mirror of https://github.com/infosecn1nja/HELK.git
testing docker compose
parent
8ccaad6cdc
commit
7a2e03032f
|
@ -0,0 +1,48 @@
|
|||
# Docker compose file for the HELK
|
||||
# HELK build version: 0.9 (BETA Script)
|
||||
# Author: Roberto Rodriguez @Cyb3rWard0g
|
||||
# ELK Version: 5x
|
||||
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
|
||||
elasticsearch:
|
||||
build: elasticsearch/docker/
|
||||
ports:
|
||||
- "9200:9200"
|
||||
environment:
|
||||
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
|
||||
networks:
|
||||
- helk
|
||||
kibana:
|
||||
build: kibana/docker/
|
||||
ports:
|
||||
- "5601:5601"
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
networks:
|
||||
- helk
|
||||
nginx:
|
||||
build: nginx/docker/
|
||||
ports:
|
||||
- "80:80"
|
||||
depends_on:
|
||||
- kibana
|
||||
networks:
|
||||
- helk
|
||||
logstash:
|
||||
build: logstash/docker/
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
ports:
|
||||
- "5044:5044"
|
||||
environment:
|
||||
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
|
||||
networks:
|
||||
- helk
|
||||
|
||||
networks:
|
||||
|
||||
helk:
|
||||
driver: bridge
|
|
@ -8,28 +8,41 @@ version: '2'
|
|||
services:
|
||||
|
||||
elasticsearch:
|
||||
build: elasticsearch/docker/
|
||||
restart: always
|
||||
image: elasticsearch:latest
|
||||
volumes:
|
||||
- ./elasticsearch/docker/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
|
||||
environment:
|
||||
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
|
||||
ports:
|
||||
- "9200:9200"
|
||||
networks:
|
||||
- helk
|
||||
kibana:
|
||||
build: kibana/docker/
|
||||
restart: always
|
||||
image: kibana:latest
|
||||
volumes:
|
||||
- ./kibana/docker/kibana.yml:/usr/share/config/kibana/kibana.yml
|
||||
ports:
|
||||
- "5601:5601"
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
nginx:
|
||||
build: nginx/docker/
|
||||
restart: always
|
||||
ports:
|
||||
- "80:80"
|
||||
depends_on:
|
||||
- kibana
|
||||
networks:
|
||||
- helk
|
||||
logstash:
|
||||
build: logstash/docker/
|
||||
restart: always
|
||||
image: logstash:latest
|
||||
volumes:
|
||||
- ./logstash/docker/02-beats-input.conf:/usr/share/logstash/pipeline/02-beats-input.conf
|
||||
- ./logstash/docker/50-elasticsearch-output.conf:/usr/share/logstash/pipeline/50-elasticsearch-output.conf
|
||||
- ./logstash/docker/logstash.yml:/usr/share/logstash/config/logstash.yml
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
ports:
|
||||
- "5044:5044"
|
||||
- "5044:5044"
|
||||
environment:
|
||||
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
|
||||
networks:
|
||||
- helk
|
||||
|
||||
networks:
|
||||
|
||||
helk:
|
||||
driver: bridge
|
||||
|
|
|
@ -5,14 +5,12 @@ FROM openjdk:8-jre
|
|||
|
||||
RUN apt-get update && \
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
|
||||
apt-get install -y --no-install-recommends apt-transport-https && \
|
||||
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
|
||||
apt-get install -y --no-install-recommends elasticsearch && \
|
||||
mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
|
||||
apt-get install -y --no-install-recommends apt-transport-https && \
|
||||
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
|
||||
apt-get install -y --no-install-recommends elasticsearch && \
|
||||
mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
|
||||
|
||||
ADD elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
|
||||
|
||||
EXPOSE 9200
|
||||
|
||||
CMD ["/bin/systemctl", "start", "elasticsearch"]
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
#
|
||||
# Set the bind address to a specific IP (IPv4 or IPv6):
|
||||
#
|
||||
network.host: localhost
|
||||
network.host: 0.0.0.0
|
||||
#
|
||||
# Set a custom port for HTTP:
|
||||
#
|
||||
|
@ -85,4 +85,5 @@ network.host: localhost
|
|||
#
|
||||
# Require explicit names when deleting indices:
|
||||
#
|
||||
#action.destructive_requires_name: true
|
||||
#action.destructive_requires_name: true
|
||||
discovery.type: single-node
|
||||
|
|
|
@ -1,17 +1,14 @@
|
|||
# Dockerfile for Kibana
|
||||
# Author: Roberto Rodriguez @Cyb3rWard0g
|
||||
|
||||
FROM debian:jessie
|
||||
|
||||
RUN apt-get update && \
|
||||
FROM ubuntu:16.04
|
||||
RUN apt-get update && apt-get install -y wget && \
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
|
||||
apt-get install -y --no-install-recommends apt-transport-https && \
|
||||
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
|
||||
apt-get install -y --no-install-recommends kibana && \
|
||||
apt-get update && apt-get install -y --no-install-recommends kibana && \
|
||||
mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml
|
||||
|
||||
ADD kibana.yml /etc/kibana/kibana.yml
|
||||
|
||||
EXPOSE 5601
|
||||
|
||||
CMD ["/bin/systemctl", "start", "kibana"]
|
|
@ -4,7 +4,7 @@
|
|||
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
|
||||
# The default is 'localhost', which usually means remote machines will not be able to connect.
|
||||
# To allow connections from remote users, set this parameter to a non-loopback address.
|
||||
server.host: "localhost"
|
||||
server.host: "192.168.1.210"
|
||||
|
||||
# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
|
||||
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
|
||||
|
@ -96,4 +96,4 @@ server.host: "localhost"
|
|||
|
||||
# Set the interval in milliseconds to sample system and process performance
|
||||
# metrics. Minimum is 100ms. Defaults to 5000.
|
||||
#ops.interval: 5000
|
||||
#ops.interval: 5000
|
||||
|
|
|
@ -14,4 +14,3 @@ ADD 50-elasticsearch-output.conf /etc/logstash/conf.d/50-elasticsearch-output.co
|
|||
|
||||
EXPOSE 5044
|
||||
|
||||
CMD ["/bin/systemctl", "start", "logstash"]
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
## Default Logstash configuration from logstash-docker.
|
||||
## from https://github.com/elastic/logstash-docker/blob/master/build/logstash/config/logstash.yml
|
||||
#
|
||||
http.host: "0.0.0.0"
|
||||
path.config: /usr/share/logstash/pipeline
|
||||
|
||||
## Disable X-Pack
|
||||
## see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
|
||||
## https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html#xpack-enabling
|
||||
#
|
||||
xpack.monitoring.enabled: false
|
|
@ -1,14 +1,12 @@
|
|||
# Dockerfile for nginx
|
||||
# Author: Roberto Rodriguez @Cyb3rWard0g
|
||||
|
||||
FROM debian:jessie
|
||||
FROM ubuntu:16.04
|
||||
|
||||
RUN apt-get update && apt-get -y install nginx && \
|
||||
echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
|
||||
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
|
||||
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
|
||||
|
||||
ADD default /etc/nginx/sites-available/default
|
||||
ADD htpasswd.users /etc/nginx/htpasswd.users
|
||||
|
||||
EXPOSE 80
|
||||
|
||||
CMD ["/bin/systemctl", "restart", "nginx"]
|
|
@ -0,0 +1,13 @@
|
|||
# Dockerfile for nginx
|
||||
# Author: Roberto Rodriguez @Cyb3rWard0g
|
||||
|
||||
FROM ubuntu:16.04FROM ubuntu:16.04
|
||||
|
||||
|
||||
RUN apt-get update && apt-get -y install nginx && \
|
||||
echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
|
||||
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
|
||||
|
||||
ADD default /etc/nginx/sites-available/default
|
||||
|
||||
EXPOSE 80
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
listen 80;
|
||||
|
||||
server_name 127.0.0.1;
|
||||
server_name HELK;
|
||||
|
||||
auth_basic "Restricted Access";
|
||||
auth_basic_user_file /etc/nginx/htpasswd.users;
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
helk:$apr1$KqCSJuqd$1PmrttbIkGNtm0.Z4HC6E1
|
Loading…
Reference in New Issue