Setting up your Server

Both the Maltego CTAS as well as the iTDS servers require the same initial setup and fundamentals that are described in the following sections, the later sections describe server specific configuration.
 

Common Server Requirements


Basic Requirements

The CTAS server is an Ubuntu LTS server image (currently 14.0401). A requirement for running your own CTAS is that you have basic understanding of Linux. For more information about Ubuntu server edition please visit the site http://www.ubuntu.com/server.

VMWare

The CTAS is supplied as a VMWare image. The CTAS VMware image is downloaded from the Paterva Server Portal. If you want to use the image with other virtual machine providers (like ESXi) you’ll need to convert it using the respective converters.

Server Requirements

The virtual server requires at least 2GB of RAM, but the more the merrier (as this is a 32 bit server more than 4GB of RAM would be an overkill). This is the only real requirement in terms of hardware. Most current processors will have more than enough processing power. 25GB of disk space should be more than enough.

Logging into the server image

Once the VMWare image has been booted you can access the server with the following credentials (via the VMWare console or via SSH):

maltego / tasx

You may wish to change to the root user by typing

sudo –s

NB: Please change both the 'root' AND 'maltego', passwords on the host. This can be achieved with the 'passwd' command.

IP Addresses

By default the server is configured to use DHCP. If you want to give the server a static IP address you will need to manually set that up. Once you’ve set up an IP address you will be able to access the server via SSH.

Network Requirements

The CTAS server needs to have Internet access. The transforms running on the server will need to make connections to various services on the Internet. These include port 80, 443, 25, 53 and 3306. This list will increase in the future as more transforms are created and we recommend that you do not limit the server from making outgoing connections to the Internet. Incoming connections need only to be on TCP ports 80, 443, 8081 and from the various clients IP addresses that wish to use the server. We recommend that you firewall all incoming connections to the server apart from TCP ports 80, 443, 8081 and only from the IP addresses of client machines running the Maltego clients.

 

iTDS Server Requirements


Client side certificate

The iTDS requires that the person administrating the server need to have a client side certificate installed within their browser. You can read how to do this at the Certificate Installation page.

Network Requirements

The networking requirements for the iTDS require that Maltego clients can reach them on port 8081 (the Seed Server). The admin interface is accessible on port 443 (SSL) and will need to be open to any administrative users who wish to configure the server. Naturally the iTDS will need to speak to Transform servers (where the code lives) to be able to work correctly.

CTAS Server Requirements


Client side certificate

The CTAS also requires that you activate the server with a certificate. You can read how to do this at the Certificate Installation page.

Network Requirements

The CTAS server needs to have Internet access. The transforms running on the server will need to make connections to various services on the Internet. These include port 80, 443, 25, 53 and 3306. This list will increase in the future as more transforms are created and we recommend that you do not limit the server from making outgoing connections to the Internet.

Incoming connections need only to be on TCP ports 80, 443, 8081 and from the various clients IP addresses that wish to use the server. We recommend that you firewall all incoming connections to the server apart from TCP ports 80, 443, 8081 and only from the IP addresses of client machines running the Maltego clients. 

Bing API Key

As of February 2016 the CTAS server uses the Bing Web search API for all of the search engine transforms instead of using Yahoo BOSS API as we did in the past. If you are hosting your own internal CTAS server you will need to sign up for a Bing Web serach API key in order to use CTAS's search engine transforms. Because Maltego private servers are outside of Paterva’s control we’ve implemented a solution whereby the server administrator can use their own Bing API key with their server.

You can sign up for a Bing API key form their website here. Pricing for the Bing API can also be found on this page. Please ensure that you use the Bing Web search and not the Bing search as the pricing and functionality is different. After registering you will be supplied with a API key. Typically this looks as follows:

API: h2tIAXUgYUMhzJ6TZFH9r5K8WU8u3Ir5+pQs1aDW4aU

Adding the key to the server

SSH into the private CTAS server using the supplied credentials. Create a file in /etc/ called BingWebSearch.keys. For this you can use your favorite Unix based editor. Inside the file you want to create one line with tags that look like this:

<KEY>Bing key here</KEY>


When you are done you should save the file. You can now test your setup by running one of the Maltego search engine transforms on your CTAS server. You can use any Maltego transform that has the words [Using Search engine] in the description to test the setup. The transform will let you know if there any problems.

This might include the following:

 

Alchemy API Key

The second commercial API that the CTAS server uses for a few of its transforms is AlchemyAPI which is used for entity extraction from text documents as well as for sentiment analysis. If you are hosting your own internal CTAS server you will need to sign up for a Alchemy API key in order to use these transforms. Because Maltego private servers are outside of Paterva’s control we’ve implemented a solution whereby the server administrator can use their own Alchemy API key with their server.

You can sign up for a Alchemy API key form their website here. After registering you will be supplied with a API key that will provide you with 1000 free daily API calls after which the key will need to upgrade to a commercial API. An Alchely API key typically looks as follows:

API: 8043dd5012a56c8294e52d26248ce1f3221a2a85+pQs1aDW4aU

Adding the key to the server

To add your Alchemy API key to the CTAS server the same process can be followed as for adding your Bing Web search API key. First SSH into the private CTAS server using the supplied credentials. Create a file in /etc/ called AlchemyAPI.keys. For this you can use your favorite Unix based editor. Inside the file you want to create the line with tags that look like this:

<KEY>AlchemyAPI key here</KEY>


When you are done you should save the file and your CTAS server will be ready to run the AlchemyAPI transforms.
 

Configuring Maltego Client


The Maltego clients need to be configured to use the particular server you have configured above.

iTDS

For the iTDS server you will have manually created the seeds yourself. To discover these you simply need to copy the seed and then discover it within the Maltego client. You can read about this process on the distribution page

CTAS

The very first time the client starts up you’ll be prompted to select if you want to use the public CTAS or a private CTAS (your own server). The seed of your CTAS server will always be:

http://your_ip_address_here/REMOTETAS.xml




Enter your server’s IP address and uncheck discovering from the public server. Follow the wizard and you are good to go.

If you have an existing Maltego setup you can simply add the seed ( http://your_ip_address_here/REMOTETAS.xml ) as you do for any other seed, please see the distribution page for more information.