Disable SELINUX First
1. vim /etc/selinux/config
2. Set SELINUX=disabled
3. reboot
Make directories for future use
4. mkdir -p /etc/stenographer/
5. adduser -M -U stenographer
6. mkdir -p /data/stenographer/
7. chown -R stenographer:stenographer /data/stenographer
Download Stenographer
8. dnf groupinstall "Development Tools"
9. dnf --enablerepo=powertools install snappy-devel snappy.x86_64 libseccomp-devel.x86_64 libseccomp.x86_64 libaio.x86_64 libaio-devel.x86_64 leveldb leveldb-devel.x86_64 jq rsyslog tcpdump
10. cd /usr/local/src/
11. git clone https://github.com/google/stenographer.git
Build Stenographer from Source (Install go if not installed before)
12. cd /usr/local/src/stenographer/
13. go mod init stenographer
14. go mod tidy
15. go build
16. cp stenographer /usr/bin/
17. cp stenoread /usr/bin/
18. cp stenocurl /usr/bin/
Install Stenotype
19. cd stenotype
20. make
21. cp stenotype /bin/
22. cp stenotype /usr/sbin/
23. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /bin/stenotype
24. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /usr/sbin/stenotype
Create system unit file and stenographer configuration files
25. cd ../configs/
cp systemd.conf /etc/systemd/system/stenographer.service
26. cp steno.conf /etc/stenographer/config
27. vim /etc/stenographer/config
{
"Threads": [
{ "PacketsDirectory": "/data/stenographer/thread0/packets/directory"
, "IndexDirectory": "/data/stenographer/thread0/index/directory"
, "MaxDirectoryFiles": 30000
, "DiskFreePercentage": 70
}
]
, "StenotypePath": "/usr/bin/stenotype"
, "Interface": "enp0s3"
, "Port": 4321
, "Host": "192.168.0.147"
, "Flags": ["-vv", "--seccomp=none"]
, "CertPath": "/etc/stenographer/certs"
}
Create SSL keys for stenographer
cd /usr/local/src/stenographer
./stenokeys.sh
not its time to start the Service
systemctl start stenographer
systemctl status stenographer
make test, if the stenographer is working or not
stenoread 'port 22 and after 1m ago'
Use the following method to find the required data
stenoread '( host 192.168.0.184 and port 14795) and (host 192.168.0.132 and port 5060 ) or ( host 192.168.0.132 and port 5060) and (host 192.168.0.110 and port 51410 ) or ( host 192.168.0.110 and port 20004) or ( host 192.168.0.132 and port 37622) or ( host 192.168.0.132 and port 37672) or ( host 192.168.0.184 and port 10400) and after 2024-08-28T06:29:52Z and before 2024-08-28T06:40:21Z' -w /home/hrhashmi/call.pcap
Enjoy 😉