SHARE
TWEET

Untitled

a guest Sep 15th, 2019 96 in 148 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. ELK installation  Sept 2019
  3.  
  4.  
  5. ## Snortbox ##
  6. # Move to home dir
  7. cd
  8. # Get package from Inside-SRV
  9. wget http://10.10.2.13/debs/elasticsearch-7.3.1-amd64.deb
  10.  
  11. # Install it
  12. sudo dpkg -i elasticsearch-7.3.1-amd64.deb
  13.  
  14. # Install JDK
  15. sudo apt install default-jdk
  16.  
  17. Confirm additional disk space usage
  18. (screenshot)
  19.  
  20. Edit /etc/elasticsearch/elasticsearch.yml
  21. uncomment network.host and change to "localhost"
  22. (screenshot)
  23.  
  24. #Start it
  25. sudo systemctl start elasticsearch
  26.  
  27. No feedback from the system.  To check, open a browser and navigate to localhost:9200
  28. (screenshot)
  29.  
  30. #Enable on startup
  31. sudo systemctl enable elasticsearch
  32.  
  33. #Next is kibana
  34. # Get package
  35. wget http://10.10.2.13/debs/kibana-7.3.2-amd64.deb
  36.  
  37. #Install it
  38. sudo dpkg -i kibana-7.3.2-amd64.deb
  39.  
  40.  
  41.  
  42.  
  43.  
  44. #Start it
  45. systemctl start kibana
  46.  
  47. #Enable on startup
  48. systemctl enable kibana
  49.  
  50. #Next we need to setup Nginx to serve the Kibana dashboard.  This is because Kibana is configured only to listen on localhost.  To allow external access we need to setup an nginx reverse proxy.
  51.  
  52. #First, create a kibana user and a password and put it in the Nginx htpasswd.users file
  53. # This command will prompt you for a password, enter "password" (without quotes), it will then ask you to type it again.
  54.  
  55. (screenshot)
  56. sudo echo "kibanaadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
  57.  
  58. # Next you will need to direct the Nginx traffic to the Kibana application.
  59. # The necessary code has been provided. To install it first download the code block to the Snort host.  You should still be in your home directory.
  60.  
  61. cd
  62. wget http://10.10.2.13/debs/kibana-nginx.txt
  63.  
  64. #Then copy the code to the Nginx sites-available folder
  65. sudo cp ./kibana-nginx.txt /etc/nginx/sites-available
  66.  
  67. #Then create a simlink to this file in the sites-enabled folder
  68. sudo ln -s /etc/nginx/sites-enabled/localhost /etc/nginx/sites-available/localhost
  69.  
  70. # Now test your nginx configuration
  71. sudo nginx -t
  72. #The test should resturn as successful
  73.  
  74. #Restart nginx to enable the config
  75. sudo systemctl restart nginx
  76.  
  77. #Finally you must update your host firewall to allow access to Nginx
  78. sudo ufw allow 'Nginx Full'
  79.  
  80.  
  81.  
  82.  
  83.  
  84. #According to the web page thsere is some stuff that needs to be created in /etc/nginx/sites-available.  Those instructions aren't in the ones left by Dennis.
  85.  
  86.  
  87. #Logstash
  88. #Get package
  89. wget http://10.10.2.13/debs/logstash-7.3.2.deb
  90.  
  91. #Install it
  92. sudo dpkg -i logstash-7.3.2.deb
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top