https://wiki.ixheim.de/index.php?action=history&feed=atom&title=ELK_Kali_Purple_Installation 2026-06-29T12:59:49Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=ELK_Kali_Purple_Installation&diff=52829&oldid=prev 2024-04-12T10:15:14Z

<p>Die Seite wurde neu angelegt: „=Install elasticsearch= *sudo apt update &amp;&amp; sudo apt upgrade *sudo bash -c &quot;export HOSTNAME=purple.cyber.local; apt-get install elasticsearch -y&quot; &#039;&#039;&#039;take note…“</p> <p><b>Neue Seite</b></p><div>=Install elasticsearch=<br /> *sudo apt update &amp;&amp; sudo apt upgrade<br /> *sudo bash -c &quot;export HOSTNAME=purple.cyber.local; apt-get install elasticsearch -y&quot;<br /> '''take note of &quot;elastic&quot; user password'''<br /> ;Example: The generated password for the elastic built-in superuser is : '''jYu2XsCOAbI6IXicyt60'''<br /> ;Reset:<br /> &lt;pre&gt;<br /> You can complete the following actions at any time:<br /> <br /> Reset the password of the elastic built-in superuser with <br /> '/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.<br /> <br /> Generate an enrollment token for Kibana instances with <br /> '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.<br /> <br /> Generate an enrollment token for Elasticsearch nodes with <br /> '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.<br /> &lt;/pre&gt;<br /> <br /> =Convert to single-node setup (or replace fqdn name in initial_master_nodes list with IP address)=<br /> +*sudo sed -e '/cluster.initial_master_nodes/ s/^#*/#/' -i /etc/elasticsearch/elasticsearch.yml<br /> *echo &quot;discovery.type: single-node&quot; | sudo tee -a /etc/elasticsearch/elasticsearch.yml<br /> =Install Kibana=<br /> *sudo apt install kibana<br /> ==Add keys to /etc/kibana/kibana.yml==<br /> *sudo /usr/share/kibana/bin/kibana-encryption-keys generate -q<br /> ;Created Kibana keystore in /etc/kibana/kibana.keystore<br /> xpack.encryptedSavedObjects.encryptionKey: eb4257cb863d2cf1c5dc04494a2d5122<br /> xpack.reporting.encryptionKey: 82a7f97e18d6946bb81762eb4b945b93<br /> xpack.security.encryptionKey: 0c7aeeef3764088b4048d40b82409f38<br /> <br /> <br /> *echo &quot;server.host: \&quot;purple.cyber.local\&quot;&quot; | sudo tee -a /etc/kibana/kibana.yml<br /> <br /> =Anpassungen=<br /> ;Ans Ende<br /> /etc/kibana/kibana.yml<br /> server.port: 5601<br /> server.host: &quot;0.0.0.0&quot;<br /> ==Ensure kali-purple.kali.purple is only mapped to 192.168.253.5 in /etc/hosts in order to bind Kibana to that interface==<br /> *sudo systemctl enable elasticsearch kibana --now<br /> <br /> =Enroll Kibana=<br /> *sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana<br /> #open browser and navigate to http://192.168.253.5:5601 enter username=elastic and password as displayed after installation paste token from above<br /> *sudo /usr/share/kibana/bin/kibana-verification-code<br /> #enter verification code into Kibana when prompted<br /> <br /> =Enable HTTPS for Kibana=<br /> *sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca<br /> *sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns purple.cyber.local,elastic.cyber.local,purple --out kibana-server.p12<br /> *sudo openssl pkcs12 -in /usr/share/elasticsearch/elastic-stack-ca.p12 -clcerts -nokeys -out /etc/kibana/kibana-server_ca.crt<br /> *sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.crt -clcerts -nokeys<br /> *sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.key -nocerts -nodes<br /> *sudo chown root:kibana /etc/kibana/kibana-server_ca.crt<br /> *sudo chown root:kibana /etc/kibana/kibana-server.key<br /> *sudo chown root:kibana /etc/kibana/kibana-server.crt<br /> *sudo chmod 660 /etc/kibana/kibana-server_ca.crt<br /> *sudo chmod 660 /etc/kibana/kibana-server.key<br /> *sudo chmod 660 /etc/kibana/kibana-server.crt<br /> <br /> *echo &quot;server.ssl.enabled: true&quot; | sudo tee -a /etc/kibana/kibana.yml<br /> *echo &quot;server.ssl.certificate: /etc/kibana/kibana-server.crt&quot; | sudo tee -a /etc/kibana/kibana.yml<br /> *echo &quot;server.ssl.key: /etc/kibana/kibana-server.key&quot; | sudo tee -a /etc/kibana/kibana.yml<br /> *echo &quot;server.publicBaseUrl: \&quot;https://purple.cyber.local:5601\&quot;&quot; | sudo tee -a /etc/kibana/kibana.yml<br /> <br /> *sudo /usr/share/kibana/bin/kibana-encryption-keys generate<br /> #Copy the generated keys into /etc/kibana/kibana.yml<br /> <br /> *sudo systemctl restart kibana<br /> <br /> =Links=<br /> *https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/301_31:-Elastic-Stack-Installation</div>

Thomas.will