Elk Install

Elk Install

Ich versuche gerade, einen ELK-Server aufzusetzen, dem ich über Filebeats von Clients Loginformationen an Logstash schicken kann.


#!/bin/bash

# Ubuntu updaten,
# Pakete upgraden,
# und die Distribution auf den neuesten Stand bringen

sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get distro-upgrade -y
sudo apt install -y

# Java für den Elastic Stack installieren
# es muss die Version 1.8 (8.0) sein

sudo add-apt-repository ppa:webupd8team/java -y
sudo apt-get update
sudo apt-get install -y oracle-java8-installer

# Curl zum Testen des Stacks installieren
sudo apt install -y curl

# Netstat nachinstallieren
sudo apt install -y net-tools

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update
sudo apt-get install -y elasticsearch

# cd /etc/elasticsearch/
# sudo nano elasticsearch.yml
# bootstrap.memory_lock: true
# network.host: localhost
# http.port: 9200
# sudo nano /usr/lib/systemd/system/elasticsearch.service
# LimitMEMLOCK=infinity
# sudo nano /etc/default/elasticsearch
# MAX_LOCKED_MEMORY=unlimited

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

# netstat -plntu

# curl -XGET 'localhost:9200/_nodes?filter_path=**.mlockall&pretty'
# curl -XGET 'localhost:9200/?pretty'

sudo apt-get install -y kibana

# sudo nano /etc/kibana/kibana.yml
# server.port: 5601
# server.host: "localhost"
# elasticsearch.url: "http://localhost:9200"

sudo systemctl enable kibana
sudo systemctl start kibana

# netstat -plntu
# cd /etc/nginx/
# sudo nano sites-available/kibana

# https://www.howtoforge.com/tutorial/how-to-install-elastic-stack-on-ubuntu-16-04/

# http://elk-docker.readthedocs.io/#forwarding-logs-filebeat

# https://nakkaya.com/2009/04/15/using-netcat-for-file-transfers/

# https://null-byte.wonderhowto.com/how-to/use-cowrie-ssh-honeypot-catch-attackers-your-network-0181600/

# https://www.neontribe.co.uk/debian-virtualbox-guest-additions/

# http://www.aoakley.com/articles/2017-07-04-raspbian-x86-virtualbox.php

# https://www.raspberrypi.org/forums/viewtopic.php?t=199250

Share this post

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.