smilzo/ElkonMac-0.1

## ElkonMac-0.1
# ElkOnMac 0.1
# This is not a script but a list of command for install the ELK stack on Macos via Homebrew, but using different users for different services,
# that starts at boot time. This kind of installation is not found in any guide who I have searched, only guide for starting the ELK stack after login.
# Released under Creative Commons license Attribution 4.0 International (CC BY 4.0)

NEW_UID=$(( $(dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1) + 1 )); echo $NEW_UID

# Use first available gid from the output of:
dscl . list /Groups PrimaryGroupID | tr -s ' ' | sort -n -t ' ' -k2,2

sudo dscl . create /Groups/brew
sudo dscl . create /Groups/brew RealName "MacHomeBrew support group"
sudo dscl . create /Groups/brew passwd "*"
sudo dscl . create /Groups/brew gid 799

# Creating users for running services
sudo dscl . create "/Users/_elasticsearch"
sudo dscl . create "/Users/_elasticsearch" RealName "elasticsearch"
sudo dscl . create "/Users/_elasticsearch" UniqueID $NEW_UID
sudo dscl . create "/Users/_elasticsearch" PrimaryGroupID 20
sudo dscl . create "/Users/_elasticsearch" AuthenticationAuthority
sudo dscl . create "/Users/_elasticsearch" Password '*'
sudo dscl . create "/Users/_elasticsearch" NFSHomeDirectory "/Users/_elasticsearch"
sudo createhomedir -c -u "_elasticsearch"

sudo dscl . create "/Users/_logstash"
sudo dscl . create "/Users/_logstash" RealName "logstash"
sudo dscl . create "/Users/_logstash" UniqueID $NEW_UID+1
sudo dscl . create "/Users/_logstash" PrimaryGroupID 20
sudo dscl . create "/Users/_logstash" AuthenticationAuthority
sudo dscl . create "/Users/_logstash" Password '*'
sudo dscl . create "/Users/_logstash" NFSHomeDirectory "/Users/_logstash"
sudo createhomedir -c -u "_logstash"

sudo dscl . create "/Users/_kibana"
sudo dscl . create "/Users/_kibana" RealName "kibana"
sudo dscl . create "/Users/_kibana" UniqueID $NEW_UID+2
sudo dscl . create "/Users/_kibana" PrimaryGroupID 20
sudo dscl . create "/Users/_kibana" AuthenticationAuthority
sudo dscl . create "/Users/_kibana" Password '*'
sudo dscl . create "/Users/_kibana" NFSHomeDirectory "/Users/_kibana"
sudo createhomedir -c -u "_kibana"

# Give the user the group membership for access the MacHomebrew data
sudo dscl . create /Groups/brew GroupMembership $MYUSER
sudo dscl . append /Groups/brew GroupMembership _elasticsearch
sudo dscl . append /Groups/brew GroupMembership _logstash
sudo dscl . append /Groups/brew GroupMembership _kibana

# Install brew and packages
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

brew install elasticsearch
brew install logstash
brew install kibana

# Give the permission of service users
sudo chgrp -R brew  $(brew --prefix)
sudo chmod -R g+rwX $(brew --prefix)

# Uncomment the directives: 'server.port: 5601' and 'elasticsearch.hosts: "http://localhost:9200”'
sudo vi /usr/local/etc/kibana/kibana.yml

# Load the plist in launchd for lanching the services at boot time with different user

sudo cp /usr/local/Cellar/elasticsearch/6.7.0/homebrew.mxcl.elasticsearch.plist /Library/LaunchDaemons/
sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist UserName _elasticsearch
sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist
sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist

sudo cp /usr/local/Cellar/logstash/6.7.0/homebrew.mxcl.logstash.plist /Library/LaunchDaemons/
sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.logstash.plist UserName _logstash
sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.logstash.plist
sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.logstash.plist

sudo cp /usr/local/Cellar/kibana/6.7.0/homebrew.mxcl.kibana.plist /Library/LaunchDaemons/
sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.kibana.plist UserName _kibana
sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.kibana.plist
sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.kibana.plist

sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist

sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.logstash.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.logstash.plist

sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.kibana.plist
sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.kibana.plist

# Delete the stale elasticsearch database created during brew installation
sudo rm -rf /usr/local/var/lib/elasticsearch/elasticsearch_*

# Uncomment the directives: 'server.port: 5601' and 'elasticsearch.hosts: "http://localhost:9200”'
sudo vi /usr/local/etc/kibana/kibana.yml

# Logstash don't start without a configured pipeline, so it is ok to get an error on /var/log/system.log
# You can check if Kibana and Elastic search is working going on the Mac with browser on the address: http://localhost:5601/status and get a kibana status page
	# ElkOnMac 0.1
	# This is not a script but a list of command for install the ELK stack on Macos via Homebrew, but using different users for different services,
	# that starts at boot time. This kind of installation is not found in any guide who I have searched, only guide for starting the ELK stack after login.
	# Released under Creative Commons license Attribution 4.0 International (CC BY 4.0)

	NEW_UID=$(( $(dscl . -list /Users UniqueID \| awk '{print $2}' \| sort -n \| tail -1) + 1 )); echo $NEW_UID

	# Use first available gid from the output of:
	dscl . list /Groups PrimaryGroupID \| tr -s ' ' \| sort -n -t ' ' -k2,2

	sudo dscl . create /Groups/brew
	sudo dscl . create /Groups/brew RealName "MacHomeBrew support group"
	sudo dscl . create /Groups/brew passwd "*"
	sudo dscl . create /Groups/brew gid 799

	# Creating users for running services
	sudo dscl . create "/Users/_elasticsearch"
	sudo dscl . create "/Users/_elasticsearch" RealName "elasticsearch"
	sudo dscl . create "/Users/_elasticsearch" UniqueID $NEW_UID
	sudo dscl . create "/Users/_elasticsearch" PrimaryGroupID 20
	sudo dscl . create "/Users/_elasticsearch" AuthenticationAuthority
	sudo dscl . create "/Users/_elasticsearch" Password '*'
	sudo dscl . create "/Users/_elasticsearch" NFSHomeDirectory "/Users/_elasticsearch"
	sudo createhomedir -c -u "_elasticsearch"

	sudo dscl . create "/Users/_logstash"
	sudo dscl . create "/Users/_logstash" RealName "logstash"
	sudo dscl . create "/Users/_logstash" UniqueID $NEW_UID+1
	sudo dscl . create "/Users/_logstash" PrimaryGroupID 20
	sudo dscl . create "/Users/_logstash" AuthenticationAuthority
	sudo dscl . create "/Users/_logstash" Password '*'
	sudo dscl . create "/Users/_logstash" NFSHomeDirectory "/Users/_logstash"
	sudo createhomedir -c -u "_logstash"

	sudo dscl . create "/Users/_kibana"
	sudo dscl . create "/Users/_kibana" RealName "kibana"
	sudo dscl . create "/Users/_kibana" UniqueID $NEW_UID+2
	sudo dscl . create "/Users/_kibana" PrimaryGroupID 20
	sudo dscl . create "/Users/_kibana" AuthenticationAuthority
	sudo dscl . create "/Users/_kibana" Password '*'
	sudo dscl . create "/Users/_kibana" NFSHomeDirectory "/Users/_kibana"
	sudo createhomedir -c -u "_kibana"

	# Give the user the group membership for access the MacHomebrew data
	sudo dscl . create /Groups/brew GroupMembership $MYUSER
	sudo dscl . append /Groups/brew GroupMembership _elasticsearch
	sudo dscl . append /Groups/brew GroupMembership _logstash
	sudo dscl . append /Groups/brew GroupMembership _kibana

	# Install brew and packages
	/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

	brew install elasticsearch
	brew install logstash
	brew install kibana

	# Give the permission of service users
	sudo chgrp -R brew $(brew --prefix)
	sudo chmod -R g+rwX $(brew --prefix)

	# Uncomment the directives: 'server.port: 5601' and 'elasticsearch.hosts: "http://localhost:9200”'
	sudo vi /usr/local/etc/kibana/kibana.yml

	# Load the plist in launchd for lanching the services at boot time with different user

	sudo cp /usr/local/Cellar/elasticsearch/6.7.0/homebrew.mxcl.elasticsearch.plist /Library/LaunchDaemons/
	sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist UserName _elasticsearch
	sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist
	sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist

	sudo cp /usr/local/Cellar/logstash/6.7.0/homebrew.mxcl.logstash.plist /Library/LaunchDaemons/
	sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.logstash.plist UserName _logstash
	sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.logstash.plist
	sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.logstash.plist

	sudo cp /usr/local/Cellar/kibana/6.7.0/homebrew.mxcl.kibana.plist /Library/LaunchDaemons/
	sudo defaults write /Library/LaunchDaemons/homebrew.mxcl.kibana.plist UserName _kibana
	sudo plutil -convert xml1 /Library/LaunchDaemons/homebrew.mxcl.kibana.plist
	sudo chmod 644 /Library/LaunchDaemons/homebrew.mxcl.kibana.plist

	sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist
	sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.elasticsearch.plist

	sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.logstash.plist
	sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.logstash.plist

	sudo launchctl enable system/Library/LaunchDaemons/homebrew.mxcl.kibana.plist
	sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.kibana.plist

	# Delete the stale elasticsearch database created during brew installation
	sudo rm -rf /usr/local/var/lib/elasticsearch/elasticsearch_*

	# Uncomment the directives: 'server.port: 5601' and 'elasticsearch.hosts: "http://localhost:9200”'
	sudo vi /usr/local/etc/kibana/kibana.yml

	# Logstash don't start without a configured pipeline, so it is ok to get an error on /var/log/system.log
	# You can check if Kibana and Elastic search is working going on the Mac with browser on the address: http://localhost:5601/status and get a kibana status page