The easiest way to get Dalton up and running is to use Docker and Docker Compose and then run:
./start-dalton.shAll this and more are covered in the README.
This can be done almost anywhere, including the cloud. The following example shows how easy it is to get Dalton up and running in AWS from scratch.
This example uses the Amazon Linux 2 AMI.
Depending on how many Dalton Agents are running, rulesets, etc.:
- More than 8GB of storage is likely needed; configure for at least 12GB but more is recommended.
- 1GB memory will work (most of the time) but more is recommended; try at least twice that or more.
The following were done using the Amazon Linux 2 AMI on a t2.micro instance (free tier). The entire process took less than half an hour, with the bulk of the time -- just under 24 mins -- spent in Step 4 doing the initial download, build, and config of the containers.
sudo yum update -y
sudo amazon-linux-extras install docker -y
sudo usermod -a -G docker ec2-user
sudo chkconfig docker on
sudo service docker startNow, log off and log back on
sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-composesudo yum install -y git
git clone https://github.com/secureworks/dalton.git
cd dalton(edit docker-compose.yml as desired)
./start-dalton.sh