HELK/docker/helk_install.sh

626 lines
26 KiB
Bash
Executable File

#!/bin/bash
# HELK script: helk_install.sh
# HELK script description: HELK installation
# HELK build Stage: Alpha
# Author: Roberto Rodriguez (@Cyb3rWard0g)
# License: GPL-3.0
# *********** Helk log tagging variables ***************
# For more efficient script editing/reading, and also if/when we switch to different install script language
HELK_INFO_TAG="[HELK-INSTALLATION-INFO]"
HELK_ERROR_TAG="[HELK-INSTALLATION-ERROR]"
# Make sure to use "echo -e" with this variable
INSTALL_ERROR_CHECK_WIKI="$HELK_ERROR_TAG Check the requirements section in our installation Wiki\
\n$HELK_ERROR_TAG Installation Wiki: https://github.com/Cyb3rWard0g/HELK/wiki/Installation"
# *********** Variables for user modification ***************
# Careful editing unless you know what you are doing :)
## In MBs
INSTALL_MINIMUM_MEMORY=5000
## In MBs
INSTALL_MINIMUM_MEMORY_NOTEBOOK=8000
## In GBs
INSTALL_MINIMUM_DISK=20
## Sysctl Parameters
SYSCTL_VM_MAX_MAP_COUNT=4120294
SYSCTL_VM_SWAPPINESS=25
export DOCKER_CLIENT_TIMEOUT=300
export COMPOSE_HTTP_TIMEOUT=300
# *********** Check if user is root ***************
if [[ $EUID -ne 0 ]]; then
echo "$HELK_INFO_TAG YOU MUST BE ROOT TO RUN THIS SCRIPT!!!"
exit 1
fi
# *********** Set Log File ***************
LOGFILE="/var/log/helk-install.log"
echoerror() {
printf "${RC} * ERROR${EC}: $@\n" 1>&2;
}
# ********* Globals **********************
SYSTEM_KERNEL="$(uname -s)"
# Will output in MBs
AVAILABLE_MEMORY=$(awk '/MemAvailable/{printf "%.f", $2/1024}' /proc/meminfo)
# ********** Check Minimum Requirements **************
check_min_requirements(){
# *********** Check System Kernel Name ***************
echo "$HELK_INFO_TAG HELK being hosted on a $SYSTEM_KERNEL box"
if [ "$SYSTEM_KERNEL" == "Linux" ]; then
ARCHITECTURE=$(uname -m)
if [ "${ARCHITECTURE}" != "x86_64" ]; then
echo "$HELK_ERROR_TAG HELK REQUIRES AN X86_64 BASED OPERATING SYSTEM TO INSTALL"
echo "Your Systems Architecture: ${ARCHITECTURE}"
echo -e $INSTALL_ERROR_CHECK_WIKI
exit 1
fi
if [[ "${AVAILABLE_MEMORY}" -ge $INSTALL_MINIMUM_MEMORY ]]; then
echo "$HELK_INFO_TAG Available Memory: $AVAILABLE_MEMORY MBs"
else
echo "$HELK_ERROR_TAG YOU DO NOT HAVE ENOUGH AVAILABLE MEMORY"
echo "$HELK_ERROR_TAG Available Memory: $AVAILABLE_MEMORY MBs"
echo -e $INSTALL_ERROR_CHECK_WIKI
exit 1
fi
else
echo "$HELK_INFO_TAG I could not calculate available memory for $SYSTEM_KERNEL!!!!!"
echo "$HELK_INFO_TAG Make sure you have at least $INSTALL_MINIMUM_MEMORY MBs of available memory!!!!!!"
fi
}
check_system_info(){
if [ "$SYSTEM_KERNEL" == "Linux" ]; then
# *********** Check distribution list ***************
LSB_DIST="$(. /etc/os-release && echo "$ID")"
LSB_DIST="$(echo "$LSB_DIST" | tr '[:upper:]' '[:lower:]')"
# *********** Check distribution version ***************
case "$LSB_DIST" in
ubuntu)
if [ -x "$(command -v lsb_release)" ]; then
DIST_VERSION="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$DIST_VERSION" ] && [ -r /etc/lsb-release ]; then
DIST_VERSION="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
# ********* Commenting Out CDROM **********************
sed -i "s/\(^deb cdrom.*$\)/\#/g" /etc/apt/sources.list
;;
debian|raspbian)
DIST_VERSION="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$DIST_VERSION" in
9) DIST_VERSION="stretch";;
8) DIST_VERSION="jessie";;
7) DIST_VERSION="wheezy";;
esac
# ********* Commenting Out CDROM **********************
sed -i "s/\(^deb cdrom.*$\)/\#/g" /etc/apt/sources.list
;;
centos)
if [ -z "$DIST_VERSION" ] && [ -r /etc/os-release ]; then
DIST_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
rhel|ol|sles)
ee_notice "$LSB_DIST"
exit 1
;;
*)
if [ -x "$(command -v lsb_release)" ]; then
DIST_VERSION="$(lsb_release --release | cut -f2)"
fi
if [ -z "$DIST_VERSION" ] && [ -r /etc/os-release ]; then
DIST_VERSION="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
esac
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not verify distribution or version of the OS (Error Code: $ERROR)."
fi
echo "$HELK_INFO_TAG You're using $LSB_DIST version $DIST_VERSION"
elif [ "$SYSTEM_KERNEL" == "Darwin" ]; then
PRODUCT_NAME="$(sw_vers -productName)"
PRODUCT_VERSION="$(sw_vers -productVersion)"
BUILD_VERSION="$(sw_vers -buildVersion)"
echo "$HELK_INFO_TAG You're using $PRODUCT_NAME version $PRODUCT_VERSION"
else
echo "$HELK_INFO_TAG We cannot figure out the SYSTEM_KERNEL, distribution or version of the OS"
fi
}
# ********** Install Curl ********************
install_curl(){
echo "$HELK_INFO_TAG Installing curl before installing docker.."
case "$LSB_DIST" in
ubuntu|debian|raspbian)
apt install -y curl >> $LOGFILE 2>&1
;;
centos|rhel)
yum install -y curl >> $LOGFILE 2>&1
;;
*)
echo "$HELK_INFO_TAG Please install curl for $LSB_DIST $DIST_VERSION.."
exit 1
;;
esac
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not install curl for $LSB_DIST $DIST_VERSION (Error Code: $ERROR)."
exit 1
fi
}
# ********* Install htpasswd ********************
install_htpasswd(){
if [ "$SYSTEM_KERNEL" == "Linux" ]; then
echo "$HELK_INFO_TAG Installing htpasswd.."
case "$LSB_DIST" in
ubuntu|debian|raspbian)
apt install -y apache2-utils>> $LOGFILE 2>&1
;;
centos|rhel)
yum install -y httpd-tools >> $LOGFILE 2>&1
;;
*)
echo "$HELK_INFO_TAG Please install htpasswd for $LSB_DIST $DIST_VERSION.."
exit 1
;;
esac
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not install htpasswd for $LSB_DIST $DIST_VERSION (Error Code: $ERROR)."
exit 1
fi
else
echo "$HELK_INFO_TAG Please install htpasswd for $SYSTEM_KERNEL.."
fi
}
# ****** Installing docker via convenience script ***********
install_docker(){
echo "$HELK_INFO_TAG Installing docker via convenience script.."
curl -fsSL https://get.docker.com -o get-docker.sh >> $LOGFILE 2>&1
chmod +x get-docker.sh >> $LOGFILE 2>&1
./get-docker.sh >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not install docker via convenience script (Error Code: $ERROR)."
if [ -x "$(command -v snap)" ]; then
SNAP_VERSION=$(snap version | grep -w 'snap' | awk '{print $2}')
echo "$HELK_INFO_TAG Snap v$SNAP_VERSION is available. Trying to install docker via snap.."
snap install docker >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not install docker via snap (Error Code: $ERROR)."
exit 1
fi
echo "$HELK_INFO_TAG Docker successfully installed via snap."
else
echo "$HELK_INFO_TAG Docker could not be installed. Check $LOGFILE for details."
exit 1
fi
fi
}
# ****** Installing docker compose from github.com/docker/compose ***********
install_docker_compose(){
echo "$HELK_INFO_TAG Installing docker-compose.."
COMPOSE_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
curl -L https://github.com/docker/compose/releases/download/$COMPOSE_VERSION/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose >> $LOGFILE 2>&1
chmod +x /usr/local/bin/docker-compose >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not install docker-compose (Error Code: $ERROR)."
exit 1
fi
}
# *********** Set helk elasticsearch password ******************************
set_elasticsearch_password(){
if [[ -z "$ELASTICSEARCH_PASSWORD_INPUT" ]] && [[ $SUBSCRIPTION_CHOICE == "trial" ]]; then
echo -e "\n$HELK_INFO_TAG Please make sure to create a custom Elasticsearch password and store it securely for future use."
sleep 2
while true; do
read -t 90 -p "$HELK_INFO_TAG Set HELK Elasticsearch Password: " -e -i "elasticpassword" ELASTICSEARCH_PASSWORD_INPUT
READ_INPUT=$?
ELASTICSEARCH_PASSWORD_INPUT=${ELASTICSEARCH_PASSWORD_INPUT:-"elasticpassword"}
if [ $READ_INPUT = 142 ]; then
echo -e "\n$HELK_INFO_TAG HELK elasticsearch password set to ${ELASTICSEARCH_PASSWORD_INPUT}"
break
else
read -p "$HELK_INFO_TAG Verify HELK Elasticsearch Password: " ELASTICSEARCH_PASSWORD_INPUT_VERIFIED
echo -e "$HELK_INFO_TAG HELK elasticsearch password set to ${ELASTICSEARCH_PASSWORD_INPUT}"
# *********** Validating Password Input ***************
if [[ "$ELASTICSEARCH_PASSWORD_INPUT" == "$ELASTICSEARCH_PASSWORD_INPUT_VERIFIED" ]]; then
break
else
echo -e "${RED}Error...${STD}"
echo "$HELK_INFO_TAG Your password values do not match.."
fi
fi
done
export ELASTIC_PASSWORD=$ELASTICSEARCH_PASSWORD_INPUT
elif [[ "$ELASTICSEARCH_PASSWORD_INPUT" ]] && [[ $SUBSCRIPTION_CHOICE == "trial" ]]; then
export ELASTIC_PASSWORD=$ELASTICSEARCH_PASSWORD_INPUT
fi
}
# *********** Set helk kibana UI password ******************************
set_kibana_ui_password(){
if [[ -z "$KIBANA_UI_PASSWORD_INPUT" ]]; then
echo -e "\n$HELK_INFO_TAG Please make sure to create a custom Kibana password and store it securely for future use."
sleep 2
while true; do
read -t 90 -p "$HELK_INFO_TAG Set HELK Kibana UI Password: " -e -i "hunting" KIBANA_UI_PASSWORD_INPUT
READ_INPUT=$?
KIBANA_UI_PASSWORD_INPUT=${KIBANA_UI_PASSWORD_INPUT:-"hunting"}
if [ $READ_INPUT = 142 ]; then
echo -e "\n$HELK_INFO_TAG HELK Kibana UI password set to ${KIBANA_UI_PASSWORD_INPUT}"
break
else
read -p "$HELK_INFO_TAG Verify HELK Kibana UI Password: " KIBANA_UI_PASSWORD_INPUT_VERIFIED
#echo -e "$HELK_INFO_TAG HELK Kibana UI password set to ${KIBANA_UI_PASSWORD_INPUT}"
# *********** Validating Password Input ***************
if [[ "$KIBANA_UI_PASSWORD_INPUT" == "$KIBANA_UI_PASSWORD_INPUT_VERIFIED" ]]; then
break
else
echo -e "${RED}Error...${STD}"
echo "$HELK_INFO_TAG Your password values do not match.."
fi
fi
done
fi
if [[ $SUBSCRIPTION_CHOICE == "basic" ]]; then
# *********** Check if htpasswd is installed ***************
if ! [ -x "$(command -v htpasswd)" ]; then
install_htpasswd
fi
mv helk-nginx/htpasswd.users helk-nginx/htpasswd.users_backup >> $LOGFILE 2>&1
htpasswd -b -c helk-nginx/htpasswd.users "helk" $KIBANA_UI_PASSWORD_INPUT >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not add helk to htpasswd.users file (Error Code: $ERROR)."
exit 1
fi
elif [[ $SUBSCRIPTION_CHOICE == "trial" ]]; then
export KIBANA_UI_PASSWORD=$KIBANA_UI_PASSWORD_INPUT
else
echo "$HELK_INFO_TAG Subscription Choice MUST be provided first.."
exit 1
fi
}
# *********** Set HELK network settings ***************
set_network(){
if [[ -z "$HOST_IP" ]]; then
# *********** Getting Host IP ***************
# https://github.com/Invoke-IR/ACE/blob/master/ACE-Docker/start.sh
#echo "$HELK_INFO_TAG Obtaining current host IP.."
case "${SYSTEM_KERNEL}" in
Linux*) HOST_IP=$(ip route get 1 | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | tail -1);;
Darwin*) HOST_IP=$(ifconfig en0 | grep inet | grep -v inet6 | cut -d ' ' -f2);;
*) HOST_IP="UNKNOWN:${SYSTEM_KERNEL}"
esac
# *********** Accepting Defaults or Allowing user to set the HELK IP ***************
local ip_choice
read -t 90 -p "$HELK_INFO_TAG Set HELK IP. Default value is your current IP: " -e -i ${HOST_IP} ip_choice
# ******* Validation ************
#READ_INPUT=$?
#HOST_IP="${ip_choice:-$HOST_IP}"
#if [ $READ_INPUT = 142 ]; then
# echo -e "\n$HELK_INFO_TAG HELK IP set to ${HOST_IP}"
#else
# echo "$HELK_INFO_TAG HELK IP set to ${HOST_IP}"
#fi
fi
}
# *********** Building and Running HELK Images ***************
build_helk(){
COMPOSE_CONFIG="${HELK_BUILD}-${SUBSCRIPTION_CHOICE}.yml"
## ****** Setting KAFKA ADVERTISED_LISTENER environment variable ***********
export ADVERTISED_LISTENER=$HOST_IP
echo "$HELK_INFO_TAG Building & running HELK from $COMPOSE_CONFIG file.."
docker-compose -f $COMPOSE_CONFIG up --build -d >> $LOGFILE 2>&1
ERROR=$?
if [ $ERROR -ne 0 ]; then
echoerror "Could not run HELK via docker-compose file $COMPOSE_CONFIG (Error Code: $ERROR)."
exit 1
fi
}
# *********** Asking user for Basic or Trial subscription of ELK ***************
set_helk_subscription(){
if [[ -z "$SUBSCRIPTION_CHOICE" ]]; then
# *********** Accepting Defaults or Allowing user to set HELK subscription ***************
while true; do
local subscription_input
read -t 30 -p "$HELK_INFO_TAG Set HELK elastic subscription (basic or trial): " -e -i "basic" subscription_input
READ_INPUT=$?
SUBSCRIPTION_CHOICE=${subscription_input:-"basic"}
if [ $READ_INPUT = 142 ]; then
break
else
# *********** Validating subscription Input ***************
case $SUBSCRIPTION_CHOICE in
basic) break;;
trial) break;;
*)
echo -e "${RED}Error...${STD}"
echo "$HELK_ERROR_TAG Not a valid subscription. Valid Options: basic or trial"
;;
esac
fi
done
fi
}
# *********** Asking user for docker compose config ***************
set_helk_build(){
if [[ -z "$HELK_BUILD" ]]; then
while true; do
echo " "
echo "*****************************************************"
echo "* HELK - Docker Compose Build Choices *"
echo "*****************************************************"
echo " "
echo "1. KAFKA + KSQL + ELK + NGNIX"
echo "2. KAFKA + KSQL + ELK + NGNIX + ELASTALERT"
echo "3. KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER"
echo "4. KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER + ELASTALERT"
echo " "
local CONFIG_CHOICE
read -t 30 -p "Enter build choice [ 1 - 4]: " -e -i "1" CONFIG_CHOICE
READ_INPUT=$?
HELK_BUILD=${CONFIG_CHOICE:-"helk-kibana-analysis"}
if [ $READ_INPUT = 142 ]; then
echo -e "\n$HELK_INFO_TAG HELK build set to ${HELK_BUILD}"
break
else
echo "$HELK_INFO_TAG HELK build set to ${HELK_BUILD}"
case $CONFIG_CHOICE in
1) HELK_BUILD='helk-kibana-analysis';break;;
2) HELK_BUILD='helk-kibana-analysis-alert';break;;
3)
if [[ $AVAILABLE_MEMORY -le $INSTALL_MINIMUM_MEMORY_NOTEBOOK ]]; then
echo "$HELK_INFO_TAG Your available memory for HELK build option ${HELK_BUILD} is not enough."
echo "$HELK_INFO_TAG Minimum required for this build option is $INSTALL_MINIMUM_MEMORY_NOTEBOOK MBs."
echo "$HELK_INFO_TAG Please Select option 1 or re-run the script after assigning the correct amount of memory"
sleep 4
else
HELK_BUILD='helk-kibana-notebook-analysis'
break;
fi
;;
4)
if [[ $AVAILABLE_MEMORY -le $INSTALL_MINIMUM_MEMORY_NOTEBOOK ]]; then
echo "$HELK_INFO_TAG Your available memory for HELK build option ${HELK_BUILD} is not enough."
echo "$HELK_INFO_TAG Minimum required for this build option is $INSTALL_MINIMUM_MEMORY_NOTEBOOK MBs."
echo "$HELK_INFO_TAG Please Select option 1 or re-run the script after assigning the correct amount of memory"
sleep 4
else
HELK_BUILD='helk-kibana-notebook-analysis-alert'
break;
fi
;;
*)
echo -e "${RED}Error...${STD}"
echo "$HELK_ERROR_TAG Not a valid build"
;;
esac
fi
done
fi
}
# *********** Install and set up pre-requirements ***************
prepare_helk(){
if [ "$SYSTEM_KERNEL" == "Linux" ]; then
# *********** Check if curl is installed ***************
if ! [ -x "$(command -v curl)" ]; then
install_curl
fi
# *********** Check if docker is installed ***************
if [ -x "$(command -v docker)" ]; then
echo "$HELK_INFO_TAG Docker already installed"
echo "$HELK_INFO_TAG Making sure you assigned enough disk space to the current Docker base directory"
AVAILABLE_DOCKER_DISK=$(df -m $(docker info --format '{{.DockerRootDir}}') | awk '$1 ~ /\//{printf "%.f", $4 / 1024}')
if [[ "${AVAILABLE_DOCKER_DISK}" -ge $INSTALL_MINIMUM_DISK ]]; then
echo "$HELK_INFO_TAG Available Docker Disk: ${AVAILABLE_DOCKER_DISK} GBs"
else
echo "$HELK_ERROR_TAG YOU DO NOT HAVE ENOUGH DOCKER DISK SPACE ASSIGNED"
echo "$HELK_ERROR_TAG Available Docker Disk: ${AVAILABLE_DOCKER_DISK} GBs"
echo -e $INSTALL_ERROR_CHECK_WIKI
exit 1
fi
else
install_docker
fi
# ********** Check if docker-compose is installed *******
if ! [ -x "$(command -v docker-compose)" ]; then
install_docker_compose
fi
else
# *********** Check if docker is installed ***************
if ! [ -x "$(command -v docker)" ] && ! [ -x "$(command -v docker-compose)" ]; then
echo "$HELK_INFO_TAG Please install Docker & Docker-compose for $SYSTEM_KERNEL"
exit 1
fi
fi
# *********** Checking internal set up ***************
echo "$HELK_INFO_TAG Checking local vm.max_map_count variable and setting it to $SYSCTL_VM_MAX_MAP_COUNT"
if [ -n "$SYSCTL_VM_MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then
sysctl -q -w vm.max_map_count=$SYSCTL_VM_MAX_MAP_COUNT >> $LOGFILE 2>&1
if [ $ERROR -ne 0 ]; then
echoerror "Could not set vm.max_map_count to $SYSCTL_VM_MAX_MAP_COUNT (Error Code: $ERROR)."
fi
fi
echo "$HELK_INFO_TAG Setting local vm.swappiness variable to $SYSCTL_VM_SWAPPINESS"
if [ -n "$SYSCTL_VM_SWAPPINESS" -a -f /proc/sys/vm/swappiness ]; then
sysctl -q -w vm.swappiness=$SYSCTL_VM_SWAPPINESS >> $LOGFILE 2>&1
if [ $ERROR -ne 0 ]; then
echoerror "Could not set vm.swappiness to $SYSCTL_VM_SWAPPINESS (Error Code: $ERROR)."
fi
fi
echo "vm.max_map_count = $SYSCTL_VM_MAX_MAP_COUNT" > /etc/sysctl.d/90-helk-overwritten-during-docker-install-sysctl-tuning.conf;
echo "vm.swappiness = $SYSCTL_VM_SWAPPINESS" >> /etc/sysctl.d/90-helk-overwritten-during-docker-install-sysctl-tuning.conf;
}
get_jupyter_credentials(){
if [[ ${HELK_BUILD} == "helk-kibana-notebook-analysis" ]] || [[ ${HELK_BUILD} == "helk-kibana-notebook-analysis-alert" ]]; then
until (docker logs helk-jupyter 2>&1 | grep -q "The Jupyter Notebook is running at"); do sleep 5; done
jupyter_token="$(docker exec -i helk-jupyter jupyter notebook list | grep "token" | sed 's/.*token=\([^ ]*\).*/\1/')" >> $LOGFILE 2>&1
echo "HELK JUPYTER CURRENT TOKEN: ${jupyter_token}"
fi
}
check_logstash_connected(){
echo "$HELK_INFO_TAG Waiting for some services to be up ....."
until (docker logs helk-logstash 2>&1 | grep -q "Restored connection to ES instance" ); do sleep 5; done
}
show_banner(){
# *********** Showing HELK Docker menu options ***************
echo " "
echo "**********************************************"
echo "** HELK - THE HUNTING ELK **"
echo "** **"
echo "** Author: Roberto Rodriguez (@Cyb3rWard0g) **"
echo "** HELK build version: v0.1.8-alpha01032020 **"
echo "** HELK ELK version: 7.5.1 **"
echo "** License: GPL-3.0 **"
echo "**********************************************"
echo " "
}
show_final_information(){
echo " "
echo " "
echo "***********************************************************************************"
echo "** $HELK_INFO_TAG HELK WAS INSTALLED SUCCESSFULLY **"
echo "** $HELK_INFO_TAG USE THE FOLLOWING SETTINGS TO INTERACT WITH THE HELK **"
echo "***********************************************************************************"
echo " "
if [[ ${HELK_BUILD} == "helk-kibana-notebook-analysis" ]] || [[ ${HELK_BUILD} == "helk-kibana-notebook-analysis-alert" ]]; then
echo "HELK KIBANA URL: https://${HOST_IP}"
echo "HELK KIBANA USER: helk"
echo "HELK KIBANA PASSWORD: ${KIBANA_UI_PASSWORD_INPUT}"
echo "HELK SPARK MASTER UI: https://${HOST_IP}:8080"
echo "HELK JUPYTER SERVER URL: https://${HOST_IP}/jupyter"
get_jupyter_credentials
elif [[ ${HELK_BUILD} == "helk-kibana-analysis" ]] || [[ ${HELK_BUILD} == "helk-kibana-analysis-alert" ]]; then
echo "HELK KIBANA URL: https://${HOST_IP}"
echo "HELK KIBANA USER: helk"
echo "HELK KIBANA PASSWORD: ${KIBANA_UI_PASSWORD_INPUT}"
fi
echo "HELK ZOOKEEPER: ${HOST_IP}:2181"
echo "HELK KSQL SERVER: ${HOST_IP}:8088"
echo " "
echo "IT IS HUNTING SEASON!!!!!"
echo " "
echo "You can stop all the HELK docker containers by running the following command:"
echo " [+] sudo docker-compose stop $COMPOSE_CONFIG"
echo " "
}
install_helk(){
show_banner
check_min_requirements
check_system_info
set_helk_build
set_helk_subscription
set_network
set_kibana_ui_password
set_elasticsearch_password
prepare_helk
build_helk
check_logstash_connected
show_final_information
}
usage(){
echo " "
echo "Usage: $0 [option...]" >&2
echo
echo " -p set helk kibana ui password"
echo " -i set HELKs IP address"
echo " -b set HELKs build (helk-kibana-analysis OR helk-kibana-notebook-analysis)"
echo " -l set HELKs subscription (basic or trial)"
echo " -e set HELKs elasticsearch password"
echo " -q quiet -> not output to the console"
echo
echo "Examples:"
echo " $0 Install HELK manually"
echo " $0 -p As3gur@! -i 192.168.64.131 -b 'helk-kibana-analysis' -l 'basic' Install HELK with a basic subscription"
echo " $0 -p As3gur@! -i 192.168.64.131 -b 'helk-kibana-analysis' -l 'trial' -e elasticpasword Install HELK with a trial subscription"
echo " $0 -p As3gur@! -i 192.168.64.131 -b 'helk-kibana-analysis' -l 'basic' -q Install HELK with a basic subscription quietly"
echo " "
exit 1
}
# ************ Start HELK Install **********************
# ************ Command Options **********************
while getopts p:i:b:l:eq option
do
case "${option}"
in
p) KIBANA_UI_PASSWORD_INPUT=$OPTARG;;
i) HOST_IP=$OPTARG;;
b) HELK_BUILD=$OPTARG;;
l) SUBSCRIPTION_CHOICE=$OPTARG;;
e) ELASTICSEARCH_PASSWORD_INPUT=$OPTARG;;
q) quiet="TRUE";;
\?) usage;;
esac
done
if [ -z "$KIBANA_UI_PASSWORD_INPUT" ] && [ -z "$HOST_IP" ] && [ -z "$HELK_BUILD" ] && [ -z "$SUBSCRIPTION_CHOICE" ]; then
install_helk
else
if [[ "$HOST_IP" =~ ^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$ ]]; then
for i in 1 2 3 4; do
if [ $(echo "$HOST_IP" | cut -d. -f$i) -gt 255 ]; then
echo "$HELK_ERROR_TAG $HOST_IP is not a valid IP Address"
usage
fi
done
# *********** Validating subscription Input ***************
case $SUBSCRIPTION_CHOICE in
basic);;
trial);;
*)
echo "$HELK_ERROR_TAG Not a valid subscription. Valid Options: basic or trial"
usage
;;
esac
# *********** Validating helk build***************
case $HELK_BUILD in
helk-kibana-analysis);;
helk-kibana-analysis-alert);;
helk-kibana-notebook-analysis);;
helk-kibana-notebook-analysis-alert);;
*)
echo "$HELK_ERROR_TAG Not a valid build. Valid Options: kafka, helk-kibana-analysis OR helk-kibana-notebook-analysis "
usage
;;
esac
# *********** Quiet or verbose ***************
if [[ -z "$quiet" ]]; then
install_helk
else
install_helk >> $LOGFILE 2>&1
fi
else
echo "$HELK_ERROR_TAG Make sure you set the right parameters"
usage
fi
fi