UTMStack Installer

Operating System

This installation guide provides instructions to perform the UTMStack installation on Ubuntu 20.04 LTS.

Resources for Master

  • For non-prod environments: 4 Cores, 10 GB of RAM, 74GB Disk Space (Minimum required)
  • For 100 GB of live logs: 8 Cores, 16 GB RAM, 180 GB Disk Space
  • For 1000 GB of live logs: 16 Cores, 32 GB RAM, 1080 GB Disk Space
  • For 10000 GB of cold data and 1000GB of live logs: 16 Cores, 64 GB RAM, 11080 Disk Space
  • For 10000GB of live logs: A cluster of 10 servers with 16 Cores, 32 GB RAM, 1080GB Disk Space

Resources for Probe or Proxy server

  • 50 GB Disk Space for the system.
  • 4 Cores. (May require more cores depending on how much data is collected and the number of devices monitored)
  • 4 GB of RAM. (May require more memory depending on how much data is collected and the number of devices monitored) (The master can act as a probe if a proxy is not used)

Installation steps

Preparing for installation

  • Update packages list: sudo apt update
  • Install WGET: sudo apt install wget
  • Download the latest version of the installer by typing wget http://github.com/AtlasInsideCorp/UTMStackInstaller/releases/latest/download/installer
  • Change to root user: sudo su
  • Set execution permissions with chmod +x installer

UTMStack password requirements

  • at least 3 capital case letters.
  • at least 5 lower case letters.
  • at least 5 numbers.
  • at least 3 special characters.
  • Allowed special characters:
  •  , . _

Install using Terminal User Interface

  • Execute the installer without parameters: ./installer

Install using the parameterized mode

You can replace the markups of the next examples by real values in order to use the parameterized mode to install UTMStack Master or Probe.

  • Master: # ./installer master --db-pass "ExAmPlEpaSsWoRd"

  • Probe: # ./installer probe --db-pass "Master's DB password" --host "Master's IP or FQDN"

Once a UTMStack master server is installed, use admin as the user and admin as the password for the default user to login. Note: Use HTTPS in front of your server name or IP to access the login page.

❗ Demo Environment

To see a fully operating UTMStack environment access our demo at: https://utmstack.com/demo


If you find any errors during the installation, please check the installation log for more details:" /var/log/utm-setup.log

Firewall rules

  • Open the following input ports on the master for access from the probe/proxy.

    1194/TCP (Used to connect probe/proxy over the internet using VPN)

  • Open the following input ports on the probe/proxy for access from the master.

    9390/TCP and 8888/TCP (Used to connect with the vulnerabilities scanner)

    5000/TCP and 8000/TCP (Used to connect with the assets discovery service)

  • Open the following ports from agentless devices (firewalls, hypervisors, etc) to master or probe/proxy:

    2055/UDP (Used to send Netflow packets)

    514/UDP (Used to send syslog logs)

    514/TCP (Used to send syslog logs)

    1470/TCP (Used to send syslog logs)

    2056/TCP (Used to send syslog logs)

    8089/TCP (Used to send logs through http post)

  • Open the following ports on the master for agents communication with master or probe/proxy:

    5044/TCP (Used to send logs)

    1514-1516/TCP (Used for HIDS agent communications)

    55000/TCP (Used for HIDS management API)

    9000/TCP (Used for connect to the Agent Manager)

  • Open port 80/TCP and 443/TCP for accessing the UTMStack Web console.