Peter Titov iamhowardtheduck
iamhowardtheduck
/ elasticStackInstall.sh
Created
October 4, 2018 21:46
Automated install (not config) of the entire Elastic Stack.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # ------------------------------------------------------------------------------ | |
| # | |
| # install epel gpg key | |
| echo "Installing EPEL gpg key." | |
| rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 | |
| # install epel | |
| echo "Installing EPEL repository" | |
| yum install epel* -y | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # ------------------------------------------------------------------------------ | |
| # Begin welcome screen. | |
| clear | |
| echo -e "\n\n\n\n\n\n\n\n\n\n\n\n" | |
| echo "Welcome to the $(tput setaf 1)ArcSight$(tput setaf 7) configurator for $(tput setaf 4)Elastic$(tput setaf 7) 2.0." | |
| echo | |
| echo "Before we begin, we're going to need a few packages." | |
| echo | |
| echo "First we'll install the EPEL repository, then install the following packages:" |
iamhowardtheduck
/ ELKUninstall.sh
Last active
April 28, 2019 01:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # ------------------------------------------------------------------------------ | |
| service elasticsearch stop | |
| service kibana stop | |
| service logstash stop | |
| yum remove elasticsearch kibana logstash filebeat packetbeat metricbeat heartbeat-elastic -y | |
| rm -rf /etc/elasticsearch | |
| rm -rf /etc/kibana | |
| rm -rf /etc/logstash | |
| rm -rf /etc/yum.repos.d/elasticsearch.repo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Begin welcome screen. | |
| clear | |
| echo -e "\n\n\n\n\n\n\n\n\n\n\n\n" | |
| echo "Welcome to the $(tput setaf 1)ArcSight$(tput setaf 7) Investigate for the $(tput setaf 4)Masses$(tput setaf 7) 1.0." | |
| echo | |
| echo "Before we begin, we're going to need wget & kafka." | |
| yum install wget -y | |
| wget http://apache.claz.org/kafka/2.0.0/kafka_2.11-2.0.0.tgz | |
| echo "Now let's unwrap our Kafka present!" | |
| tar xvf kafka_2.11-2.0.0.tgz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Welcome to the ECE Auto-Install Script PART 1." | |
| echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS" | |
| echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!" | |
| echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' has been run." | |
| echo "Once down, your system will reboot; once it does start PART 2." | |
| read -n 1 -s -r -p "Press any key to continue" | |
| sudo yum install wget -y | |
| sudo /sbin/grubby --update-kernel=ALL --args='cgroup_enable=memory cgroup.memory=nokmem swapaccount=1' | |
| echo "overlay" | sudo tee -a /etc/modules-load.d/overlay.conf | |
| sudo grub2-set-default 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Welcome to the ECE Auto-Install Script PART 2." | |
| echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS" | |
| echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!" | |
| echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' & ECE Install Part 1 has been run." | |
| read -n 1 -s -r -p "Press any key to continue" | |
| sudo docker info | grep Root | |
| bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install | |
| adminPassword=$(grep -oP '(?<=adminconsole_root_password":")[^"]*' /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json) | |
| bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 8.6.1 --user admin --pass ${adminPassword} | |
| bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 8.6.0 --user admin --pass ${adminPassword} |
iamhowardtheduck
/ ECE-Eclipse.sh
Last active
February 11, 2023 13:08
Single script to install and configure ECE. WORK IN PROGRESS: Option 1 good, Option 2 good, Option 3 only installs repositories, Option 4 good.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo yum install dialog -y | |
| cmd=(dialog --radiolist "ECE: Eclipse Installation" 22 95 16) | |
| options=(1 "Prepare system for ECE install, then reboot." off # any option can be set to default to "on" | |
| 2 "Install ECE, download all available versions, & create an Elastic cluster." off | |
| 3 "Configure the Elasticsearch repository, download, install, and configure Beats." off | |
| 4 "Make like a tree, and leave." off) | |
| choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
| clear | |
| for choice in $choices | |
| do |
iamhowardtheduck
/ ECE-Eclipse-RC.sh
Last active
April 16, 2019 02:02
ECE Eclipse - Rolling Build, Release Candidate, Testing, NOT FOR PRODUCTION
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo yum install dialog -y | |
| cmd=(dialog --radiolist "ECE: Eclipse Installation" 22 95 16) | |
| options=(1 "Prepare system for ECE install, then reboot." off # any option can be set to default to "on" | |
| 2 "Install ECE, download all available versions, & create an Elastic cluster." off | |
| 3 "Configure the Elasticsearch repository, download, install, and configure Beats." off | |
| 4 "Make like a tree, and leave." off) | |
| choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
| clear | |
| for choice in $choices | |
| do |
iamhowardtheduck
/ beatsConfig.sh
Last active
April 19, 2019 20:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| ## Set variables for easy coding | |
| # Outputs | |
| pBeatOut="sudo tee -a /etc/packetbeat/packetbeat.yml" | |
| mBeatOut="sudo tee -a /etc/metricbeat/metricbeat.yml" | |
| fBeatOut="sudo tee -a /etc/filebeat/filebeat.yml" | |
| hBeatOut="sudo tee -a /etc/heartbeat/heartbeat.yml" | |
| # Metricbeat Modules | |
| mBeatSys="sudo tee -a /etc/metricbeat/modules.d/system.yml" | |
| fBeatSys="sudo tee -a /etc/filebeat/modules.d/system.yml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # INSTALL DEPENDENCIES | |
| sudo yum install epel* -y && sudo yum install java-1.8* nano vim git net-tools -y && sudo yum update -y | |
| # | |
| # | |
| # INSTALL ELASTIC REPO & DOWNLOAD METRIC & FILEBEAT | |
| sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
| sudo touch /etc/yum.repos.d/elasticsearch.repo | |
| echo "[elasticsearch-7.x]" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "name=Elasticsearch repository for 7.x packages" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "baseurl=https://artifacts.elastic.co/packages/7.x/yum" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo |
OlderNewer