ELK Kali Purple: Unterschied zwischen den Versionen

Version vom 12. April 2024, 10:15 Uhr

ELK Kali Purple Installation

@@ Zeile 1: / Zeile 1: @@
+*[[ELK Kali Purple Installation]]
-=Install elasticsearch=
-*sudo apt update && sudo apt upgrade
-*sudo bash -c "export HOSTNAME=purple.cyber.local; apt-get install elasticsearch -y"
-'''take note of "elastic" user password'''
-;Example: The generated password for the elastic built-in superuser is : '''jYu2XsCOAbI6IXicyt60'''
-;Reset:
-<pre>
-You can complete the following actions at any time:
-Reset the password of the elastic built-in superuser with
-'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.
-Generate an enrollment token for Kibana instances with
- '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.
-Generate an enrollment token for Elasticsearch nodes with
-'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.
-</pre>
-=Convert to single-node setup (or replace fqdn name in initial_master_nodes list with IP address)=
-*sudo sed -e '/cluster.initial_master_nodes/ s/^#*/#/' -i /etc/elasticsearch/elasticsearch.yml
-*echo "discovery.type: single-node" | sudo tee -a /etc/elasticsearch/elasticsearch.yml
-=Install Kibana=
-*sudo apt install kibana
-==Add keys to /etc/kibana/kibana.yml==
-*sudo /usr/share/kibana/bin/kibana-encryption-keys generate -q
-;Created Kibana keystore in /etc/kibana/kibana.keystore
- xpack.encryptedSavedObjects.encryptionKey: eb4257cb863d2cf1c5dc04494a2d5122
- xpack.reporting.encryptionKey: 82a7f97e18d6946bb81762eb4b945b93
- xpack.security.encryptionKey: 0c7aeeef3764088b4048d40b82409f38
-*echo "server.host: \"purple.cyber.local\"" | sudo tee -a /etc/kibana/kibana.yml
-=Anpassungen=
-;Ans Ende
- /etc/kibana/kibana.yml
- server.port: 5601
- server.host: "0.0.0.0"
-==Ensure kali-purple.kali.purple is only mapped to 192.168.253.5 in /etc/hosts in order to bind Kibana to that interface==
-*sudo systemctl enable elasticsearch kibana --now
-=Enroll Kibana=
-*sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
- #open browser and navigate to http://192.168.253.5:5601 enter username=elastic and password as displayed after installation paste token from above
-*sudo /usr/share/kibana/bin/kibana-verification-code
- #enter verification code into Kibana when prompted
-=Enable HTTPS for Kibana=
-*sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca
-*sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns purple.cyber.local,elastic.cyber.local,purple --out kibana-server.p12
-*sudo openssl pkcs12 -in /usr/share/elasticsearch/elastic-stack-ca.p12 -clcerts -nokeys -out /etc/kibana/kibana-server_ca.crt
-*sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.crt -clcerts -nokeys
-*sudo openssl pkcs12 -in /usr/share/elasticsearch/kibana-server.p12 -out /etc/kibana/kibana-server.key -nocerts -nodes
-*sudo chown root:kibana /etc/kibana/kibana-server_ca.crt
-*sudo chown root:kibana /etc/kibana/kibana-server.key
-*sudo chown root:kibana /etc/kibana/kibana-server.crt
-*sudo chmod 660 /etc/kibana/kibana-server_ca.crt
-*sudo chmod 660 /etc/kibana/kibana-server.key
-*sudo chmod 660 /etc/kibana/kibana-server.crt
-*echo "server.ssl.enabled: true" | sudo tee -a /etc/kibana/kibana.yml
-*echo "server.ssl.certificate: /etc/kibana/kibana-server.crt" | sudo tee -a /etc/kibana/kibana.yml
-*echo "server.ssl.key: /etc/kibana/kibana-server.key" | sudo tee -a /etc/kibana/kibana.yml
-*echo "server.publicBaseUrl: \"https://purple.cyber.local:5601\"" | sudo tee -a /etc/kibana/kibana.yml
-*sudo /usr/share/kibana/bin/kibana-encryption-keys generate
- #Copy the generated keys into /etc/kibana/kibana.yml
-*sudo systemctl restart kibana
-=Links=
-*https://gitlab.com/kalilinux/kali-purple/documentation/-/wikis/301_31:-Elastic-Stack-Installation

ELK Kali Purple: Unterschied zwischen den Versionen

Version vom 12. April 2024, 10:15 Uhr

Navigationsmenü

Suche