Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

bump elastic stack to 7.12.1

Browse source
This commit is contained in:
t3chn0m4g3 2021-05-17 16:32:03 +00:00
parent cd91183b8b
commit 0c5ab33b8a
8 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/export_kibana-objects.sh
View file

@ -6,7 +6,7 @@ myKIBANA="http://127.0.0.1:64296/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
if ! [ "$myESSTATUS" = "1" ] if ! [ "$myESSTATUS" = "1" ]
then then
echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
exit exit
else else
echo "### Elasticsearch is available, now continuing." echo "### Elasticsearch is available, now continuing."
@ -15,7 +15,7 @@ fi
# Set vars # Set vars
myDATE=$(date +%Y%m%d%H%M) myDATE=$(date +%Y%m%d%H%M)
myINDEXCOUNT=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].attributes' | tr '\\' '\n' | grep "scripted" | wc -w) myINDEXCOUNT=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].attributes' | tr '\\' '\n' | grep -E "scripted|url" | wc -w)
myINDEXID=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].id' | tr -d '"') myINDEXID=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=index-pattern' | jq '.saved_objects[].id' | tr -d '"')
myDASHBOARDS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=dashboard&per_page=500' | jq '.saved_objects[].id' | tr -d '"') myDASHBOARDS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=dashboard&per_page=500' | jq '.saved_objects[].id' | tr -d '"')
myVISUALIZATIONS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=visualization&per_page=500' | jq '.saved_objects[].id' | tr -d '"') myVISUALIZATIONS=$(curl -s -XGET ''$myKIBANA'api/saved_objects/_find?type=visualization&per_page=500' | jq '.saved_objects[].id' | tr -d '"')

4
bin/import_kibana-objects.sh
View file

@ -6,7 +6,7 @@ myKIBANA="http://127.0.0.1:64296/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green) myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
if ! [ "$myESSTATUS" = "1" ] if ! [ "$myESSTATUS" = "1" ]
then then
echo "### Elasticsearch is not available, try starting via 'systemctl start elk'." echo "### Elasticsearch is not available, try starting via 'systemctl start tpot'."
exit exit
else else
echo "### Elasticsearch is available, now continuing." echo "### Elasticsearch is available, now continuing."
@ -43,7 +43,7 @@ tar xvfz $myDUMP > /dev/null
# Restore index patterns # Restore index patterns
myINDEXID=$(ls patterns/*.json | cut -c 10- | rev | cut -c 6- | rev) myINDEXID=$(ls patterns/*.json | cut -c 10- | rev | cut -c 6- | rev)
myINDEXCOUNT=$(cat patterns/$myINDEXID.json | tr '\\' '\n' | grep "scripted" | wc -w) myINDEXCOUNT=$(cat patterns/$myINDEXID.json | tr '\\' '\n' | grep -E "scripted|url" | wc -w)
echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index pattern fields." $myCOL0 echo $myCOL1"### Now importing"$myCOL0 $myINDEXCOUNT $myCOL1"index pattern fields." $myCOL0
curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/logstash-*' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/logstash-*' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null
curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/'$myINDEXID'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null curl -s -XDELETE ''$myKIBANA'api/saved_objects/index-pattern/'$myINDEXID'' -H "Content-Type: application/json" -H "kbn-xsrf: true" > /dev/null

2
docker/elk/elasticsearch/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.13 FROM alpine:3.13
# #
# VARS # VARS
ENV ES_VER=7.11.1 \ ENV ES_VER=7.12.1 \
JAVA_HOME=/usr/lib/jvm/java-11-openjdk JAVA_HOME=/usr/lib/jvm/java-11-openjdk
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/

4
docker/elk/kibana/Dockerfile
View file

@ -1,7 +1,7 @@
FROM node:14.15.4-alpine FROM node:14.16.1-alpine
# #
# VARS # VARS
ENV KB_VER=7.11.1 ENV KB_VER=7.12.1
# #
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/

2
docker/elk/logstash/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:3.13 FROM alpine:3.13
# #
# VARS # VARS
ENV LS_VER=7.11.1 ENV LS_VER=7.12.1
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/
# #

4
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -512,12 +512,12 @@ if "_grokparsefailure" in [tags] { drop {} }
geoip { geoip {
cache_size => 10000 cache_size => 10000
source => "src_ip" source => "src_ip"
database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.3-java/vendor/GeoLite2-City.mmdb" database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.5-java/vendor/GeoLite2-City.mmdb"
} }
geoip { geoip {
cache_size => 10000 cache_size => 10000
source => "src_ip" source => "src_ip"
database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.3-java/vendor/GeoLite2-ASN.mmdb" database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.5-java/vendor/GeoLite2-ASN.mmdb"
} }
translate { translate {
refresh_interval => 86400 refresh_interval => 86400

BIN
etc/objects/elkbase.tgz
View file

Binary file not shown.

BIN
etc/objects/kibana-objects.tgz
View file

Binary file not shown.