Elasticsearch/logstash/kibana

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Voraussetzung

  • Installieren von Kali Purple

Update

  • apt update && apt upgrade

Checken wie der Hostname ist

  • hostname -f
purple.xinux.org

Installation von elasticsearch

  • apt install elasticsearch -y
Wir notieren das Passwort
The generated password for the elastic built-in superuser is : tMF3iXWcd*Wb-RMbE9+F

Installation von kibana

  • apt install kibana -y

kibana keystore anlegen

  • /usr/share/kibana/bin/kibana-encryption-keys generate -q

kibana ports und ip anpassen

  • echo "server.port: 5601" >> /etc/kibana/kibana.yml
  • echo "server.host: 0.0.0.0" >> /etc/kibana/kibana.yml

kibana und elastic starten und systemstart aktivieren

  • sudo systemctl enable elasticsearch kibana --now

Enroll Key generieren

  • /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjEzLjMiLCJhZHIiOlsiMTAuODEuMjU1LjE1MTo5MjAwIl0sImZnciI6IjY2ZTQzZmM5MGZiMjQwNWU3ZDk1OGY5NjQ5ODkxOWQwNjc1NTU1M2QwNmZhYWRjNmE1MGUxMWM5YTIxZDZkZDEiLCJrZXkiOiJReW1PVW84QkhEa2RqdFJ3TzZaWDptTzNJcDU0Q1RYMmhpdGptUDlLVTlnIn0=

kibana öffnen und Key reinpasten

Elk-01.png

Verificationcode generieren

  • /usr/share/kibana/bin/kibana-verification-code
Your verification code is:  970 916

Code rein kopieren

Elk-02.png

Aktivieren von HTTPS für Kibana

  • /usr/share/elasticsearch/bin/elasticsearch-certutil ca
  • /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns purple.xinux.org --out kibana-server.p12
  • openssl pkcs12 -in /usr/share/elasticsearch/elastic-stack-ca.p12 -clcerts -nokeys -out /etc/kibana/kibana-server_ca.crt
  • openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.crt -clcerts -nokeys
  • openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.key -nocerts -nodes
  • chown root:kibana /etc/kibana/kibana-server_ca.crt
  • chown root:kibana /etc/kibana/kibana-server.key
  • chown root:kibana /etc/kibana/kibana-server.crt
  • chmod 660 /etc/kibana/kibana-server_ca.crt
  • chmod 660 /etc/kibana/kibana-server.key
  • chmod 660 /etc/kibana/kibana-server.crt
  • echo "server.ssl.enabled: true" | tee -a /etc/kibana/kibana.yml
  • echo "server.ssl.certificate: /etc/kibana/kibana-server.crt" | tee -a /etc/kibana/kibana.yml
  • echo "server.ssl.key: /etc/kibana/kibana-server.key" | tee -a /etc/kibana/kibana.yml
  • echo "server.publicBaseUrl: \"https://purple.xinux.org:5601\"" | tee -a /etc/kibana/kibana.yml
  • /usr/share/kibana/bin/kibana-encryption-keys generate
Abgerufen von „http://wiki.ixheim.de/index.php?title=Elasticsearch/logstash/kibana&oldid=53247