Overview Standalone deployment gives you full control over the MCRIT installation and is suitable for:
Development and testing environments
Custom deployment scenarios
Systems where Docker is not available
Performance-critical production deployments with fine-tuned configurations
This guide assumes Ubuntu as the host operating system. Adjustments may be needed for other Linux distributions or operating systems.
Prerequisites
Python 3.7 or later
pip (Python package manager)
MongoDB 5.0 or later
Git (for cloning the repository)
Sufficient system resources (4GB+ RAM recommended)
Installation Steps
Install Python dependencies
Install Python and pip: sudo apt install python3 python3-pip
Clone MCRIT repository
git clone https://github.com/danielplohmann/mcrit.git cd mcrit
Install MCRIT dependencies
pip install -r requirements.txt
For development installation (editable mode):
Install and configure MongoDB
Follow the MongoDB installation steps in the next section.
Start MCRIT services
Start the server and worker processes as described in the Operation section.
MongoDB Installation MongoDB 5.0 is the default and recommended backend for persistent data storage.
Ubuntu 22.04 (Jammy)
Install MongoDB signing key
sudo apt-get install gnupg wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
Add MongoDB repository
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
Install MongoDB
sudo apt-get update sudo apt-get install -y mongodb-org
Start MongoDB service
sudo systemctl start mongod
Enable MongoDB to start on system boot: sudo systemctl enable mongod
Ubuntu 20.04 (Focal) sudo apt-get install gnupg wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list sudo apt-get update sudo apt-get install -y mongodb-org sudo systemctl start mongod sudo systemctl enable mongod
Ubuntu 18.04 (Bionic) sudo apt-get install gnupg wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list sudo apt-get update sudo apt-get install -y mongodb-org sudo systemctl start mongod sudo systemctl enable mongod
Verify MongoDB Installation sudo systemctl status mongod mongo --eval 'db.runCommand({ connectionStatus: 1 })'
Operation MCRIT consists of two main components that work together:
MCRIT Server The server provides the REST API interface for client interactions.
Start the server: By default, the server listens on http://127.0.0.1:8000/.
Using Gunicorn (Linux only, recommended for production): Gunicorn provides better performance for production deployments on Linux systems.
The server uses waitress as the default WSGI server on Windows and when Gunicorn is not available.
MCRIT Worker Workers process queued jobs such as sample analysis, matching, and hash generation.
Start a worker: Start a spawning worker (for better memory management): Spawning workers execute jobs in separate child processes, which helps reduce memory allocation issues. Child processes are terminated after the timeout configured in QUEUE_SPAWNINGWORKER_CHILDREN_TIMEOUT (default: 3600 seconds).
Running Multiple Workers For improved performance, run multiple workers in separate terminals or as separate services:
# Terminal 1 mcrit worker # Terminal 2 mcrit worker # Terminal 3 mcrit worker
Systemd Service Configuration For production deployments, configure MCRIT to run as systemd services.
MCRIT Server Service Create /etc/systemd/system/mcrit-server.service:
[Unit] Description =MCRIT Server After =network.target mongodb.service Requires =mongodb.service [Service] Type =simple User =mcrit Group =mcrit WorkingDirectory =/opt/mcrit Environment = "PATH=/opt/mcrit/venv/bin" ExecStart =/opt/mcrit/venv/bin/mcrit server --gunicorn Restart =on-failure RestartSec =10 StandardOutput =journal StandardError =journal SyslogIdentifier =mcrit-server # Security settings NoNewPrivileges =true PrivateTmp =true ProtectSystem =strict ProtectHome =true ReadWritePaths =/opt/mcrit/data [Install] WantedBy =multi-user.target
MCRIT Worker Service Create /etc/systemd/system/[email protected] :
[Unit] Description =MCRIT Worker %i After =network.target mongodb.service mcrit-server.service Requires =mongodb.service Wants =mcrit-server.service [Service] Type =simple User =mcrit Group =mcrit WorkingDirectory =/opt/mcrit Environment = "PATH=/opt/mcrit/venv/bin" ExecStart =/opt/mcrit/venv/bin/mcrit worker Restart =on-failure RestartSec =10 StandardOutput =journal StandardError =journal SyslogIdentifier =mcrit-worker-%i # Security settings NoNewPrivileges =true PrivateTmp =true ProtectSystem =strict ProtectHome =true ReadWritePaths =/opt/mcrit/data [Install] WantedBy =multi-user.target
Enable and Start Services # Reload systemd configuration sudo systemctl daemon-reload # Enable services to start on boot sudo systemctl enable mcrit-server sudo systemctl enable mcrit-worker@1 sudo systemctl enable mcrit-worker@2 # Start services sudo systemctl start mcrit-server sudo systemctl start mcrit-worker@1 sudo systemctl start mcrit-worker@2 # Check status sudo systemctl status mcrit-server sudo systemctl status mcrit-worker@1
View Service Logs # Server logs sudo journalctl -u mcrit-server -f # Worker logs sudo journalctl -u mcrit-worker@1 -f # All MCRIT services sudo journalctl -u 'mcrit-*' -f
Firewall Configuration Configure firewall rules to secure your MCRIT deployment.
UFW (Uncomplicated Firewall) # Allow SSH (if needed) sudo ufw allow 22/tcp # Allow MCRIT API (from specific IPs or networks) sudo ufw allow from 192.168.1.0/24 to any port 8000 # Or allow from any IP (not recommended for production) sudo ufw allow 8000/tcp # Block MongoDB from external access sudo ufw deny 27017/tcp # Enable firewall sudo ufw enable
iptables # Allow MCRIT API from specific network sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 8000 -j ACCEPT # Block MongoDB from external access sudo iptables -A INPUT -p tcp --dport 27017 -j DROP # Save rules sudo netfilter-persistent save
Never expose MongoDB port 27017 to the internet without proper authentication and encryption.
Network Considerations Binding to Specific Interfaces By default, the MCRIT server listens on all interfaces (0.0.0.0:8000). To restrict to localhost only, modify the server configuration or use a reverse proxy.
Using a Reverse Proxy For production deployments, use nginx or Apache as a reverse proxy:
nginx configuration example: server { listen 80 ; server_name mcrit.example.com; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $ host ; proxy_set_header X-Real-IP $ remote_addr ; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $ scheme ; # Timeout for long-running requests proxy_read_timeout 300s ; proxy_connect_timeout 75s ; } }
SSL/TLS Configuration For secure communications, configure SSL/TLS on your reverse proxy:
server { listen 443 ssl http2; server_name mcrit.example.com; ssl_certificate /etc/ssl/certs/mcrit.crt; ssl_certificate_key /etc/ssl/private/mcrit.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://127.0.0.1:8000; # ... proxy settings ... } }
User and Permissions Setup Create a dedicated user for running MCRIT:
# Create mcrit user sudo useradd -r -s /bin/bash -d /opt/mcrit mcrit # Create directories sudo mkdir -p /opt/mcrit/{data,logs} # Set ownership sudo chown -R mcrit:mcrit /opt/mcrit # Install MCRIT as the mcrit user sudo -u mcrit bash cd /opt/mcrit python3 -m venv venv source venv/bin/activate pip install mcrit
Offline Operation After initial installation, MCRIT can operate without an internet connection:
# Install all dependencies pip install -r requirements.txt # Install MCRIT pip install -e . # Verify offline capability # Disconnect from internet and test mcrit server
Troubleshooting
Check if port 8000 is already in use: sudo netstat -tulpn | grep 8000
Verify MongoDB is running: sudo systemctl status mongod
Check server logs for errors.
Worker not connecting to MongoDB
Verify MongoDB connectivity: mongo --host 127.0.0.1 --port 27017
Check MongoDB authentication settings if enabled. Ensure the worker has the correct configuration in the environment or config files.
Ensure the MCRIT user has proper permissions: sudo chown -R mcrit:mcrit /opt/mcrit
Check SELinux status if applicable: Next Steps 