# Download and install pubic signing key & transports package
EPASS=changeme
KPASS=changeme
wget -qO - <https://artifacts.elastic.co/GPG-KEY-elasticsearch> | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
# sudo apt install apt-transport-https
# If needed run the following command, then install transports again; may take a few minutes
sudo dpkg --configure -a
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] <https://artifacts.elastic.co/packages/8.x/apt> stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
### Core ELK Stack Installation
sudo apt-get update
sudo apt-get install elasticsearch
### Core ELK Stack Configuration
echo "
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: [\\"$(hostname)\\"]
http.host: 0.0.0.0
" > /etc/elasticsearch/elasticsearch.yml
printf 'y\\nc$EPASS\\n$EPASS' | /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
#sudo systemctl status elasticsearch
#sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic <https://localhost:9200/_cluster/health?pretty>
apt install kibana
echo "
server.name: $(hostname)
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: [ \\"<https://$>(hostname):9200\\" ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/elasticsearch/ca/ca.crt
server.ssl.key: /usr/share/elasticsearch/ca/ca.key
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/http_ca.crt
elasticsearch.username: kibana_system
elasticsearch.password: $EPASS
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
xpack.fleet.agents.fleet_server.hosts: [ <http://$>(hostname):8220 ]
xpack.fleet.outputs:
- id: fleet-default-output
name: default
type: elasticsearch
hosts: [ <https://$>(hostname):9200 ]
is_default: true
is_default_monitoring: true
xpack.fleet.packages:
- name: fleet_server
version: latest
- name: system
version: latest
- name: elastic_agent
version: latest
- name: apm
version: latest
xpack.fleet.agentPolicies:
- name: Fleet Server Policy
id: fleet-server-policy
description: Static agent policy for Fleet Server
monitoring_enabled:
- logs
- metrics
package_policies:
- name: fleet_server-1
package:
name: fleet_server
- name: system-1
package:
name: system
- name: elastic_agent-1
package:
name: elastic_agent
- name: Agent Policy APM Server
id: agent-policy-apm-server
description: Static agent policy for the APM Server integration
monitoring_enabled:
- logs
- metrics
package_policies:
- name: system-1
package:
name: system
- name: elastic_agent-1
package:
name: elastic_agent
- name: apm-1
package:
name: apm
inputs:
- type: apm
vars:
- name: host
value: 0.0.0.0:8200
- name: url
value: <http://$>(hostname):8200
" > /etc/kibana/kibana.yml
# Create Service token for authentication with elasticsearch
echo "elasticsearch.serviceAccountToken: $(sudo /usr/share/elasticsearch/bin/elasticsearch-service-tokens create elastic/kibana my-token | awk -F ' ' '{print $4}')" >> /etc/kibana/kibana.yml
printf 'y\\nc$KPASS\\n$KPASS' | /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana -i
# Create enrollment token for kibana-setup
#printf "$(sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana)\\n" | /usr/share/kibana/bin/kibana-setup
#chmod g+r /etc/elasticsearch/service_tokens
printf "\\n" | /usr/share/elasticsearch/bin/elasticsearch-certutil ca --pem
unzip /usr/share/elasticsearch/elastic-stack-ca.zip
mv ca /usr/share/elasticsearch/ca/
cp /etc/elasticsearch/certs/http_ca.crt /etc/kibana/certs/http_ca.crt
chown kibana:kibana /etc/kibana/certs/http_ca.crt
chown elasticsearch:elasticsearch /etc/elasticsearch/service_tokens
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
#sudo systemctl status elasticsearch
sudo systemctl enable kibana
sudo systemctl start kibana
#sudo systemctl status kibana
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
xpack.security.enabled: false