Prepare for Elastic Stack 9.2.3

2026-01-13 01:02:44 +00:00 · 2026-01-05 20:14:57 +01:00 · 2026-01-05 20:14:57 +01:00 · fdf9be3e6f
commit fdf9be3e6f
parent 7a4c4bc997
10 changed files with 366 additions and 43 deletions
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND noninteractive
-ENV ES_VER=8.19.2
+ENV ES_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,5 +1,5 @@
-FROM node:22.17.1-alpine3.22
-ENV KB_VER=8.19.2
+FROM node:22.21.1-alpine3.23
+ENV KB_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LS_VER=8.19.2
+ENV LS_VER=9.2.3
 #
 # Include dist
 COPY dist/ /root/dist/
--- a/docker/tpotinit/Dockerfile
+++ b/docker/tpotinit/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.23
 #
 # Include dist
 COPY dist/ /opt/tpot/
--- a/docker/tpotinit/dist/bin/backup_es_folders.sh
+++ b/docker/tpotinit/dist/bin/backup_es_folders.sh
@ -1,48 +1,14 @@
 #!/bin/bash

-if [ "$1" == "" ] || [ "$1" != "all" ] && [ "$1" != "base" ];
-  then
-    echo "Usage: backup_es_folders [all, base]"
-    echo "       all  = backup all ES folder"
-    echo "       base = backup only Kibana index".
-    echo
-    exit
-fi
-
-# Backup all ES relevant folders
-# Make sure ES is available
-myES="http://127.0.0.1:64298/"
-myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
-if ! [ "$myESSTATUS" = "1" ]
-  then
-    echo "### Elasticsearch is not available."
-    exit
-  else
-    echo "### Elasticsearch is available, now continuing."
-    echo
-fi
-
 # Set vars
 myDATE=$(date +%Y%m%d%H%M)
 myPATH=$PWD
 myELKPATH="data/elk/data"
-myKIBANAINDEXNAMES=$(curl -s -XGET ''$myES'_cat/indices/.kibana_*?v&s=index&h=uuid' | tail -n +2)
-#echo $myKIBANAINDEXNAMES
-for i in $myKIBANAINDEXNAMES;
-  do
-    myKIBANAINDEXPATHS="$myKIBANAINDEXPATHS $myELKPATH/indices/$i"
-done

-# Backup DB in 2 flavors
+# Backup ES
 cd $HOME/tpotce

 echo "### Now backing up Elasticsearch folders ..."
-if [ "$1" == "all" ];
-  then
-    tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH
-elif [ "$1" == "base" ];
-  then
-    tar cvfz $myPATH"/elkbase_"$myDATE".tgz" $myKIBANAINDEXPATHS
-fi
+tar cvfz $myPATH"/elkall_"$myDATE".tgz" $myELKPATH

 cd $myPATH
--- a/docker/tpotinit/dist/bin/backup_kibana_config.sh
+++ b/docker/tpotinit/dist/bin/backup_kibana_config.sh
@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Backup all Kibana objects
+# Make sure Kibana is available
+myKIBANA="http://127.0.0.1:64296"
+myKIBANASTATUS=$(curl -s -f -o /dev/null "${myKIBANA}/api/status")
+if ! [ "$?" = "0" ]
+  then
+    echo "### Kibana is not available."
+    exit
+  else
+    echo "### Kibana is available, now continuing."
+    echo
+fi
+
+# Export Kibana config
+myDATE=$(date +%Y%m%d%H%M)
+echo "### Exporting Kibana config."
+curl -X POST "${myKIBANA}/api/saved_objects/_export" \
+  -H "kbn-xsrf: true" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "type": "*",
+    "excludeExportDetails": true
+  }' \
+  -o kibana_export.ndjson
+
+echo
+echo "### Zipping Kibana config."
+zip kibana_export.ndjson.zip kibana_export.ndjson
+
+echo
+echo "### Moving Kibana config and zip to ../etc/objects/"
+mv kibana_export.* ../etc/objects
--- a/docker/tpotinit/dist/entrypoint.sh
+++ b/docker/tpotinit/dist/entrypoint.sh
@ -264,6 +264,7 @@ if [ -f "/data/uuid" ];
  else
    figlet "Setting up ..."
    figlet "T-Pot: ${TPOT_VERSION}"
+    myFIRSTRUN="true"
    echo
    echo "# Setting up data folder structure ..."
    echo
@ -285,9 +286,8 @@ if [ -f "/data/uuid" ];
    echo
    create_web_users
    echo
-    echo "# Extracting objects, final touches and permissions ..."
+    echo "# Final touches and permissions ..."
    echo
-    tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
    uuidgen > /data/uuid
 fi

@ -370,6 +370,26 @@ figlet "T-Pot: ${TPOT_VERSION}"
 echo
 touch /tmp/success

+# We need to push objects to Kibana if this is a Hive and a fresh install
+if [ "${myFIRSTRUN}" == "true" ] && [ "${TPOT_TYPE}" == "HIVE" ];
+  then
+    myKIBANA_URL="http://127.0.0.1:64296"
+    myKIBANA_CONFIG="/opt/tpot/etc/objects/export.ndjson"
+
+    # Wait for Kibana to be available
+    until curl -s -f -o /dev/null "{$myKIBANA_URL}/api/status"; do
+      echo "# Waiting for Kibana to upload config..."
+      sleep 2
+    done
+
+    # Upload Kibana config
+    echo "# Now uploading config to Kibana."
+    curl -X POST "http://127.0.0.1:64296/api/saved_objects/_import?overwrite=true" \
+      -H "kbn-xsrf: true" \
+      --form file=@/opt/tpot/etc/objects/kibana_export.ndjson
+    echo "# Kibana config has been uploaded."
+fi
+
 # We want to see true source for UDP packets in container (https://github.com/moby/libnetwork/issues/1994)
 # Start autoheal if running on a supported os
 if [ "${TPOT_OSTYPE}" == "linux" ];
--- a/docker/tpotinit/dist/etc/objects/elkbase.tgz
+++ b/docker/tpotinit/dist/etc/objects/elkbase.tgz
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson
--- a/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip
+++ b/docker/tpotinit/dist/etc/objects/kibana_export.ndjson.zip