Docker Compose files

docker-compose.yml

@@ -0,0 +1,38 @@
+# Docker compose file for the HELK
+# HELK build version: 0.9 (BETA Script)
+# Author: Roberto Rodriguez @Cyb3rWard0g
+# ELK Version: 5x
+
+version: '2'
+
+services:
+	elasticsearch:
+		build: elasticsearch/docker/
+		networks:
+			- helk
+	kibana:
+		build: kibana/docker/
+		depends_on:
+			- elasticsearch
+		networks:
+			- helk
+	nginx:
+		build: nginx/docker/
+		ports:
+			- "80:80"
+		depends_on:
+			- kibana
+		networks:
+			- helk
+	logstash:
+		build: logstash/docker/
+		depends_on:
+			- elasticsearch
+		networks:
+			- helk
+
+networks:
+	helk:
+		driver: bridge
+
+		

elasticsearch/docker/Dockerfile

@@ -0,0 +1,18 @@
+# Dockerfile for Elasticsearch
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM debian:jessie
+RUN apt-get update && apt-get install -y openjdk-8-jre-headless wget
+
+RUN wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - && \
+	apt-get install apt-transport-https && \
+	echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list && \
+	apt-get install elasticsearch && \
+	mv /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/backup_elasticsearch.yml
+
+ADD ../elasticsearch.yml /etc/elasticsearch/elasticsearch.yml
+
+RUN systemctl daemon-reload && \
+	systemctl enable elasticsearch.service && \
+	systemctl start elasticsearch.service
+	

kibana/docker/Dockerfile

@@ -0,0 +1,12 @@
+# Dockerfile for Kibana
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM debian:jessie
+RUN apt-get update && apt-get install kibana && \
+	mv /etc/kibana/kibana.yml /etc/kibana/backup_kibana.yml
+
+ADD ../kibana.yml /etc/kibana/kibana.yml
+
+RUN systemctl daemon-reload && \
+	systemctl enable kibana.service && \
+	systemctl start kibana.service

logstash/docker/Dockerfile.txt

@@ -0,0 +1,11 @@
+# Dockerfile for Logstash
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM debian:jessie
+RUN apt-get update && apt-get install logstash
+
+ADD ../logstash/02-beats-input.conf /etc/logstash/conf.d/02-beats-input.conf && \
+	../logstash/50-elasticsearch-output.conf /etc/logstash/conf.d/50-elasticsearch-output.conf
+
+RUN systemctl start logstash && \
+	systemctl enable logstash

nginx/docker/Dockerfile

@@ -0,0 +1,11 @@
+# Dockerfile for nginx
+# Author: Roberto Rodriguez @Cyb3rWard0g
+
+FROM debian:jessie
+RUN apt-get update && apt-get -y install nginx && \
+	echo "helkadmin:`openssl passwd -apr1 hunting`" | sudo tee -a /etc/nginx/htpasswd.users && \
+	mv /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
+
+ADD ../default /etc/nginx/sites-available/default
+
+RUN systemctl restart nginx