#!/bin/bash #Author : ZennDev1337 #Email : zrnndev@protonmail.com #Get hostname and domain name HOSTNAME=$(uname -n) #Get Debian version VERSION=$(lsb_release --codename --short) #Verify running as root: check_user() { USER_ID=$(/usr/bin/id -u) return $USER_ID } if [ "$USER_ID" > 0 ]; then echo "You must be a root user" 2>&1 exit 1 fi ################### INSTALL PREREQUISITIES ##################### install_prerequisities(){ printf "\033[32m Installing packages from prerequisities\033[0m\n" echo "-----------------------------------------------------" apt -y update apt -y install default-jre curl jq wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - apt -y install apt-transport-https echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list apt -y update apt -y install elasticsearch } #Update system packages update_system_packages() { printf "\033[32m Updating packages and install dependencies\033[0m\n" echo "-----------------------------------------------------" apt -y update apt install -y software-properties-common wget curl software-properties-common apt-transport-https } #Be sure you have GNUPG installed. check_gnupg(){ printf "\033[32m Checking if GNUPG is installed\033[0m\n" echo "-----------------------------------------" GNUPG=$(which gpg) if [ $GNUPG >/dev/null ]; then echo -n "GNUPG already Installed\n" else echo -e " Error: GNUPG is not installed. Installing\n" apt -y install gnupg2 fi } #Check NGINX Packages check_nginx() { printf "\033[32m Checking if NGINX is installed \033[0m\n" echo "--------------------------------" NGINX=$(dpkg-query -W -f='${Status}' nginx 2>/dev/null | grep -c "ok installed") if [ $NGINX -eq 0 ] ; then echo "NGINX is not installed - Installing NGINX now - Please wait \n" apt install -y nginx else echo "NGINX is already installed\n" fi } #check if java installed #ELK deployment requires that Java 8 or 11 is installed. Run the below commands to install OpenJDK 11 check_java() { printf "\033[32m Checking if java is installed \033[0m\n" echo "--------------------------------" JAVA=$(which java | wc -l) if [ $JAVA -eq 1 ]; then printf "\033[34m Java Installed :)\n \034[0m " java -version 2>&1 | awk -F '"' '/version/ {print $2}' else #install java echo "Installing Java - Please wait " echo "--------------------------------" echo deb http://http.debian.net/debian $VERSION-backports main >> /etc/apt/sources.list apt update && apt install -t $VERSION-backports openjdk-11-jdk fi } #Install and Configure Elasticsearch install_elasticsearch() { printf "\033[32m Install Elasticsearch \033[0m\n" echo "-----------------------------" #import PGP key printf "\033[32m---- Setting up public signing key ---- \033[0m\n" wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - #update apt sources list printf "\033[32m ---- Saving Repository Definition to /etc/apt/sources/list.d/elastic-7.x.list ---- \033[0m\n" echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list printf "\033[32m---- Installing the Elasticsearch Debian Package ----\033[0m\n" apt-get update && apt-get install -y elasticsearch } configure_elasticsearch() { printf "\033[32m Configuring elasticsearch \033[0m\n" echo "---------------------------" cd /etc/elasticsearch/ || exit #bootstrap.memory_lock: true sed -i '/bootstrap.memory_lock:/s/^#//g' elasticsearch.yml #network.host: localhost sed -i '/network.host/anetwork.host: localhost' elasticsearch.yml #http.port: 9200 sed -i '/http.port:/s/^#//g' elasticsearch.yml #LimitMEMLOCK=infinity sed -i '/LimitMEMLOCK=/s/^#//g' /usr/lib/systemd/system/elasticsearch.service #MAX_LOCKED_MEMORY=unlimited sed -i '/MAX_LOCKED_MEMORY=/s/^#//g' /etc/default/elasticsearch printf "\033[0m\n---- starting elasticsearch ----\033[0m\n" #start service CMD=$(command -v systemctl) if [ $CMD > /dev/null ] ; then systemctl daemon-reload systemctl enable --now elasticsearch else update-rc.d elasticsearch defaults 95 10 service elasticsearch start fi sleep 60 #check if service is running printf " ---- check if elasticsearch is running ----" SVC='elasticsearch' if ps ax | grep -v grep | grep $SVC > /dev/null ; then echo "\033[32m-----Elasticsearch service is running----\033[0m\n" else echo "\033[31m----Elasticsearch Server is stopped - please check your installation----\033[0m\n" exit 1 fi } #Install and Configure Kibana with NGINX install_kibana() { printf "\033[32m ---- Installing kibana ---- \033[0m\n" #get eth IP=$(hostname -I | awk '{print $1}') #install package apt-get install -y kibana printf "\033[32m ---- Setting up public signing key ----\033[0m\n" cd /etc/kibana || exit #server.port: 5601 sed -i "/server.port:/s/^#//g" /etc/kibana/kibana.yml #The default is 'localhost', which usually means remote machines will not be able to connect. #server.host: "localhost" sed -i "/server.host/aserver.host: ${IP}" /etc/kibana/kibana.yml #Elastic url sed -i '/elasticsearch.url:/s/^#//g' /etc/kibana/kibana.yml #locale sed -i "i18n.locale:/s/^#//g" /etc/kibana/kibana.yml #start kibana printf "\033[32m ---- Updating start daemon Kibana ---- \033[0m\n" CMD=$(command -v systemctl) if [ $CMD > /dev/null ] ; then systemctl daemon-reload systemctl enable --now kibana.service else update-rc.d kibana defaults 95 10 service kibana start fi } configure_kibana_auth() { printf "\033[32m ---- Configuring Kibana ---- \033[0m\n" admpwd="password" #touch /etc/nginx/htpasswd.users echo "---- configuring password for kibana nginx for basic security ----\n" echo "admin:$(openssl passwd -apr1 $admpwd)" | tee -a /etc/nginx/.htpasswd.users touch /etc/nginx/sites-available/kibana cat > /etc/nginx/sites-available/kibana <<\EOF server { listen 80; server_name $HOSTNAME; auth_basic "Kibana"; auth_basic_user_file /etc/nginx/.htpasswd.users; error_log /var/log/nginx/kibana.error.log; access_log /var/log/nginx/kibana.access.log; location / { proxy_pass http://$IP:5601; rewrite ^/(.*) /$1 break; proxy_ignore_client_abort on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } } EOF ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/ mv /etc/nginx/sites-avaliable/default /tmp #check if KIBANA port is active KBSVC='kibana' if ps ax | grep -v grep | grep $KBSVC > /dev/null ; then printf "\033[0m\n ---- Kibana service is running --- \033[0m\n" else printf "\033[31m ---- Kibana Server is stopped - please check your installation \033[0m\n ---- " exit 1 fi service nginx reload } install_logstash() { #install pacjage apt-get install -y logstash #create config file touch /etc/logstash/conf.d/logstash.conf cd /etc/logstash/conf.d/ || exit #start logstash systemctl daemon-reload systemctl start logstash.service systemctl enable logstash.service } test_elasticsearch_port(){ echo -n "Testing if Elasticsearch is Ruuning on port 9200 \n" echo "---------------------------------------------------" PORT=9200 URL="http://localhost:$PORT" # Check that Elasticsearch is running curl -s $URL 2>&1 > /dev/null if [ $? != 0 ]; then echo "Unable to contact Elasticsearch on port $PORT." echo "Please ensure Elasticsearch is running and can be reached at $URL" exit -1 else echo -n "Service is Running \n" fi } check_user install_prerequisities update_system_packages check_nginx check_java install_elasticsearch configure_elasticsearch install_kibana configure_kibana_auth install_logstash test_elasticsearch_port