Sandfly Security

Sandfly Security Documentation

Welcome to the Sandfly Security documentation hub. Sandfly is an agentless compromise and intrusion detection system for Linux.

Sandfly automates security investigation and forensic evidence collection on Linux. Sandfly constantly searches for intruders 24 hours a day on your network without needing to load any agents on your endpoints.

Get Started

Maintenance Scripts

Maintenance Scripts

Sandfly is largely automatic and needs very little maintenance to operate. However there are some scripts included that may help you out if you need to reset some parts of Sandfly or clear out large backlogs of events if they were to happen.

Install and Upgrade Scripts

These scripts are used to install Docker or upgrade Docker images.

intall.sh - Install Sandfly server script.

install_docker_amazon.sh - Install Docker on an Amazon AMI Linux Image.

install_docker_centos.sh - Install Docker on a Centos system.

install_docker_ubuntu.sh - Install Docker on Ubuntu 17 and lower.

install_docker_ubuntu18.sh - Install Docker on Ubuntu 18 and higher.

clean_docker.sh - Used to delete all existing Docker containers prior to an upgrade. Please see the section on Upgrading Sandfly for more information

Sandfly Install Scripts

These scripts located under setup_scripts are used to install the sandfly server and SSL keys.

setup_server.sh - Used to install the base Sandfly server without SSL key generation.

setup_ssl.sh - Setup the Sandfly SSL keys (unsigned).

setup_ssl_signed.sh - Setup the Sandfly SSL keys (signed with EFF Certbot).

setup_pgp_keys.sh - Setup PGP keys for the server and node security.

setup_ssl_renew_cert.sh - Renew Certbot signed SSL keys. Optionally, you can just run setup_ssl_signed.sh again if you want a new signed key.

System Reset and Recovery Scripts

These scripts located under util_scripts and are used to reset the Sandfly system in various ways.

reset_admin_password.sh - Reset the system admin password to a random value.

reset_db_data.sh - Deletes system alarm and log data, but preserves the configuration data. Useful if you have a large number of alarms you want to purge and start again without needing to reload all your other user data.

reset_license.sh - Deletes the license key installed to blank install.

reset_system_password.sh - Resets the system password used by nodes to log into the API. This is only needed if you feel the node password has been compromised and you wish to reset it to something new. Please contact Sandfly for assistance.

Maintenance Scripts


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.