testing docker compose

backup_docker-compose

@@ -0,0 +1,48 @@
+# Docker compose file for the HELK
+# HELK build version: 0.9 (BETA Script)
+# Author: Roberto Rodriguez @Cyb3rWard0g
+# ELK Version: 5x
+
+version: '2'
+
+services:
+
+  elasticsearch:
+    build: elasticsearch/docker/
+    ports:
+      - "9200:9200"
+    environment:
+      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+  kibana:
+    build: kibana/docker/
+    ports:
+      - "5601:5601"
+    depends_on:
+      - elasticsearch
+    networks:
+      - helk
+  nginx:
+    build: nginx/docker/
+    ports:
+      - "80:80"
+    depends_on:
+      - kibana
+    networks:
+      - helk
+  logstash:
+    build: logstash/docker/
+    depends_on:
+      - elasticsearch
+    ports:
+      - "5044:5044"
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+
+networks:
+
+  helk:
+    driver: bridge

docker-compose.yml

@@ -8,28 +8,41 @@ version: '2'
 services:
 
   elasticsearch:
-    build: elasticsearch/docker/
-    restart: always
+    image: elasticsearch:latest
+    volumes:
+      - ./elasticsearch/docker/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+    environment:
+      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
     ports:
       - "9200:9200"
+    networks:
+      - helk
   kibana:
-    build: kibana/docker/
-    restart: always
+    image: kibana:latest
+    volumes:
+      - ./kibana/docker/kibana.yml:/usr/share/config/kibana/kibana.yml
     ports:
       - "5601:5601"
     depends_on:
       - elasticsearch
-  nginx:
-    build: nginx/docker/
-    restart: always
-    ports:
-      - "80:80"
-    depends_on:
-      - kibana
+    networks:
+      - helk
   logstash:
-    build: logstash/docker/
-    restart: always
+    image: logstash:latest
+    volumes:
+      - ./logstash/docker/02-beats-input.conf:/usr/share/logstash/pipeline/02-beats-input.conf
+      - ./logstash/docker/50-elasticsearch-output.conf:/usr/share/logstash/pipeline/50-elasticsearch-output.conf
+      - ./logstash/docker/logstash.yml:/usr/share/logstash/config/logstash.yml
     depends_on:
       - elasticsearch
     ports:
-      - "5044:5044"
+      - "5044:5044"
+    environment:
+      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
+    networks:
+      - helk
+
+networks:
+
+  helk:
+    driver: bridge

elasticsearch/docker/Dockerfile

@@ -5,14 +5,12 @@ FROM openjdk:8-jre
 
 RUN apt-get update && \
     wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
-	apt-get install -y --no-install-recommends apt-transport-https && \
-	echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
-	apt-get install -y --no-install-recommends elasticsearch && \
-	mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
+    apt-get install -y --no-install-recommends apt-transport-https && \
+    echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
+    apt-get install -y --no-install-recommends elasticsearch && \
+    mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
 
 ADD elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
 
 EXPOSE 9200
 
-CMD ["/bin/systemctl", "start", "elasticsearch"]
-

elasticsearch/docker/elasticsearch.yml

@@ -52,7 +52,7 @@
 #
 # Set the bind address to a specific IP (IPv4 or IPv6):
 #
-network.host: localhost
+network.host: 0.0.0.0
 #
 # Set a custom port for HTTP:
 #
@@ -85,4 +85,5 @@ network.host: localhost
 #
 # Require explicit names when deleting indices:
 #
-#action.destructive_requires_name: true
+#action.destructive_requires_name: true
+discovery.type: single-node

kibana/docker/Dockerfile

@@ -1,17 +1,14 @@
 # Dockerfile for Kibana
 # Author: Roberto Rodriguez @Cyb3rWard0g
 
-FROM debian:jessie
-
-RUN apt-get update && \
+FROM ubuntu:16.04
+RUN apt-get update && apt-get install -y wget && \
     wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
 	apt-get install -y --no-install-recommends apt-transport-https && \
 	echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
-	apt-get install -y --no-install-recommends kibana && \
+	apt-get update && apt-get install -y --no-install-recommends kibana && \
 	mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml
 
 ADD kibana.yml /etc/kibana/kibana.yml
 
 EXPOSE 5601
-
-CMD ["/bin/systemctl", "start", "kibana"]

kibana/kibana.yml

@@ -4,7 +4,7 @@
 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
 # The default is 'localhost', which usually means remote machines will not be able to connect.
 # To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "localhost"
+server.host: "192.168.1.210"
 
 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
 # the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
@@ -96,4 +96,4 @@ server.host: "localhost"
 
 # Set the interval in milliseconds to sample system and process performance
 # metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
+#ops.interval: 5000

logstash/docker/Dockerfile

@@ -14,4 +14,3 @@ ADD 50-elasticsearch-output.conf /etc/logstash/conf.d/50-elasticsearch-output.co
 
 EXPOSE 5044
 
-CMD ["/bin/systemctl", "start", "logstash"]

logstash/docker/logstash.yml

@@ -0,0 +1,11 @@
+## Default Logstash configuration from logstash-docker.
+## from https://github.com/elastic/logstash-docker/blob/master/build/logstash/config/logstash.yml
+#
+http.host: "0.0.0.0"
+path.config: /usr/share/logstash/pipeline
+
+## Disable X-Pack
+## see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
+##     https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html#xpack-enabling
+#
+xpack.monitoring.enabled: false

nginx/docker/Dockerfile

@@ -1,14 +1,12 @@
 # Dockerfile for nginx
 # Author: Roberto Rodriguez @Cyb3rWard0g
 
-FROM debian:jessie
+FROM ubuntu:16.04
 
 RUN apt-get update && apt-get -y install nginx && \
-	echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
-	mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
+    mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
 
 ADD default /etc/nginx/sites-available/default
+ADD htpasswd.users /etc/nginx/htpasswd.users
 
 EXPOSE 80
-
-CMD ["/bin/systemctl", "restart", "nginx"]

nginx/docker/Dockerfile.save

@@ -0,0 +1,13 @@
+# Dockerfile for nginx
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM ubuntu:16.04FROM ubuntu:16.04
+
+
+RUN apt-get update && apt-get -y install nginx && \
+	echo "helkadmin:`openssl passwd -apr1 hunting`" | tee -a /etc/nginx/htpasswd.users && \
+	mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
+
+ADD default /etc/nginx/sites-available/default
+
+EXPOSE 80

nginx/docker/default

@@ -1,7 +1,7 @@
 server {
     listen 80;
 
-    server_name 127.0.0.1;
+    server_name HELK;
 
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/htpasswd.users;

nginx/docker/htpasswd.users

@@ -0,0 +1 @@
+helk:$apr1$KqCSJuqd$1PmrttbIkGNtm0.Z4HC6E1