Last active
October 8, 2018 04:06
-
-
Save nurhambali/0c75914451a21b078bfaf463f7852764 to your computer and use it in GitHub Desktop.
Install ELK & Wazu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
install wazuh & ELK | |
#Add Repo | |
cat > /etc/yum.repos.d/wazuh.repo <<\EOF | |
[wazuh_repo] | |
gpgcheck=1 | |
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH | |
enabled=1 | |
name=Wazuh repository | |
baseurl=https://packages.wazuh.com/3.x/yum/ | |
protect=1 | |
EOF | |
#install Wazuh Manager | |
yum install wazuh-manager -y | |
systemctl start wazuh-manager | |
systemctl enable wazuh-manager | |
systemctl status wazuh-manager | |
#Install Wazuh API | |
yum install wazuh-api -y | |
systemctl start wazuh-api | |
systemctl enable wazuh-api | |
systemctl status wazuh-api | |
##Install ELK | |
#install Java | |
yum install java -y | |
#Add Repo elk | |
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
cat > /etc/yum.repos.d/elasticsearch.repo <<\EOF | |
[logstash-6.x] | |
name=Elastic repository for 6.x packages | |
baseurl=https://artifacts.elastic.co/packages/6.x/yum | |
gpgcheck=1 | |
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
enabled=1 | |
autorefresh=1 | |
type=rpm-md | |
EOF | |
# install ELK | |
yum install elasticsearch kibana logstash -y | |
# hilangkan tanda # pada line 40 di /etc/elasticsearch/elasticsearch.yml | |
bootstrap.memory_lock: true | |
network.host: localhost | |
http.port: 9200 | |
#hilangkan tanda # pada /usr/lib/systemd/system/elasticsearch.service | |
nano /usr/lib/systemd/system/elasticsearch.service | |
LimitMEMLOCK=infinity | |
#hilangkan tanda # pada nano /etc/sysconfig/elasticsearch | |
nano nano /etc/sysconfig/elasticsearch | |
MAX_LOCKED_MEMORY=unlimited | |
#start service elasticsearch | |
systemctl daemon-reload | |
systemctl enable elasticsearch | |
systemctl start elasticsearch | |
systemctl status elasticsearch | |
#hilang tanda # pada /etc/kibana/kibana.yml | |
nano /etc/kibana/kibana.yml | |
## cari file di bawah ini | |
server.port: 5601 | |
server.host: "localhost" | |
elasticsearch.url: "http://localhost:9200" | |
#start service kibana | |
systemctl daemon-reload | |
systemctl enable kibana | |
systemctl start kibana | |
systemctl status kibana | |
#start service Logstash | |
systemctl daemon-reload | |
systemctl enable logstash | |
systemctl start logstash | |
systemctl status logstash | |
#install nginx | |
yum install epel-release -y | |
yum install nginx httpd-tools -y | |
#tambah kan tanda # pada /etc/nginx/nginx.conf | |
dari mulai tulisan server { } | |
#buat fle baru seperti di bawah ini | |
cat /etc/nginx/conf.d/elk.conf <<\EOF | |
server { | |
listen 80; | |
listen [::]:80; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 default_server; | |
listen [::]:443; | |
ssl on; | |
ssl_certificate /opt/ssl.pem; | |
ssl_certificate_key /opt/ssl.key; | |
access_log /var/log/nginx/nginx.access.log; | |
error_log /var/log/nginx/nginx.error.log; | |
location / { | |
auth_basic "Restricted"; | |
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; | |
proxy_pass http://localhost:5601/; | |
} | |
} | |
EOF | |
#start service nginx | |
systemctl start nginx | |
systemctl enable nginx | |
systemctl status nginx | |
#lakukan Perintah ini | |
htpasswd -c /etc/nginx/conf.d/kibana.htpasswd admin | |
#stop firewalld | |
systemctl stop firewalld | |
systemctl disable firewalld | |
# rubah file selinux SELINUX=enforcing menjadi enforcing=disabled | |
nano /etc/sysconfig/selinux | |
#Load the Wazuh template for Elasticsearch | |
curl https://raw.githubusercontent.com/wazuh/wazuh/3.6/extensions/elasticsearch/wazuh-elastic6-template-alerts.json | curl -XPUT 'http://localhost:9200/_template/wazuh' -H 'Content-Type: application/json' -d @- | |
#Download the Wazuh configuration file for Logstash: | |
curl -so /etc/logstash/conf.d/01-wazuh.conf https://raw.githubusercontent.com/wazuh/wazuh/3.6/extensions/logstash/01-wazuh-local.conf | |
usermod -a -G ossec logstash | |
#load Kibana APP | |
/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-3.6.1_6.4.2.zip | |
#lakukan resatrt | |
reboot | |
# Add authentikasi API Wazuh https://documentation.wazuh.com/current/user-manual/kibana-app/connect-kibana-app.html | |
cd /var/ossec/api/configuration/auth | |
node htpasswd -c user admin | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment