Elasticsearch/kibana: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 6: | Zeile 6: | ||
*sudo sed -e '/cluster.initial_master_nodes/ s/^#*/#/' -i /etc/elasticsearch/elasticsearch.yml | *sudo sed -e '/cluster.initial_master_nodes/ s/^#*/#/' -i /etc/elasticsearch/elasticsearch.yml | ||
*echo "discovery.type: single-node" | sudo tee -a /etc/elasticsearch/elasticsearch.yml | *echo "discovery.type: single-node" | sudo tee -a /etc/elasticsearch/elasticsearch.yml | ||
| + | =Install Kibana= | ||
| + | *sudo apt install kibana | ||
| + | *sudo apt install kibana | ||
| + | *sudo /usr/share/kibana/bin/kibana-encryption-keys generate -q | ||
| + | ==Add keys to /etc/kibana/kibana.yml== | ||
| + | *echo "server.host: \"kali-purple.kali.purple\"" | sudo tee -a /etc/kibana/kibana.yml | ||
| + | ==Ensure kali-purple.kali.purple is only mapped to 192.168.253.5 in /etc/hosts in order to bind Kibana to that interface== | ||
| + | *sudo systemctl enable elasticsearch kibana --now | ||
| + | =Enroll Kibana= | ||
| + | *sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana | ||
| + | open browser and navigate to http://192.168.253.5:5601 enter username=elastic and password as displayed after installation paste token from above | ||
| + | *sudo /usr/share/kibana/bin/kibana-verification-code | ||
| + | enter verification code into Kibana when prompted | ||
| + | =Enable HTTPS for Kibana= | ||
| + | *sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca | ||
| + | *sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns kali-purple.kali.purple,elastic.kali.purple,kali-purple --out kibana-server.p12 | ||
| + | *sudo openssl pkcs12 -in /usr/share/elasticsearch/elastic-stack-ca.p12 -clcerts -nokeys -out /etc/kibana/kibana-server_ca.crt | ||
| + | *sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.crt -clcerts -nokeys | ||
| + | *sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.key -nocerts -nodes | ||
| + | *sudo chown root:kibana /etc/kibana/kibana-server_ca.crt | ||
| + | *sudo chown root:kibana /etc/kibana/kibana-server.key | ||
| + | *sudo chown root:kibana /etc/kibana/kibana-server.crt | ||
| + | *sudo chmod 660 /etc/kibana/kibana-server_ca.crt | ||
| + | *sudo chmod 660 /etc/kibana/kibana-server.key | ||
| + | *sudo chmod 660 /etc/kibana/kibana-server.crt | ||
| + | |||
| + | *echo "server.ssl.enabled: true" | sudo tee -a /etc/kibana/kibana.yml | ||
| + | *echo "server.ssl.certificate: /etc/kibana/kibana-server.crt" | sudo tee -a /etc/kibana/kibana.yml | ||
| + | *echo "server.ssl.key: /etc/kibana/kibana-server.key" | sudo tee -a /etc/kibana/kibana.yml | ||
| + | *echo "server.publicBaseUrl: \"https://kali-purple.kali.purple:5601\"" | sudo tee -a /etc/kibana/kibana.yml | ||
| + | |||
| + | *sudo /usr/share/kibana/bin/kibana-encryption-keys generate | ||
| + | Copy the generated keys into /etc/kibana/kibana.yml | ||
| + | |||
| + | *sudo systemctl restart kibana | ||
=Links= | =Links= | ||
*https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/301_31:-Elastic-Stack-Installation | *https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/301_31:-Elastic-Stack-Installation | ||
Version vom 19. Dezember 2023, 14:57 Uhr
Install elasticsearch
- sudo apt update && sudo apt upgrade
- sudo bash -c "export HOSTNAME=kali-purple.kali.purple; apt-get install elasticsearch -y"
take note of "elastic" user password
Convert to single-node setup (or replace fqdn name in initial_master_nodes list with IP address)
- sudo sed -e '/cluster.initial_master_nodes/ s/^#*/#/' -i /etc/elasticsearch/elasticsearch.yml
- echo "discovery.type: single-node" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
Install Kibana
- sudo apt install kibana
- sudo apt install kibana
- sudo /usr/share/kibana/bin/kibana-encryption-keys generate -q
Add keys to /etc/kibana/kibana.yml
- echo "server.host: \"kali-purple.kali.purple\"" | sudo tee -a /etc/kibana/kibana.yml
Ensure kali-purple.kali.purple is only mapped to 192.168.253.5 in /etc/hosts in order to bind Kibana to that interface
- sudo systemctl enable elasticsearch kibana --now
Enroll Kibana
- sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
open browser and navigate to http://192.168.253.5:5601 enter username=elastic and password as displayed after installation paste token from above
- sudo /usr/share/kibana/bin/kibana-verification-code
enter verification code into Kibana when prompted
Enable HTTPS for Kibana
- sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
- sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns kali-purple.kali.purple,elastic.kali.purple,kali-purple --out kibana-server.p12
- sudo openssl pkcs12 -in /usr/share/elasticsearch/elastic-stack-ca.p12 -clcerts -nokeys -out /etc/kibana/kibana-server_ca.crt
- sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.crt -clcerts -nokeys
- sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.key -nocerts -nodes
- sudo chown root:kibana /etc/kibana/kibana-server_ca.crt
- sudo chown root:kibana /etc/kibana/kibana-server.key
- sudo chown root:kibana /etc/kibana/kibana-server.crt
- sudo chmod 660 /etc/kibana/kibana-server_ca.crt
- sudo chmod 660 /etc/kibana/kibana-server.key
- sudo chmod 660 /etc/kibana/kibana-server.crt
- echo "server.ssl.enabled: true" | sudo tee -a /etc/kibana/kibana.yml
- echo "server.ssl.certificate: /etc/kibana/kibana-server.crt" | sudo tee -a /etc/kibana/kibana.yml
- echo "server.ssl.key: /etc/kibana/kibana-server.key" | sudo tee -a /etc/kibana/kibana.yml
- echo "server.publicBaseUrl: \"https://kali-purple.kali.purple:5601\"" | sudo tee -a /etc/kibana/kibana.yml
- sudo /usr/share/kibana/bin/kibana-encryption-keys generate
Copy the generated keys into /etc/kibana/kibana.yml
- sudo systemctl restart kibana