LightScope Logo

LightScope

Threat intelligence based upon work supported by the U.S. National Science Foundation under Grant No. 2313998 and the University of Southern California Information Sciences Institute.

Installation Guide

Linux Installation

LightScope is available as pre-built packages for all major Linux distributions:

Debian/Ubuntu (.deb)

wget https://thelightscope.com/latest/lightscope_latest.deb && sudo apt install -v -y ./lightscope_latest.deb

ℹ️ The -v flag provides verbose output and -y automatically confirms installation. This will install all dependencies and start the LightScope service.

RHEL/Fedora/CentOS (.rpm)

wget https://thelightscope.com/latest/lightscope_latest.rpm && sudo dnf install -v -y ./lightscope_latest.rpm

ℹ️ For older systems without DNF, use: sudo yum install -y ./lightscope_latest.rpm. The -v flag shows detailed installation progress.

After Installation

  • Service Status: sudo systemctl status lightscope
  • View Logs: sudo journalctl -u lightscope -f
  • Restart Service: sudo systemctl restart lightscope
  • Find Your Database Name & Dashboard URL: sudo systemctl status lightscope - look for your dashboard URL in the Docs line!

✅ LightScope runs securely as a system service with minimal privileges.

📊 Accessing Your Dashboard: Your unique database name and dashboard URL are displayed during installation and available anytime via systemctl status:
$ sudo systemctl status lightscope
● lightscope.service - LightScope Network Security Monitor
     Docs: https://thelightscope.com
           https://thelightscope.com/tables/20250629_gvzdkbinpryhdrszsdzufpoeejxmoyhngrrjrjrxodfsuwf
Simply copy the second Docs URL (containing /tables/) to access your dashboard directly, or visit https://lightscope.isi.edu/tables to enter your database name manually.

Verifying Installation

To verify that LightScope is running correctly:

  1. Check service status: sudo systemctl status lightscope should show "active (running)"
  2. Monitor network activity: LightScope automatically captures unwanted TCP traffic on your network
  3. View logs: Use sudo journalctl -u lightscope -f to see live activity
  4. Dashboard access: Visit the Dashboard page to enter your unique database name and access your personalized threat intelligence

✅ LightScope automatically starts after installation and runs securely as a system service with minimal privileges.

How Does Installing LightScope Work?

Security was our top priority when designing LightScope's installation and operation. Here's what happens during installation:

🔒 Security-First Architecture

  • Dedicated System User: Creates a low-privilege system user called lightscope with no shell access
  • No Root Privileges: LightScope never runs as root - the service operates with minimal system privileges
  • Linux Capabilities: Instead of root access, we grant only the specific network capabilities needed:
    • CAP_NET_RAW - Raw socket access for packet capture
    • CAP_NET_ADMIN - Network interface management
    • CAP_NET_BIND_SERVICE - Bind to network services
  • Filesystem Isolation: Protected system files, isolated temporary directories, and restricted file access

⚙️ Installation Process

  1. System Dependencies: Installs required libraries (libpcap-devel, python3-devel, etc.)
  2. User Creation: Creates the lightscope system user with home directory /opt/lightscope
  3. Directory Structure: Sets up secure directories for configuration, logs, and updates
  4. Python Environment: Configures Python with network capabilities (no root needed)
  5. Systemd Service: Installs and enables the lightscope service for automatic startup
  6. Security Hardening: Applies filesystem protections and capability restrictions
  7. Service Start: Automatically starts monitoring network traffic

🛡️ Runtime Security Features

  • Privilege Separation: Runs as unprivileged lightscope user, not root
  • Minimal Attack Surface: Only network inspection capabilities, no system administration rights
  • Automatic Restart: Systemd monitors and restarts the service if needed
  • Secure Logging: All activity logged to systemd journal with proper permissions
  • Resource Limits: Built-in limits on memory, file handles, and system resources

🔄 Secure Automatic Updates

LightScope includes a secure automatic update system designed with security as the top priority:

  • Hourly Update Checks: Automatically checks for new versions every hour from https://thelightscope.com
  • Cryptographic Signatures: All updates are signed with RSA-4096 cryptographic signatures before distribution
  • Signature Verification: Every update is cryptographically verified before installation - unsigned updates are rejected
  • HTTPS-Only Downloads: All update downloads use encrypted HTTPS connections to prevent tampering
  • Public Key Pinning: The public verification key is stored locally and validated to prevent key substitution attacks
  • Backup System: Previous versions are automatically backed up before applying updates
  • Rollback Protection: If an update fails verification or causes issues, the system can rollback to the previous version
  • Update Logs: All update activity is logged to the systemd journal for audit purposes
Security Note: Updates maintain the same security model - they run as the unprivileged lightscope user and cannot modify system files outside of /opt/lightscope.

🛑 Stopping and Uninstalling LightScope

To stop LightScope temporarily:
sudo systemctl stop lightscope
To disable auto-start (but keep installed):
sudo systemctl disable lightscope
To completely uninstall LightScope:
Debian/Ubuntu:
sudo systemctl stop lightscope
sudo apt remove lightscope
sudo apt purge lightscope  # Removes config files too
RHEL/Fedora/CentOS:
sudo systemctl stop lightscope
sudo yum remove lightscope
# or: sudo dnf remove lightscope
Manual cleanup (if needed):
# Remove user and home directory
sudo userdel -r lightscope

# Clean up any remaining files
sudo rm -rf /opt/lightscope

ℹ️ The package manager handles cleanup automatically, but manual commands are provided for reference.

Troubleshooting

  • Service not starting: Check service status with sudo systemctl status lightscope
  • Permission issues: The package automatically configures proper permissions and capabilities
  • Package conflicts: If installation fails, try sudo apt update (Debian/Ubuntu) or sudo yum update (RHEL/CentOS)
  • Network issues: Ensure your firewall allows the LightScope service to monitor network traffic
  • View detailed logs: Use sudo journalctl -u lightscope -f to see real-time service logs

Need Help?

If you encounter any issues during installation or have questions about LightScope, we're here to help!

Contact Support

Email: e@alumni.usc.edu
Response Time: We typically respond within 24 hours

This material is based upon work supported by the U.S. National Science Foundation under Grant No. 2313998. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. National Science Foundation.