The Alchemies feature introduces a powerful dynamic recipe generation system for Jibril!
New Feature!
DiscordGarnet🐈‍⬛

Systemd Service

Check out Jibril's public recipes repository at https://github.com/garnet-org/jibril-balag.

Obtain Jibril binaries

$ sudo curl -L -o /usr/bin/jibril https://bit.ly/3FLyV1x

$ sudo chmod +x /usr/bin/jibril

$ /usr/bin/jibril --version

Run Jibril as a Systemd Service

Jibril can be run as a systemd service.

This is the recommended way to run Jibril in staging/production environments. The following steps will guide you through the installation and configuration of Jibril as a systemd service.

Install the Service

To install the service, run:

$ sudo -E /usr/bin/jibril --systemd install

This command will create:

  1. /etc/systemd/system/jibril.service

  2. /etc/jibril/config.yaml

  3. /etc/jibril/netpolicy.yaml

  4. /etc/jibril/recipes/*.yaml

The systemd service will be installed, but not enabled yet.

All the recipes automatically installed in etc directory are already builtin in Jibril - with a few other private recipes. If you chose to execute Jibril with the alchemies plugin (allowing you to define your own detection recipes), make sure to have the alchemies directory configured to /etc/jibril/recipes/directory AND to have those recipes disabled in the configuration file.

Edit the Configuration File

Edit the configuration file at /etc/jibril/config.yaml. The default configuration enables Jibril with most of its plugins and the detection events.

The default configuration should be changed for production environments. It is recommended to fine-tune the configuration files to enable only the necessary plugins, printers and events.

Enable the Service

After editing the configuration file, enable the service by running:

$ sudo -E jibril --systemd enable-now

This will enable the service to start at boot time AND start the service immediately.

Check the Service Status

To check the status of the service, run:

$ sudo systemctl status jibril

Check the Logs

The varlog printer is enabled by default in the configuration file. This means that the JSON events are printed to /var/log/jibril.out, while Jibril stdout and stderr are redirected to systemd journal.

To check the logs, run:

$ sudo journalctl -u jibril

and to check the events, run:

$ sudo cat /var/log/jibril.out | jq

Disable the Service

God forbid, but if you need to disable the service, run:

$ sudo -E jibril --systemd disable-now

This will disable the service from starting at boot time AND stop the service immediately.

Last updated