From aaccb43471af850c6c9bf206eb8a5538248224a9 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Mon, 20 Dec 2021 11:17:18 +0000
Subject: [PATCH] bump elk stack to 7.16.2

ELK 7.16.2 includes log4j 2.17.0 to address latest issues
---
 docker/elk/elasticsearch/Dockerfile    | 2 +-
 docker/elk/kibana/Dockerfile           | 2 +-
 docker/elk/logstash/Dockerfile         | 2 +-
 docker/elk/logstash/dist/logstash.conf | 4 ++--
 etc/logrotate/logrotate.conf           | 1 +
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docker/elk/elasticsearch/Dockerfile b/docker/elk/elasticsearch/Dockerfile
index 930de3f6..2dc44ef9 100644
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.14
 #
 # VARS
-ENV ES_VER=7.16.1 \
+ENV ES_VER=7.16.2 \
     ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk
 
 # Include dist
diff --git a/docker/elk/kibana/Dockerfile b/docker/elk/kibana/Dockerfile
index b63a020c..a11240c7 100644
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@@ -1,7 +1,7 @@
 FROM node:16.13.0-alpine3.14
 #
 # VARS
-ENV KB_VER=7.16.1
+ENV KB_VER=7.16.2
 # 
 # Include dist
 ADD dist/ /root/dist/
diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile
index 085ead17..cba52df4 100644
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.14
 #
 # VARS
-ENV LS_VER=7.16.1
+ENV LS_VER=7.16.2
 # Include dist
 ADD dist/ /root/dist/
 #
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index c464ee50..9155dd7f 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -670,12 +670,12 @@ if "_jsonparsefailure" in [tags] { drop {} }
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-City.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.8-java/vendor/GeoLite2-City.mmdb"
     }
     geoip {
       cache_size => 10000
       source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-ASN.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.8-java/vendor/GeoLite2-ASN.mmdb"
     }
     translate {
       refresh_interval => 86400
diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf
index 5f2405b1..52631483 100644
--- a/etc/logrotate/logrotate.conf
+++ b/etc/logrotate/logrotate.conf
@@ -29,6 +29,7 @@
 /data/honeytrap/log/*.log
 /data/honeytrap/log/*.json
 /data/ipphoney/log/*.json
+/data/log4pot/log/*.log
 /data/mailoney/log/*.log
 /data/medpot/log/*.log
 /data/nginx/log/*.log