Mongo 3.6 on Ubuntu 20.04
I'm sure the first thing you're asking yourself is why. Stubbornness is your answer. I was playing with Zeek at home (if you want to get started, check out Zeekurity Zen on Eric Ooi's page, quality stuff) and built everything on Ubuntu 20.04. I decided I wanted to add RITA to the mix. The problem is, RITA only supports Mongo 3.6 (though they say 3.7 should work). Mongo 3.6 is only supported up to Ubuntu 18.04, and no packages or repos seem to exist for 20.04.
Not one to let common sense stop me, I decided that if something wasn't intended to work, I was going to make it work. My comment on how can be found here. The below is pretty much just a copy and paste of that.
Google search for installing Mongo 3.6 on Ubuntu 20.04 led me here. Since nobody else seemed to have solved it, I was determined to get what seemed like a very bad idea working. Please don't attempt the below in a production environment. In fact, please don't attempt it in a dev or test environment. It's full of lax permissions (777 all the things!) EOL software (python2.7), and unsupported stuff (like Mongo 3.6 working on Ubuntu 20.04)
Here be dragons:
If you're still reading, then here's the TL;DR. If you're not going to build a package or repo for me, then I'll build it myself, with blackjack, and mongo! We're going to grab the Mongo 3.6 source and build it on 20.04. Quick steps:
Grab some prerequisites
apt install build-essential
apt install libboost-filesystem-dev libboost-program-options-dev libboost-system-dev libboost-thread-dev
apt install python2.7
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
python2.7 get-pip.py
Get an old mongo version, install a few more prereqs
git clone --branch v3.6 https://github.com/mongodb/mongo
cd mongo
python2.7 -m pip install -r buildscripts/requirements.txt
Build and install our old mongo, ignore all the warnings! We're already well into bad idea territory
python2.7 buildscripts/scons.py --disable-warnings-as-errors --prefix=/opt/mongo install
Mongo isn't started, service isn't created. Let's do that.
Thanks to Code Grepper for helping me get started
https://www.codegrepper.com/code-examples/whatever/Failed+to+enable+unit%3A+Unit+file+mongod.service+does+not+exist.
cd /lib/systemd/system
vim mongodb.service
[Unit]
Description=An object/document-oriented database
Documentation=man:mongod(1)
After=network.target
[Service]
User=mongodb
Group=mongodb
ExecStart=/opt/mongo/bin/mongod --quiet
[Install]
WantedBy=multi-user.target
Mongo complains if it's directory is missing, give it one. Oh, my permissions are wrong, I'll fix that!
mkdir /data
mkdir /data/db
chmod 777 /data/db
Start mongo
systemctl daemon-reload
systemctl enable mongodb.service
systemctl start mongodb.service
RITA works!
> db.version()
3.6.23-5-g1bddf8a6bd
> quit()
root@zeek:~# lsb_release -d
Description: Ubuntu 20.04.2 LTS
root@zeek:~# rita import /opt/zeek/logs/current/ test
[+] Importing [/opt/zeek/logs/current/]:
[-] Verifying log files have not been previously parsed into the target dataset ...
[-] Processing batch 1 of 1
[-] Parsing logs to: test ...
[-] Parsing /opt/zeek/logs/current/conn.log -> test
[-] Parsing /opt/zeek/logs/current/dns.log -> test
[-] Parsing /opt/zeek/logs/current/http.log -> test
[-] Parsing /opt/zeek/logs/current/ssl.log -> test
[-] Host Analysis: 757 / 757 [==================] 100 %
[-] Uconn Analysis: 796 / 796 [==================] 100 %
[-] Exploded DNS Analysis: 565 / 565 [==================] 100 %
[-] Hostname Analysis: 565 / 565 [==================] 100 %
[-] Beacon Analysis: 796 / 796 [==================] 100 %
[-] FQDN Beacon Analysis: 565 / 565 [==================] 100 %
[-] UserAgent Analysis: 3 / 3 [==================] 100 %
[-] Invalid Cert Analysis: 10 / 10 [==================] 100 %
[-] Updating blacklisted peers ...
[-] Indexing log entries ...
[-] Updating metadatabase ...
[-] Done!