Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fixes #1320

Browse source
This commit is contained in:
t3chn0m4g3 2023-05-03 22:01:36 +00:00
parent 35188ef28e
commit efd5f4c54c
1 changed files with 28 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
docker/elk/logstash/dist/entrypoint.sh vendored
View file

@ -57,39 +57,41 @@ if [ "$MY_TPOT_TYPE" == "SENSOR" ];
chmod 600 $MY_SENSOR_PRIVATEKEYFILE chmod 600 $MY_SENSOR_PRIVATEKEYFILE
cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml
autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
exit 0
fi fi
# Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES. if [ "$MY_TPOT_TYPE" != "SENSOR" ];
myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c)
if [ "$myTPOTILM" == "1" ];
then then
echo "T-Pot ILM template not found on ES, putting it on ES now." # Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES.
curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d' myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c)
{ if [ "$myTPOTILM" == "1" ];
"policy": { then
"phases": { echo "T-Pot ILM template not found on ES, putting it on ES now."
"hot": { curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d'
"min_age": "0ms", {
"actions": {} "policy": {
}, "phases": {
"delete": { "hot": {
"min_age": "30d", "min_age": "0ms",
"actions": { "actions": {}
},
"delete": { "delete": {
"delete_searchable_snapshot": true "min_age": "30d",
"actions": {
"delete": {
"delete_searchable_snapshot": true
}
}
} }
},
"_meta": {
"managed": true,
"description": "T-Pot ILM policy with a retention of 30 days"
} }
} }
}, }'
"_meta": { else
"managed": true, echo "T-Pot ILM already configured or ES not available."
"description": "T-Pot ILM policy with a retention of 30 days" fi
}
}
}'
else
echo "T-Pot ILM already configured or ES not available."
fi fi
echo echo