBAS_ADMIN_EMAIL</span>
<span style="color: #859900">=</span>
<span style="color: #2AA198">[email protected]</span></span>
<span class="line"></span>Issue 3: Container Health Check Failures
Problem: Containers marked as “unhealthy”
Solutions:
- Check available system resources (RAM, disk space)
- Verify network connectivity between containers
- Review container logs for specific error messages
- Ensure all required ports are available
Issue 4: Memory Issues
Problem: Services crashing due to insufficient memory
Solution: Adjust memory allocations in your .env file:
<span class="line"><span style="color: #268BD2">ELASTIC_MEMORY_SIZE</span>
<span style="color: #859900">=</span>
<span style="color: #D33682">2</span>
<span style="color: #2AA198">G</span>
<span style="color: #657B83"> </span>
<span style="color: #93A1A1; font-style: italic"># Reduce if system has limited RAM</span></span>
<span class="line"></span>Post-Installation Configuration
Initial Login
- Navigate to
http://your-server-ip:8080 - Login with the credentials configured in your
.envfile:- Email: Value of
OPENBAS_ADMIN_EMAIL - Password: Value of
OPENBAS_ADMIN_PASSWORD
- Email: Value of
Essential First Steps
- Change Default Passwords: Update all default passwords immediately
- Configure Email Settings: Set up SMTP for notifications and phishing simulations
- Import MITRE ATT&CK Data: Enable the MITRE ATT&CK collector for framework integration
- Create User Accounts: Set up additional user accounts for your security team
- Configure Organizations: Define your organizational structure within the platform
Best Practices for Production Deployment
Security Hardening
- Use Strong Passwords: Implement complex passwords for all services
- Enable HTTPS: Configure SSL/TLS certificates for secure communication
- Network Segmentation: Deploy OpenBAS in a dedicated network segment
- Regular Backups: Implement automated backup procedures for database and configurations
- Update Management: Establish a process for regular updates and patches
Performance Optimization
- Resource Monitoring: Monitor system resources and scale as needed
- Database Tuning: Optimize PostgreSQL configuration for your workload
- Storage Performance: Use SSD storage for better I/O performance
- Load Balancing: Consider load balancing for high-availability deployments
Maintenance Procedures
<span class="line"><span style="color: #93A1A1; font-style: italic"># Regular maintenance commands</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">down</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">system</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">prune</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-f</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">pull</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">compose</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">up</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-d</span></span>
<span class="line"></span>
<span class="line"><span style="color: #93A1A1; font-style: italic"># Backup procedures</span></span>
<span class="line"><span style="color: #268BD2">docker</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">exec</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">postgres</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">pg_dump</span>
<span style="color: #657B83"> </span>
<span style="color: #CB4B16">-U</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">admin</span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">openbas</span>
<span style="color: #657B83"> </span>
<span style="color: #859900">></span>
<span style="color: #657B83"> </span>
<span style="color: #2AA198">backup_$(</span>
<span style="color: #268BD2">date</span>
<span style="color: #2AA198"> +%Y%m%d).sql</span></span>
<span class="line"></span>Integration with Security Stack
SIEM Integration
OpenBAS can integrate with popular SIEM solutions:
- Splunk: Forward simulation logs and results
- IBM QRadar: Correlate attack simulations with real events
- Elastic SIEM: Leverage Elasticsearch integration
- Microsoft Sentinel: Connect via API for comprehensive visibility
Threat Intelligence Integration
- OpenCTI Integration: Seamless integration with OpenCTI for threat intelligence
- MISP Integration: Connect with MISP instances for threat data
- Commercial Feeds: Support for various commercial threat intelligence feeds
Use Cases and Applications
1. Red Team Exercises
- Simulate advanced persistent threats (APTs)
- Test detection capabilities across the kill chain
- Validate security control effectiveness
- Assess incident response procedures
2. Security Awareness Programs
- Conduct regular phishing simulations
- Test social engineering susceptibility
- Track improvement metrics over time
- Provide targeted training based on results
3. Compliance Testing
- Demonstrate security testing capabilities for auditors
- Validate compliance with security frameworks
- Generate reports for regulatory requirements
- Document security improvement efforts
4. Crisis Management Training
- Simulate major security incidents
- Test communication procedures
- Evaluate decision-making under pressure
- Improve coordination between teams
Measuring Success
Key Performance Indicators (KPIs)
- Detection Rate: Percentage of simulated attacks detected
- Response Time: Time to detect and respond to simulations
- False Positive Rate: Accuracy of security alerts
- User Awareness: Improvement in phishing click rates
- Process Efficiency: Incident response process improvements
Reporting and Documentation
OpenBAS provides comprehensive reporting capabilities:
- Executive summaries for leadership
- Technical details for security teams
- Trend analysis over time
- Benchmark comparisons
- Remediation recommendations
Conclusion
OpenBAS represents a significant advancement in open-source security testing tools, providing organizations with enterprise-grade breach and attack simulation capabilities without the associated licensing costs. Its comprehensive feature set, MITRE ATT&CK integration, and extensive customization options make it an invaluable tool for any security-conscious organization.
The installation process, while requiring careful attention to configuration details, is straightforward and well-documented. By following this guide and implementing the recommended best practices, you’ll have a powerful platform for testing, improving, and demonstrating your organization’s security posture.
Remember that OpenBAS is not just a tool but a platform for building a culture of continuous security improvement. Regular use of its simulation and training capabilities will help strengthen your organization’s defenses and better prepare your team for real-world threats.
Additional Resources
- Official Documentation: OpenBAS Documentation
- GitHub Repository: OpenBAS on GitHub
- Community Support: OpenBAS Community Forum
- Professional Services: Filigran Professional Services
This installation guide is based on real-world deployment experience and community feedback. For the latest updates and version-specific information, always refer to the official OpenBAS documentation.