Here's a quickstart guide to setting up the Nemesis platform using k3s and Helm on Debian 11. This guide will start a Nemesis server listening on the server "192.168.1.10". Change this IP to the host that you will be accessing Nemesis from. If this does not fit your installation need, see the full setup guide. This process is automated in the debian_k3s_setup.sh script, which accepts an IP as an argument.
Ensure your machine meets the following requirements:
- OS: Debian 11 LTS
- Processors: 4 cores (3 can work with adjustments)
- Memory: 16 GB RAM (minimum of 10 GB for reduced performance)
- Disk Space: 100 GB
- Architecture: x64 only
Execute the following commands to install k3s:
curl -sfL https://get.k3s.io | sh -
mkdir -p ~/.kube && sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config
export KUBECONFIG=~/.kube/config
Install Helm:
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
Install dependencies using Helm:
helm install elastic-operator eck-operator --repo https://helm.elastic.co --namespace elastic-system --create-namespace --set managedNamespaces='{default}'
Deploy the quickstart
Helm chart to configure secrets:
helm install --repo https://specterops.github.io/Nemesis/ nemesis-quickstart quickstart
Deploy the main Nemesis services:
helm install --repo https://specterops.github.io/Nemesis/ nemesis nemesis --timeout '45m' --set operation.nemesisHttpServer="https://192.168.1.10:443/"
!!! tip
Note that the nemesisHttpServer flag is being set to the accessible IP address of your server. If you are setting up Nemesis locally, you can remove the flag to set the variable. The default value for this flag is `https://127.0.0.1:443/`
Retrieve the basic authentication credentials to access the dashboard:
export BASIC_AUTH_USER=$(kubectl get secret basic-auth -o jsonpath="{.data.username}" | base64 -d)
export BASIC_AUTH_PASSWORD=$(kubectl get secret basic-auth -o jsonpath="{.data.password}" | base64 -d)
echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD}"
Once all installations and configurations are complete, open a web browser and go to: https://192.168.1.10
Enter the basic authentication credentials you retrieved earlier to access the Nemesis dashboard. Use the following credentials:
- Username: The value stored in
${BASIC_AUTH_USER}
- Password: The value stored in
${BASIC_AUTH_PASSWORD}
You should be greeted by the services page:
- Navigate to the dashboard
- Go to the "File Upload" page and upload a file for analysis