mirror of https://github.com/infosecn1nja/HELK.git
neu5ron
commit
eb6ed5c6b5
|
|
@ -12,11 +12,43 @@ CYAN='\033[0;36m'
|
||||||
WAR='\033[1;33m'
|
WAR='\033[1;33m'
|
||||||
STD='\033[0m'
|
STD='\033[0m'
|
||||||
|
|
||||||
|
HELK_INFO_TAG="[HELK-UPDATE-INFO]"
|
||||||
|
HELK_ERROR_TAG="[HELK-UPDATE-ERROR]"
|
||||||
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
if [[ $EUID -ne 0 ]]; then
|
||||||
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} YOU MUST BE ROOT TO RUN THIS SCRIPT!!!"
|
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} YOU MUST BE ROOT TO RUN THIS SCRIPT!!!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
show_banner(){
|
||||||
|
# *********** Showing HELK Docker menu options ***************
|
||||||
|
echo " "
|
||||||
|
echo "**********************************************"
|
||||||
|
echo "** HELK - THE HUNTING ELK **"
|
||||||
|
echo "** **"
|
||||||
|
echo "** Author: Roberto Rodriguez (@Cyb3rWard0g) **"
|
||||||
|
echo "** HELK build version: v0.1.8-alpha05292019 **"
|
||||||
|
echo "** HELK ELK version: 7.1.0 **"
|
||||||
|
echo "** License: GPL-3.0 **"
|
||||||
|
echo "**********************************************"
|
||||||
|
echo " "
|
||||||
|
}
|
||||||
|
|
||||||
|
# *********** Building and Running HELK Images ***************
|
||||||
|
build_helk(){
|
||||||
|
COMPOSE_CONFIG="${HELK_BUILD}-${SUBSCRIPTION_CHOICE}.yml"
|
||||||
|
## ****** Setting KAFKA ADVERTISED_LISTENER environment variable ***********
|
||||||
|
export ADVERTISED_LISTENER=$HOST_IP
|
||||||
|
|
||||||
|
echo "$HELK_INFO_TAG Building & running HELK from $COMPOSE_CONFIG file.."
|
||||||
|
docker-compose -f $COMPOSE_CONFIG up --build -d >> $LOGFILE 2>&1
|
||||||
|
ERROR=$?
|
||||||
|
if [ $ERROR -ne 0 ]; then
|
||||||
|
echoerror "Could not run HELK via docker-compose file $COMPOSE_CONFIG (Error Code: $ERROR)."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# *********** Asking user for Basic or Trial subscription of ELK ***************
|
# *********** Asking user for Basic or Trial subscription of ELK ***************
|
||||||
set_helk_subscription(){
|
set_helk_subscription(){
|
||||||
if [[ -z "$SUBSCRIPTION_CHOICE" ]]; then
|
if [[ -z "$SUBSCRIPTION_CHOICE" ]]; then
|
||||||
|
|
@ -49,28 +81,53 @@ set_helk_build(){
|
||||||
if [[ -z "$HELK_BUILD" ]]; then
|
if [[ -z "$HELK_BUILD" ]]; then
|
||||||
while true; do
|
while true; do
|
||||||
echo " "
|
echo " "
|
||||||
echo "*****************************************************"
|
echo "*****************************************************"
|
||||||
echo "* HELK - Docker Compose Build Choices *"
|
echo "* HELK - Docker Compose Build Choices *"
|
||||||
echo "*****************************************************"
|
echo "*****************************************************"
|
||||||
echo " "
|
echo " "
|
||||||
echo "1. KAFKA + KSQL + ELK + NGNIX + ELASTALERT "
|
echo "1. KAFKA + KSQL + ELK + NGNIX"
|
||||||
echo "2. KAFKA + KSQL + ELK + NGNIX + ELASTALERT + SPARK + JUPYTER "
|
echo "2. KAFKA + KSQL + ELK + NGNIX + ELASTALERT"
|
||||||
|
echo "3. KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER"
|
||||||
|
echo "4. KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER + ELASTALERT"
|
||||||
echo " "
|
echo " "
|
||||||
|
|
||||||
local CONFIG_CHOICE
|
local CONFIG_CHOICE
|
||||||
read -t 30 -p ">> Enter build choice [ 1 - 2]: " -e -i "1" CONFIG_CHOICE
|
read -t 30 -p "Enter build choice [ 1 - 4]: " -e -i "1" CONFIG_CHOICE
|
||||||
READ_INPUT=$?
|
READ_INPUT=$?
|
||||||
HELK_BUILD=${CONFIG_CHOICE:-"helk-kibana-analysis"}
|
HELK_BUILD=${CONFIG_CHOICE:-"helk-kibana-analysis"}
|
||||||
if [ $READ_INPUT = 142 ]; then
|
if [ $READ_INPUT = 142 ]; then
|
||||||
echo -e "\n${CYAN}[HELK-UPDATE-INFO]${STD} HELK build set to ${HELK_BUILD}"
|
echo -e "\n$HELK_INFO_TAG HELK build set to ${HELK_BUILD}"
|
||||||
break
|
break
|
||||||
else
|
else
|
||||||
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} HELK build set to ${HELK_BUILD}"
|
echo "$HELK_INFO_TAG HELK build set to ${HELK_BUILD}"
|
||||||
case $CONFIG_CHOICE in
|
case $CONFIG_CHOICE in
|
||||||
1) HELK_BUILD='helk-kibana-analysis';break ;;
|
1) HELK_BUILD='helk-kibana-analysis';break;;
|
||||||
2) HELK_BUILD='helk-kibana-notebook-analysis';break;;
|
2) HELK_BUILD='helk-kibana-analysis-alert';break;;
|
||||||
*)
|
3)
|
||||||
echo -e "\n${RED}[HELK-UPDATE-ERROR]${STD} Not a valid build"
|
if [[ $AVAILABLE_MEMORY -le $INSTALL_MINIMUM_MEMORY_NOTEBOOK ]]; then
|
||||||
|
echo "$HELK_INFO_TAG Your available memory for HELK build option ${HELK_BUILD} is not enough."
|
||||||
|
echo "$HELK_INFO_TAG Minimum required for this build option is $INSTALL_MINIMUM_MEMORY_NOTEBOOK MBs."
|
||||||
|
echo "$HELK_INFO_TAG Please Select option 1 or re-run the script after assigning the correct amount of memory"
|
||||||
|
sleep 4
|
||||||
|
else
|
||||||
|
HELK_BUILD='helk-kibana-notebook-analysis'
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
4)
|
||||||
|
if [[ $AVAILABLE_MEMORY -le $INSTALL_MINIMUM_MEMORY_NOTEBOOK ]]; then
|
||||||
|
echo "$HELK_INFO_TAG Your available memory for HELK build option ${HELK_BUILD} is not enough."
|
||||||
|
echo "$HELK_INFO_TAG Minimum required for this build option is $INSTALL_MINIMUM_MEMORY_NOTEBOOK MBs."
|
||||||
|
echo "$HELK_INFO_TAG Please Select option 1 or re-run the script after assigning the correct amount of memory"
|
||||||
|
sleep 4
|
||||||
|
else
|
||||||
|
HELK_BUILD='helk-kibana-notebook-analysis-alert'
|
||||||
|
break;
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo -e "${RED}Error...${STD}"
|
||||||
|
echo "$HELK_ERROR_TAG Not a valid build"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
@ -113,8 +170,8 @@ check_min_requirements(){
|
||||||
check_git_status(){
|
check_git_status(){
|
||||||
GIT_STATUS=$(git status 2>&1)
|
GIT_STATUS=$(git status 2>&1)
|
||||||
RETURN_CODE=$?
|
RETURN_CODE=$?
|
||||||
echo -e "Git status: $GIT_STATUS_FATAL, RetVal : $RETURN_CODE" >> $LOGFILE
|
echo -e "Git status: $GIT_STATUS, RetVal : $RETURN_CODE" >> $LOGFILE
|
||||||
if [[ -z $GIT_STATUS_FATAL && $RETURN_CODE -gt 0 ]]; then
|
if [[ -z $GIT_STATUS && $RETURN_CODE -gt 0 ]]; then
|
||||||
echo -e "${WAR}[HELK-UPDATE-WARNING]${STD} Git repository corrupted."
|
echo -e "${WAR}[HELK-UPDATE-WARNING]${STD} Git repository corrupted."
|
||||||
read -p ">> To fix this, all your local modifications to HELK will be overwritten. Do you wish to continue? (y/n) " -n 1 -r
|
read -p ">> To fix this, all your local modifications to HELK will be overwritten. Do you wish to continue? (y/n) " -n 1 -r
|
||||||
echo
|
echo
|
||||||
|
|
@ -162,14 +219,14 @@ check_github(){
|
||||||
COMMIT_DIFF=$(git rev-list --count master...helk-repo/master 2>&1)
|
COMMIT_DIFF=$(git rev-list --count master...helk-repo/master 2>&1)
|
||||||
CURRENT_COMMIT=$(git rev-parse HEAD 2>&1)
|
CURRENT_COMMIT=$(git rev-parse HEAD 2>&1)
|
||||||
REMOTE_LATEST_COMMIT=$(git rev-parse helk-repo/master 2>&1)
|
REMOTE_LATEST_COMMIT=$(git rev-parse helk-repo/master 2>&1)
|
||||||
echo "HEAD commits --> Current: $CURRENT_COMMIT | Remote: $REMOTE_LATEST_COMMIT" >> $LOGFILE 2>&1
|
echo "[CD:$COMMIT_DIFF] HEAD commits --> Current: $CURRENT_COMMIT | Remote: $REMOTE_LATEST_COMMIT" >> $LOGFILE 2>&1
|
||||||
|
|
||||||
if [ ! "$COMMIT_DIFF" == "0" ]; then
|
if [[ ! "$COMMIT_DIFF" == "0" || ! "$CURRENT_COMMIT" == "$REMOTE_LATEST_COMMIT" ]]; then
|
||||||
echo "Possibly new release available. Commit diff --> $COMMIT_DIFF" >> $LOGFILE 2>&1
|
echo "Possibly new release available. Commit diff --> $COMMIT_DIFF" >> $LOGFILE 2>&1
|
||||||
IS_MASTER_BEHIND=$(git branch -v | grep master | grep behind)
|
IS_MASTER_BEHIND=$(git branch -v | grep master | grep behind)
|
||||||
|
|
||||||
# IF HELK HAS BEEN CLONED FROM OFFICIAL REPO
|
# IF HELK HAS BEEN CLONED FROM OFFICIAL REPO
|
||||||
if [ ! "$CURRENT_COMMIT" == "$REMOTE_LATEST_COMMIT" ]; then
|
if [[ ! "$CURRENT_COMMIT" == "$REMOTE_LATEST_COMMIT" ]]; then
|
||||||
echo "Difference in HEAD commits --> Current: $CURRENT_COMMIT | Remote: $REMOTE_LATEST_COMMIT" >> $LOGFILE 2>&1
|
echo "Difference in HEAD commits --> Current: $CURRENT_COMMIT | Remote: $REMOTE_LATEST_COMMIT" >> $LOGFILE 2>&1
|
||||||
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} New release available. Pulling new code."
|
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} New release available. Pulling new code."
|
||||||
git checkout master >> $LOGFILE 2>&1
|
git checkout master >> $LOGFILE 2>&1
|
||||||
|
|
@ -200,6 +257,10 @@ check_github(){
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_logstash_connected(){
|
||||||
|
until (docker logs helk-logstash 2>&1 | grep -q "Restored connection to ES instance" ); do sleep 5; done
|
||||||
|
}
|
||||||
|
|
||||||
update_helk() {
|
update_helk() {
|
||||||
|
|
||||||
set_helk_build
|
set_helk_build
|
||||||
|
|
@ -218,7 +279,7 @@ update_helk() {
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
check_min_requirements
|
#check_min_requirements
|
||||||
|
|
||||||
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} Rebuilding HELK via docker-compose"
|
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} Rebuilding HELK via docker-compose"
|
||||||
docker-compose -f $COMPOSE_CONFIG up --build -d -V --force-recreate --always-recreate-deps >> $LOGFILE 2>&1
|
docker-compose -f $COMPOSE_CONFIG up --build -d -V --force-recreate --always-recreate-deps >> $LOGFILE 2>&1
|
||||||
|
|
@ -234,6 +295,7 @@ update_helk() {
|
||||||
sleep 1
|
sleep 1
|
||||||
: $((secs--))
|
: $((secs--))
|
||||||
done
|
done
|
||||||
|
check_logstash_connected
|
||||||
echo -e "\n${CYAN}[HELK-UPDATE-INFO]${STD} YOUR HELK HAS BEEN UPDATED!"
|
echo -e "\n${CYAN}[HELK-UPDATE-INFO]${STD} YOUR HELK HAS BEEN UPDATED!"
|
||||||
echo 0 > /tmp/helk-update
|
echo 0 > /tmp/helk-update
|
||||||
exit 1
|
exit 1
|
||||||
|
|
@ -247,7 +309,7 @@ if [[ -e /tmp/helk-update ]]; then
|
||||||
UPDATES_FETCHED=`cat /tmp/helk-update`
|
UPDATES_FETCHED=`cat /tmp/helk-update`
|
||||||
|
|
||||||
if [ "$UPDATES_FETCHED" == "1" ]; then
|
if [ "$UPDATES_FETCHED" == "1" ]; then
|
||||||
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} Updates already downloaded. Starting update..."
|
echo -e "${CYAN}[HELK-UPDATE-INFO]${STD} Updates already downloaded. Starting update..."
|
||||||
update_helk
|
update_helk
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue