Docker ZEEK FILEBEAT ELASTIC

非开源，禁止商用

elasticsearch

Set The Password

# Start elasticsearch

mv $(pwd)/elastic/config $(pwd)/elastic/config.bak

docker run -it --rm \
--name test \
elastic/elasticsearch:7.16.3 sleep 20 &

# Copy Config

docker cp test:/usr/share/elasticsearch/config $(pwd)/elastic/

cp $(pwd)/elastic/config.bak/elasticsearch.yml $(pwd)/elastic/config/elasticsearch.yml

# Set The Password

<!-- docker run -it --rm \
-e XPACK_SECURITY_ENABLED=true \
-v $(pwd)/elastic/config:/usr/share/elasticsearch/config \
elastic/elasticsearch:7.16.3 \
bin/elasticsearch-keystore create -p -->

docker run -it --rm \
-e XPACK_SECURITY_ENABLED=true \
-v $(pwd)/elastic/config:/usr/share/elasticsearch/config \
elastic/elasticsearch:7.16.3 \
bin/elasticsearch-keystore add bootstrap.password

## Set The Password
docker-compose up elasticsearch -d

docker-compose exec elasticsearch elasticsearch-setup-passwords interactive

Generate a certificate

please google
docker-compose exec elasticsearch elasticsearch-certutil ca
docker-compose exec elasticsearch elasticsearch-certutil cert --ca elastic-stack-ca.p12
docker-compose exec elasticsearch mkdir data/cert
docker-compose exec elasticsearch mv elastic-certificates.p12 data/cert/
docker-compose exec elasticsearch mv elastic-stack-ca.p12 data/cert/

kibana

Set The Password

# Start kibana

mv $(pwd)/kibana/config $(pwd)/kibana/config.bak

docker run -it --rm \
--name test \
elastic/kibana:7.16.3 sleep 20 &

# Copy Config

docker cp test:/usr/share/kibana/config $(pwd)/kibana/

cp $(pwd)/kibana/config.bak/kibana.yml $(pwd)/kibana/config/kibana.yml

filebeat

chmod go-w $(pwd)/filebeat/config/filebeat.yml

zeek

# Start zeek
docker run \
-itd \
--rm \
--name testxxxxxxxx \
--entrypoint /bin/ash \
xrsec/zeek

# Copy Config

docker cp testxxxxxxxx:/usr/local/zeek/share/zeek/site zeek/
docker rm -f testxxxxxxxx

Debug

docker run -it --rm \
-e "discovery.type=single-node" \
-e "XPACK_SECURITY=true" \
-e "kibana_PASSWORD=123456" \
-v $(pwd)/kibana/config/kibana.yml:/etc/kibana/kibana.yml:rw \
-v $(pwd)/kibana/entrypoint.sh:/usr/local/bin/entrypoint:ro  \
-p "9200:9200" \
blacktop/kibana:x-pack-7.7.1 bash


entrypoint kibana

curl --silent "${kibana_HOSTS}/_cat/health" | awk '{print $4}'

Thanks

blacktop

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
.github/workflows		.github/workflows
elastic		elastic
filebeat/config		filebeat/config
kibana/config		kibana/config
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Docker ZEEK FILEBEAT ELASTIC

elasticsearch

Set The Password

Generate a certificate

kibana

Set The Password

filebeat

zeek

Debug

Thanks

About

Uh oh!

Uh oh!

Languages

XRSec/Docker_Zeek

Folders and files

Latest commit

History

Repository files navigation

Docker ZEEK FILEBEAT ELASTIC

elasticsearch

Set The Password

Generate a certificate

kibana

Set The Password

filebeat

zeek

Debug

Thanks

About

Resources

Uh oh!

Stars

Watchers

Forks

Uh oh!

Languages