tpotce/docker/elk/logstash/dist/entrypoint.sh

#!/bin/bash

# Let's ensure normal operation on exit or if interrupted ...
function fuCLEANUP {
  exit 0
}
trap fuCLEANUP EXIT

# Source ENVs from file ...
if [ -f "/data/tpot/etc/compose/elk_environment" ];
  then
    echo "Found .env, now exporting ..."
    set -o allexport
    source "/data/tpot/etc/compose/elk_environment"
    LS_SSL_VERIFICATION="${LS_SSL_VERIFICATION:-full}"
    set +o allexport
fi

# Check internet availability 
function fuCHECKINET () {
mySITES=$1
error=0
for i in $mySITES;
  do
    curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
      if [ $? -ne 0 ];
        then
          let error+=1
      fi;
  done;
  echo $error
}

# Check for connectivity and download latest translation maps
myCHECK=$(fuCHECKINET "listbot.sicherheitstacho.eu")
if [ "$myCHECK" == "0" ];
  then
    echo "Connection to Listbot looks good, now downloading latest translation maps."
    cd /etc/listbot 
    aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/cve.yaml.bz2 && \
    aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \
    bunzip2 -f *.bz2
    cd /
  else
    echo "Cannot reach Listbot, starting Logstash without latest translation maps."
fi

# Distributed T-Pot installation needs a different pipeline config 
if [ "$TPOT_TYPE" == "SENSOR" ];
  then
    echo
    echo "Distributed T-Pot setup, sending T-Pot logs to $TPOT_HIVE_IP."
    echo
    echo "T-Pot type: $TPOT_TYPE"
    echo "Hive IP: $TPOT_HIVE_IP"
    echo "SSL verification: $LS_SSL_VERIFICATION"
    echo
   # Ensure correct file permissions for private keyfile or SSH will ask for password
    cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml
fi

if [ "$TPOT_TYPE" != "SENSOR" ];
  then
    echo
    echo "This is a T-Pot STANDARD / HIVE installation."
    echo
    echo "T-Pot type: $TPOT_TYPE"
    echo

    # Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES.
    myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c)
    if [ "$myTPOTILM" == "1" ];
      then
        echo "T-Pot ILM template not found on ES, putting it on ES now."
        curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d'
        {
          "policy": {
            "phases": {
              "hot": {
                "min_age": "0ms",
                "actions": {}
              },
              "delete": {
                "min_age": "30d",
                "actions": {
                  "delete": {
                    "delete_searchable_snapshot": true
                  }
                }
              }
            },
            "_meta": {
              "managed": true,
              "description": "T-Pot ILM policy with a retention of 30 days"
            }
          }
        }'
      else
        echo "T-Pot ILM already configured or ES not available."
    fi
fi
echo

ARCH=$(arch)
if [ "$ARCH" = "aarch64" ]; then
  export _JAVA_OPTIONS="-XX:UseSVE=0";
fi
exec /usr/share/logstash/bin/logstash --config.reload.automatic
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00			`#!/bin/bash`

			`# Let's ensure normal operation on exit or if interrupted ...`
			`function fuCLEANUP {`
			`exit 0`
			`}`
			`trap fuCLEANUP EXIT`

add option to retrieve ENVs from file 2023-05-02 11:11:05 +00:00			`# Source ENVs from file ...`
			`if [ -f "/data/tpot/etc/compose/elk_environment" ];`
			`then`
			`echo "Found .env, now exporting ..."`
Include config option to disable SSL verification Adjust README accordingly Fixes #1543 2024-06-04 13:33:28 +00:00			`set -o allexport`
			`source "/data/tpot/etc/compose/elk_environment"`
			`LS_SSL_VERIFICATION="${LS_SSL_VERIFICATION:-full}"`
			`set +o allexport`
add option to retrieve ENVs from file 2023-05-02 11:11:05 +00:00			`fi`

download instead of git pull download translation maps rather than running a git pull translation maps will now be bzip2 compressed to reduce traffic to a minimum fixes #432 2019-08-14 14:43:47 +00:00			`# Check internet availability`
			`function fuCHECKINET () {`
			`mySITES=$1`
			`error=0`
			`for i in $mySITES;`
			`do`
			`curl --connect-timeout 5 -Is $i 2>&1 > /dev/null`
			`if [ $? -ne 0 ];`
			`then`
			`let error+=1`
			`fi;`
			`done;`
			`echo $error`
			`}`

			`# Check for connectivity and download latest translation maps`
prep for new listbot FQDN 2020-05-12 09:19:09 +00:00			`myCHECK=$(fuCHECKINET "listbot.sicherheitstacho.eu")`
download instead of git pull download translation maps rather than running a git pull translation maps will now be bzip2 compressed to reduce traffic to a minimum fixes #432 2019-08-14 14:43:47 +00:00			`if [ "$myCHECK" == "0" ];`
			`then`
prep for new listbot FQDN 2020-05-12 09:19:09 +00:00			`echo "Connection to Listbot looks good, now downloading latest translation maps."`
download instead of git pull download translation maps rather than running a git pull translation maps will now be bzip2 compressed to reduce traffic to a minimum fixes #432 2019-08-14 14:43:47 +00:00			`cd /etc/listbot`
prep for new listbot FQDN 2020-05-12 09:19:09 +00:00			`aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/cve.yaml.bz2 && \`
			`aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \`
download instead of git pull download translation maps rather than running a git pull translation maps will now be bzip2 compressed to reduce traffic to a minimum fixes #432 2019-08-14 14:43:47 +00:00			`bunzip2 -f *.bz2`
			`cd /`
			`else`
prep for new listbot FQDN 2020-05-12 09:19:09 +00:00			`echo "Cannot reach Listbot, starting Logstash without latest translation maps."`
download instead of git pull download translation maps rather than running a git pull translation maps will now be bzip2 compressed to reduce traffic to a minimum fixes #432 2019-08-14 14:43:47 +00:00			`fi`
logstash template not upgraded with daily index enabled logstash will not be able to put new events into ES simple solution, just deleting logstash template upon logstash start and leave it to logstash to upload the latest template . 2020-02-01 14:08:23 +00:00
re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`# Distributed T-Pot installation needs a different pipeline config`
			`if [ "$TPOT_TYPE" == "SENSOR" ];`
Work in progress! This is the foundation for the distributed T-Pot feature, highly work in progress, only works with local docker image builds, will be available for prod for upcoming T-Pot 22xx. 2022-01-03 18:24:17 +00:00			`then`
			`echo`
re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`echo "Distributed T-Pot setup, sending T-Pot logs to $TPOT_HIVE_IP."`
Work in progress! This is the foundation for the distributed T-Pot feature, highly work in progress, only works with local docker image builds, will be available for prod for upcoming T-Pot 22xx. 2022-01-03 18:24:17 +00:00			`echo`
re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`echo "T-Pot type: $TPOT_TYPE"`
			`echo "Hive IP: $TPOT_HIVE_IP"`
Include config option to disable SSL verification Adjust README accordingly Fixes #1543 2024-06-04 13:33:28 +00:00			`echo "SSL verification: $LS_SSL_VERIFICATION"`
Work in progress! This is the foundation for the distributed T-Pot feature, highly work in progress, only works with local docker image builds, will be available for prod for upcoming T-Pot 22xx. 2022-01-03 18:24:17 +00:00			`echo`
re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`# Ensure correct file permissions for private keyfile or SSH will ask for password`
logstash cleanup, prep for multiarch, move to ubuntu log4pot tweaking 2022-01-23 14:49:07 +00:00			`cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml`
Work in progress! This is the foundation for the distributed T-Pot feature, highly work in progress, only works with local docker image builds, will be available for prod for upcoming T-Pot 22xx. 2022-01-03 18:24:17 +00:00			`fi`

re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`if [ "$TPOT_TYPE" != "SENSOR" ];`
Tweaking Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE) Add Index Lifecycle Management in favor of elasticsearch-curator Point all images to 2203 tags 2022-01-14 15:52:08 +00:00			`then`
re-implement distributed feature, without ssh add sensor compose file add distributed option to tpot config housekeeping / cleanup 2024-01-05 19:19:50 +00:00			`echo`
			`echo "This is a T-Pot STANDARD / HIVE installation."`
			`echo`
			`echo "T-Pot type: $TPOT_TYPE"`
			`echo`

fixes #1320 2023-05-03 22:01:36 +00:00			`# Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES.`
			`myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" \| grep "Lifecycle policy not found: tpot" -c)`
			`if [ "$myTPOTILM" == "1" ];`
			`then`
			`echo "T-Pot ILM template not found on ES, putting it on ES now."`
			`curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d'`
			`{`
			`"policy": {`
			`"phases": {`
			`"hot": {`
			`"min_age": "0ms",`
			`"actions": {}`
			`},`
Tweaking Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE) Add Index Lifecycle Management in favor of elasticsearch-curator Point all images to 2203 tags 2022-01-14 15:52:08 +00:00			`"delete": {`
fixes #1320 2023-05-03 22:01:36 +00:00			`"min_age": "30d",`
			`"actions": {`
			`"delete": {`
			`"delete_searchable_snapshot": true`
			`}`
			`}`
Tweaking Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE) Add Index Lifecycle Management in favor of elasticsearch-curator Point all images to 2203 tags 2022-01-14 15:52:08 +00:00			`}`
fixes #1320 2023-05-03 22:01:36 +00:00			`},`
			`"_meta": {`
			`"managed": true,`
			`"description": "T-Pot ILM policy with a retention of 30 days"`
Tweaking Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE) Add Index Lifecycle Management in favor of elasticsearch-curator Point all images to 2203 tags 2022-01-14 15:52:08 +00:00			`}`
prep for ipphoney 2020-08-25 12:25:59 +00:00			`}`
fixes #1320 2023-05-03 22:01:36 +00:00			`}'`
			`else`
			`echo "T-Pot ILM already configured or ES not available."`
			`fi`
Tweaking Remove Elasticsearch-Curator in packages, configs and references (BREAKING CHANGE) Add Index Lifecycle Management in favor of elasticsearch-curator Point all images to 2203 tags 2022-01-14 15:52:08 +00:00			`fi`
prep for elk 7.9 2020-08-24 10:35:46 +00:00			`echo`
add option to retrieve ENVs from file 2023-05-02 11:11:05 +00:00
Disable Scalable Vector Engine (XX:UseSVE=0) to fix issues on macOS and other ARM platforms https://github.com/elastic/elasticsearch/issues/118583 2025-01-06 14:50:08 +00:00			`ARCH=$(arch)`
			`if [ "$ARCH" = "aarch64" ]; then`
			`export _JAVA_OPTIONS="-XX:UseSVE=0";`
			`fi`
add option to retrieve ENVs from file 2023-05-02 11:11:05 +00:00			`exec /usr/share/logstash/bin/logstash --config.reload.automatic`