infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update helk_install.sh 

added LOGFILE
keyword-vs-text-changes
Roberto Rodriguez 2017-06-06 11:08:53 -04:00 committed by GitHub
parent 0d7cf0f9ea
commit 913ff92d2c
1 changed files with 49 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
scripts/helk_install.sh
View File

@ -8,112 +8,122 @@
# ELK version: 5x
# Blog: https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html
LOGFILE="/var/log/helk-install.log"
echoerror() {
printf "${RC} * ERROR${EC}: $@\n" 1>&2;
}
echo "[HELK INFO] Installing updates.."
apt-get update
apt-get update >> $LOGFILE 2>&1
echo "[HELK INFO] Installing openjdk-8-jre-headless.."
apt-get install -y openjdk-8-jre-headless
apt-get install -y openjdk-8-jre-headless >> $LOGFILE 2>&1
# Elastic signs all of their packages with their own Elastic PGP signing key.
echo "[HELK INFO] Downloading and installing (writing to a file) the public signing key to the host.."
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - >> $LOGFILE 2>&1
# Before installing elasticsearch, we have to set the elastic packages definitions to our source list.
# For this step, elastic recommends to have "apt-transport-https" installed already or install it before adding the elasticsearch apt repository source list definition to your /etc/apt/sources.list
echo "Installing apt-transport-https.."
apt-get install apt-transport-https
apt-get install apt-transport-https >> $LOGFILE 2>&1
echo "[HELK INFO] Adding elastic packages source list definitions to your sources list.."
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list >> $LOGFILE 2>&1
echo "[HELK INFO] Installing updates.."
apt-get update
apt-get update >> $LOGFILE 2>&1
# *********** Installing Elasticsearch ***************
echo "[HELK INFO] Installing Elasticsearch.."
apt-get install elasticsearch
apt-get install elasticsearch >> $LOGFILE 2>&1
echo "[HELK INFO] Creating a backup of Elasticsearch's original yml file.."
mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml >> $LOGFILE 2>&1
echo "[HELK INFO] copying custom elasticsearch.yml file to /etc/elasticsearch/.."
cp -v ../elasticsearch/elasticsearch.yml /etc/elasticsearch/
cp -v ../elasticsearch/elasticsearch.yml /etc/elasticsearch/ >> $LOGFILE 2>&1
echo "[HELK INFO] Starting elasticsearch and setting elasticsearch to start automatically when the system boots.."
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
systemctl daemon-reload >> $LOGFILE 2>&1
systemctl enable elasticsearch.service >> $LOGFILE 2>&1
systemctl start elasticsearch.service >> $LOGFILE 2>&1
echo "[HELK INFO] Installing updates.."
apt-get update
apt-get update >> $LOGFILE 2>&1
# *********** Installing Kibana ***************
echo "[HELK INFO] Installing Kibana.."
apt-get install kibana
apt-get install kibana >> $LOGFILE 2>&1
echo "[HELK INFO] Creating a backup of Kibana's original yml file.."
mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml
mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml >> $LOGFILE 2>&1
echo "[HELK INFO] copying custom kibana.yml file to /etc/kibana/.."
cp -v ../kibana/kibana.yml /etc/kibana/
cp -v ../kibana/kibana.yml /etc/kibana/ >> $LOGFILE 2>&1
echo "[HELK INFO] Starting kibana and setting kibana to start automatically when the system boots.."
systemctl daemon-reload
systemctl enable kibana.service
systemctl start kibana.service
systemctl daemon-reload >> $LOGFILE 2>&1
systemctl enable kibana.service >> $LOGFILE 2>&1
systemctl start kibana.service >> $LOGFILE 2>&1
# *********** Installing Nginx ***************
echo "[HELK INFO] Installing Nginx.."
apt-get -y install nginx
apt-get -y install nginx >> $LOGFILE 2>&1
echo "[HELK INFO] Creating an admin user to Kibana.."
echo "[HELK INFO] Naming the admin user helkadmin.."
echo "helkadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
echo "[HELK INFO] Creating a backup of Nginx's config file.."
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default >> $LOGFILE 2>&1
echo "[HELK INFO] copying custom nginx config file to /etc/nginx/sites-available/.."
cp -v ../nginx/default /etc/nginx/sites-available/
cp -v ../nginx/default /etc/nginx/sites-available/ >> $LOGFILE 2>&1
echo "[HELK INFO] testing nginx configuration.."
nginx -t
nginx -t >> $LOGFILE 2>&1
echo "[HELK INFO] Restarting nginx service.."
systemctl restart nginx
systemctl restart nginx >> $LOGFILE 2>&1
echo "[HELK INFO] Installing updates.."
apt-get update
apt-get update >> $LOGFILE 2>&1
# *********** Installing Logstash ***************
echo "[HELK INFO] Installing Logstash.."
apt-get install logstash
apt-get install logstash >> $LOGFILE 2>&1
echo "[HELK INFO] Copying logstash's .conf files.."
cp -v ../logstash/02-beats-input.conf /etc/logstash/conf.d/
cp -v ../logstash/50-elasticsearch-output.conf /etc/logstash/conf.d/
cp -v ../logstash/02-beats-input.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
cp -v ../logstash/50-elasticsearch-output.conf /etc/logstash/conf.d/ >> $LOGFILE 2>&1
echo "[HELK INFO] Starting logstash and setting Logstash to start automatically when the system boots.."
systemctl start logstash
systemctl restart logstash
systemctl enable logstash
systemctl start logstash >> $LOGFILE 2>&1
systemctl restart logstash >> $LOGFILE 2>&1
systemctl enable logstash >> $LOGFILE 2>&1
echo "[HELK INFO] Your HELK has been succesfully installed.."
echo "[HELK INFO] Your HELK can be accessed ONLY locally by default. PLEASE run the following to give it an IP address and be able to access it from a different computer:"
echo "[HELK INFO] sudo nano /etc/nginx/sites-available/default"
echo "[HELK INFO] replace 127.0.0.1 with your host's IP address"
echo "[HELK INFO] finally run the following:"
echo "[HELK INFO] sudo systemctl restart nginx"
echo "[HELK INFO] Browse to the IP address from a different computer and enter the credentials for helkadmin"
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Install Failure: lxde (Error Code: $ERROR)"
else
echo "[HELK INFO] Your HELK has been succesfully installed.."
echo "[HELK INFO] Your HELK can be accessed ONLY locally by default. PLEASE run the following to give it an IP address and be able to access it from a different computer:"
echo "[HELK INFO] sudo nano /etc/nginx/sites-available/default"
echo "[HELK INFO] replace 127.0.0.1 with your host's IP address"
echo "[HELK INFO] finally run the following:"
echo "[HELK INFO] sudo systemctl restart nginx"
echo "[HELK INFO] Browse to the IP address from a different computer and enter the credentials for helkadmin"