CTAS Server


CTAS stands for Commercial Transform Application Server and is almost an exact copy of Paterva’s public CTAS except it can be hosted internally within your organisation. This means you can run all Paterva’s standard OSINT transforms without having your requests going over Paterva’s infrastructure.

This page will cover setting up your own internal CTAS server. Some of the sections in this guide are applicable to all Maltego servers and some sections are specific to the CTAS.

Setting up your Server

Maltego servers require some initial setup and fundamentals that are described in the following sections

Basic Requirements

Maltego servers are based on an Ubuntu LTS server image (currently 14.04.01). A requirement for running your own Maltego server is that you understand Linux. For more information about Ubuntu server edition please visit the site https://www.ubuntu.com/server.
 

Virtual Image Format

Maltego servers are delivered as virtual images that can be downloaded from your Server Portal account. They are provided in Open Virtualization Format (OVA/OVF), if you want to use the image with other virtual machine providers (like ESXi) you’ll need to convert it using the respective converters.
 

Server Requirements

The virtual server requires at least 2GB of RAM, but the more the merrier (as this is a 32-bit server more than 4GB of RAM would be an overkill). This is the only real requirement in terms of hardware. Most current processors will have more than enough processing power. 25GB of disk space should be more than enough space for the server.
 

Logging into the Server Image

Once the server image has been booted you can access the server with the following credentials (via the VMWare console or via SSH):
 
maltego / tasx
You may wish to change to the root user by typing
 
$ sudo –s
NB: Change both the passwords on the host for root and for the maltego user. This can be achieved with the 'passwd' command.

IP Addresses

By default the server is configured to use DHCP. If you want to give the server a static IP address you will need to manually set that up. Once you’ve set up an IP address you will be able to access the server via SSH.

Network Requirements

The CTAS server needs to have Internet access. The transforms running on the server will need to make connections to various services on the Internet. These include port 80, 443, 25, 53 and 3306. This list will increase in the future as more transforms are created and we recommend that you do not limit the server from making outgoing connections to the Internet.

Incoming connections need only to be on TCP ports 80, 443, 8081 and from the various clients IP addresses that wish to use the server. We recommend that you firewall all incoming connections to the server apart from TCP ports 80, 443, 8081 and only from the IP addresses of client machines running the Maltego clients.

 

Activating the Server

Your server is now ready to go – but it needs to be activated using the license certificate. Activating an iTDS, MDS or CTAS server follows a similar process.

Paterva uses client side certificates for authorisation and authentication on the MDS, CTAS and iTDS. Within the CTAS the certificates are used to activate the seed server (also called a runner). On the MDS and iTDS server the client side certificate is used with a browser to both activate and provide access to the administrative section of the web application. 

For all Maltego servers you will initially need to have your .pfx or .key certificate file on hand. This is usually provided via email but is also available on the Server Portal. Once you know the IP address of your server, browse to the interface on the server's IP address.

The first step you’d want to do is to upload the certificate file to the server. Click ‘Choose File’ then choose the certificate file from your local filesystem and click on Submit. Certificate details will be shown to you:

Next click on the ‘Activate’ button. This will move the file into the correct area and it will also restart the webserver – using this certificate. This means you might need to reload the page after a few seconds. If the certificate was good and everything went according the plan you’ll see a screen similar to this:

 

Bing API Key

In February 2017 we released a CTAS patch that adds support for Bing's new Web Search API which is now part of Microsoft's Cognitive Services. Microsoft will be dropping support for the Azure Marketplace "Bing Web Search" which is what was used previously in the CTAS server for our search engine transforms. If you are hosting your own internal CTAS server you will need to sign up for a Bing Web search API key from Microsoft's Cognitive Services to continue using CTAS's search engine transforms. Because Maltego private servers are outside of Paterva’s control we’ve implemented a solution whereby the server administrator can use their own Bing API key with their transform server.

You can sign up for a Bing API key from Micorsoft's Cognitive Services website . Pricing for the Bing Web Search API can also be found on the same page. Ensure that you use the Bing Web search and not the Bing search as the pricing and functionality is different. After registering you will be supplied with a API key. Typically, this looks as follows:

  • API: h2tIAXUgYUMhzJ6TZFH9r5K8WU8u3Ir5+pQs1aDW4aU

Adding your Bing API Key to CTAS

SSH into your private CTAS server. Create a file in /etc/ called BingWebSearch.keys. For this you can use your favorite Unix based editor. Inside the file you want to create one line with tags that look like this:

  • <KEY>Bing key here</KEY>

When you are done you should save the file. You can now test your setup by running one of the Maltego search engine transforms on your CTAS server. You can use any Maltego transform that has the words [Using Search engine] in the description to test the setup. The transform will let you know if there any problems.
 

AlchemyAPI Key

The second commercial API that the CTAS server uses for a few of its transforms is AlchemyAPI which is used for entity extraction from text documents as well as for sentiment analysis. If you are hosting your own internal CTAS server you will need to sign up for a Alchemy API key in order to use these transforms.

You can sign up for a Alchemy API key from IBM Bluemix website here. After registering you will be supplied with an API key that will provide you with 1000 free daily API calls after which the key will need to be upgraded to a commercial key. An AlchemyAPI key typically looks as follows:
 

  • API: 8043dd5012a56c8294e52d26248ce1f3221a2a85+pQs1aDW4aU

Adding your AlchemyAPI key to CTAS

To add your Alchemy API key to the CTAS server the same process can be followed as for adding your Bing Web search API key. First SSH into the private CTAS server and then create a file in /etc/ called AlchemyAPI.keys. For this you can use your favorite Unix based editor. Inside the file you want to create the line with tags that look like this:
 

  • <KEY>AlchemyAPI key here</KEY>

When you are done you should save the file and your CTAS server will be ready to run the AlchemyAPI transforms.

Configuring Maltego Client

The Maltego clients need to be configured to use the particular server you have configured above.

The very first time the client starts up you’ll be prompted to select if you want to use the public CTAS or a internal/private CTAS (your own server). The seed of your CTAS server will always be:
 

 
https://ctas_ip_address_here/REMOTETAS.xml
 

Check the Local TAS option and enter your CTAS server’s IP address as shown in the image above. If you also want to have the public transform servers installed to your Maltego client you can leave the Maltego public servers checked as well. Then click Next> and follow the wizard until the transform server is added to your Maltego client. All the transforms, entities, machines and configurations will be installed from your internal CTAS to your Maltego client and they will become available to run from the context menu when you start a new graph.

If you have already added the public CTAS server to your Maltego client and you now wish to add an internal one, this can be done from the transform hub by manually adding the seed url as another transform hub item.

Server Patches

From time to time we will issue our server patches for the Maltego server modules. These will be delivered as a .tgz file that can be downloaded from your Server Portal account.

Manual Update

To manually install new patches follow these steps:

  1. Browse to server interface over http://<ip>. You should arrive at the server landing page.
  2. Click Update Server from the top menu ribbon. 

If you received a patch file:

  1. Go to manual updates.
  2. Upload Server_update.tgz and click update.
  3. Wait for log to show update is complete 

If you want to use the automatic update:

  1. Click on 'Update Server Automatically'
  2. Wait...the server will show you a progress report.

u3.jpgUpdating process in progress

Once this is done your Maltego server will be patched.

Continue to the iTDS Server page.



© Copyright 2017, Paterva PTY Limited