From a3a292f134ddc05f83f39ae0fb365ab7f5196c1a Mon Sep 17 00:00:00 2001
From: ZennDev1337 <zenndev@protonmail.com>
Date: Tue, 25 Jun 2024 07:33:49 +0200
Subject: [PATCH] first commit

---
 README.md       |  21 +++++
 easyELKnginx.sh | 234 ++++++++++++++++++++++++++++++++++++++++++++++++
 elastic-pre.sh  |   8 ++
 3 files changed, 263 insertions(+)
 create mode 100644 README.md
 create mode 100644 easyELKnginx.sh
 create mode 100644 elastic-pre.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d832da6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# Script to install ELK on Debian
+
+Bash script to install Elastic Stack on Debian and Ubuntu.
+
+## Prerequisites
+
+-   System must be Debian-based / Ubuntu.
+-   Other OS flavors like RedHat, Centos, OpenSuSE require rpms and those are not supported with this script
+
+## Set permission
+
+```
+chmod +x elastic-pre.sh
+chmod +x easyELKnginx.sh
+```
+
+## Run
+
+```
+sh easyELKnginx.sh
+```
diff --git a/easyELKnginx.sh b/easyELKnginx.sh
new file mode 100644
index 0000000..30b513f
--- /dev/null
+++ b/easyELKnginx.sh
@@ -0,0 +1,234 @@
+#!/bin/bash
+#Author : ZennDev1337
+#Email :  zrnndev@protonmail.com
+
+
+#Get hostname and domain name
+HOSTNAME=$(uname -n)
+
+#Get Debian version
+VERSION=$(lsb_release --codename --short)
+
+#Verify running as root:
+check_user() {
+    USER_ID=$(/usr/bin/id -u)
+    return $USER_ID
+}
+
+if [ "$USER_ID" > 0 ]; then
+    echo "You must be a root user" 2>&1
+    exit 1
+fi
+
+#Update system packages
+update_system_packages() {
+    printf "\033[32m Updating packages and install dependencies\033[0m\n"
+    echo "-----------------------------------------------------"
+    apt -y update
+    apt install -y  software-properties-common wget curl software-properties-common apt-transport-https
+}
+
+#Be sure you have GNUPG installed.
+check_gnupg(){
+  printf "\033[32m Checking if GNUPG is installed\033[0m\n"
+    echo "-----------------------------------------"
+    GNUPG=$(which gpg)
+    if [ $GNUPG >/dev/null ]; then
+        echo -n "GNUPG already Installed\n"
+        else
+        echo -e " Error: GNUPG is not installed. Installing\n"
+        apt -y install gnupg2
+    fi
+}
+
+
+#Check NGINX Packages
+check_nginx() {
+    printf "\033[32m Checking if NGINX is installed \033[0m\n"
+    echo    "--------------------------------"
+    NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed")
+    if [ $NGINX -eq 0 ] ; then
+        echo "NGINX is not installed - Installing NGINX now - Please wait \n"
+        apt install -y nginx
+    else
+        echo "NGINX is already installed\n"
+    fi
+}
+
+#check if java installed
+#ELK deployment requires that Java 8 or 11 is installed. Run the below commands to install OpenJDK 11
+check_java() {
+    printf "\033[32m Checking if java is installed \033[0m\n"
+    echo    "--------------------------------"
+    JAVA=$(which java | wc -l)
+    if [ $JAVA -eq 1 ];  then
+        printf "\033[34m Java Installed :)\n \034[0m "
+        java -version 2>&1 | awk -F '"' '/version/ {print $2}'
+        else
+        #install java
+        echo "Installing Java - Please wait "
+        echo "--------------------------------"
+        echo deb http://http.debian.net/debian $VERSION-backports main >> /etc/apt/sources.list
+        apt update && apt install -t $VERSION-backports openjdk-11-jdk
+        fi
+}
+
+#Install and Configure Elasticsearch
+install_elasticsearch() {
+    printf "\033[32m Install Elasticsearch \033[0m\n"
+    echo    "-----------------------------"
+    #import PGP key
+    printf "\033[32m---- Setting up public signing key ---- \033[0m\n"
+    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
+    #update apt sources list
+    printf "\033[32m ---- Saving Repository Definition to /etc/apt/sources/list.d/elastic-7.x.list ---- \033[0m\n"
+    echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
+    printf "\033[32m---- Installing the Elasticsearch Debian Package ----\033[0m\n"
+    apt-get update && apt-get install -y elasticsearch
+}
+
+configure_elasticsearch() {
+    printf "\033[32m Configuring elasticsearch \033[0m\n"
+    echo    "---------------------------"
+    cd /etc/elasticsearch/ || exit
+    #bootstrap.memory_lock: true
+    sed -i '/bootstrap.memory_lock:/s/^#//g' elasticsearch.yml
+    #network.host: localhost
+    sed -i '/network.host/anetwork.host: localhost'  elasticsearch.yml
+    #http.port: 9200
+    sed -i '/http.port:/s/^#//g' elasticsearch.yml
+    #LimitMEMLOCK=infinity
+    sed -i '/LimitMEMLOCK=/s/^#//g' /usr/lib/systemd/system/elasticsearch.service
+    #MAX_LOCKED_MEMORY=unlimited
+    sed -i '/MAX_LOCKED_MEMORY=/s/^#//g' /etc/default/elasticsearch
+    printf "\033[0m\n---- starting elasticsearch ----\033[0m\n"
+    #start service
+    CMD=$(command -v systemctl)
+    if [ $CMD > /dev/null ] ; then
+        systemctl daemon-reload
+        systemctl enable --now elasticsearch
+    else
+        update-rc.d elasticsearch defaults 95 10
+        service elasticsearch start
+    fi
+    sleep 60
+    #check if service is running
+    printf " ---- check if elasticsearch is running ----"
+    SVC='elasticsearch'
+    if ps ax | grep -v grep | grep $SVC > /dev/null ; then
+        echo "\033[32m-----Elasticsearch service is running----\033[0m\n"
+    else
+        echo "\033[31m----Elasticsearch Server is stopped - please check your installation----\033[0m\n"
+        exit 1
+    fi
+}
+
+#Install and Configure Kibana with NGINX
+install_kibana() {
+    printf "\033[32m ---- Installing kibana ---- \033[0m\n"
+    #get eth 
+    IP=$(hostname -I | awk '{print $1}')
+    #install package
+    apt-get install -y kibana
+    printf "\033[32m  ---- Setting up public signing key ----\033[0m\n"
+    cd /etc/kibana || exit
+    #server.port: 5601
+    sed -i "/server.port:/s/^#//g" /etc/kibana/kibana.yml
+    #The default is 'localhost', which usually means remote machines will not be able to connect.
+    #server.host: "localhost"
+    sed -i "/server.host/aserver.host: ${IP}"  /etc/kibana/kibana.yml
+    #Elastic url
+    sed -i '/elasticsearch.url:/s/^#//g' /etc/kibana/kibana.yml
+    #locale
+    sed -i "i18n.locale:/s/^#//g" /etc/kibana/kibana.yml
+    #start kibana
+    printf "\033[32m ---- Updating start daemon Kibana ---- \033[0m\n"
+    CMD=$(command -v systemctl)
+    if [ $CMD > /dev/null ] ; then
+        systemctl daemon-reload
+        systemctl enable --now kibana.service
+    else
+        update-rc.d kibana defaults 95 10
+        service kibana start
+    fi
+}
+
+configure_kibana_auth() {
+    printf "\033[32m ---- Configuring Kibana ---- \033[0m\n"
+    admpwd="password"
+    #touch /etc/nginx/htpasswd.users
+    echo "---- configuring password for kibana nginx  for basic security ----\n"
+    echo "admin:$(openssl passwd -apr1 $admpwd)" | tee -a /etc/nginx/.htpasswd.users
+touch /etc/nginx/sites-available/kibana
+cat > /etc/nginx/sites-available/kibana <<\EOF
+server {
+     listen 80;
+     server_name $HOSTNAME;
+     auth_basic "Kibana";
+     auth_basic_user_file /etc/nginx/.htpasswd.users;
+     error_log   /var/log/nginx/kibana.error.log;
+     access_log  /var/log/nginx/kibana.access.log;
+     location / {
+        proxy_pass http://$IP:5601;
+        rewrite ^/(.*) /$1 break;
+        proxy_ignore_client_abort on;
+        proxy_set_header  X-Real-IP  $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  Host $http_host;
+               }
+ }
+EOF
+        ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/
+        mv /etc/nginx/sites-avaliable/default /tmp
+        #check if KIBANA port is active
+        KBSVC='kibana'
+        if ps ax | grep -v grep | grep $KBSVC > /dev/null ; then
+            printf "\033[0m\n ---- Kibana service is running --- \033[0m\n"
+        else
+            printf "\033[31m ---- Kibana Server is stopped - please check your installation \033[0m\n ---- "
+            exit 1
+        fi
+        service nginx reload
+}
+
+
+
+install_logstash() {
+    #install pacjage
+    apt-get install -y logstash
+    #create config file
+    touch /etc/logstash/conf.d/logstash.conf
+    cd /etc/logstash/conf.d/ || exit
+    #start logstash
+    systemctl daemon-reload
+    systemctl start logstash.service
+    systemctl enable logstash.service
+}
+
+test_elasticsearch_port(){
+    echo -n "Testing if Elasticsearch is Ruuning on port 9200 \n"
+    echo    "---------------------------------------------------"   
+PORT=9200
+URL="http://localhost:$PORT"
+# Check that Elasticsearch is running
+curl -s $URL 2>&1 > /dev/null
+if [ $? != 0 ]; then
+    echo "Unable to contact Elasticsearch on port $PORT."
+    echo "Please ensure Elasticsearch is running and can be reached at $URL"
+    exit -1
+    else
+    echo -n "Service is Running \n"
+    
+fi
+}
+
+check_user
+update_system_packages
+check_nginx
+check_java
+install_elasticsearch
+configure_elasticsearch 
+install_kibana
+configure_kibana_auth
+install_logstash
+test_elasticsearch_port
diff --git a/elastic-pre.sh b/elastic-pre.sh
new file mode 100644
index 0000000..946e797
--- /dev/null
+++ b/elastic-pre.sh
@@ -0,0 +1,8 @@
+################### INSTALL PREREQUISITIES  #####################
+sudo apt update
+sudo apt -y install default-jre curl jq
+wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
+sudo apt -y install apt-transport-https
+echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
+sudo apt update
+sudo apt -y install elasticsearch