In this post, we are installing Elastic Stack version 7.9 on Ubuntu 20.04. I would like to think this process should work for versions just prior to 7.9 and may also work for versions just after.
root@securitynik-monitoring:~# lsb_release --all No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal
First step, let's update the server, ensuring we have all the necessary updates.
root@securitynik-monitoring:~# apt-get update && apt-get upgrade -y
root@securitynik-monitoring:~# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - OK
root@securitynik-monitoring:~# apt-get install apt-transport-https root@securitynik-monitoring:~# echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list deb https://artifacts.elastic.co/packages/7.x/apt stable main
root@securitynik-monitoring:~# apt-get update && apt-get install elasticsearch
...
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 elasticsearch amd64 7.9.2 [317 MB]
Fetched 317 MB in 10s (32.3 MB/s)
Selecting previously unselected package elasticsearch.
(Reading database ... 87809 files and directories currently installed.)
Preparing to unpack .../elasticsearch_7.9.2_amd64.deb ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Unpacking elasticsearch (7.9.2) ...
Setting up elasticsearch (7.9.2) ...
Created elasticsearch keystore in /etc/elasticsearch/elasticsearch.keystore
Processing triggers for systemd (245.4-4ubuntu3.2) ...
root@securitynik-monitoring:/etc/elasticsearch# cd /etc/elasticsearch/ root@securitynik-monitoring:/etc/elasticsearch# cp elasticsearch.yml elasticsearch.yml.ORIGINAL
root@securitynik-monitoring:~# cat /etc/elasticsearch/elasticsearch.yml | grep --perl-regexp "cluster.name|node.name|network.host|http.port|discovery.seed_hosts|cluster.initial.master_nodes" cluster.name: securitynik.local node.name: elastic-10.0.0.1 network.host: 10.0.0.1 http.port: 9200 discovery.seed_hosts: ["10.0.0.1"] cluster.initial_master_nodes: ["10.0.0.1"]
root@securitynik-monitoring:/etc/elasticsearch# systemctl enable --now elasticsearch.service Synchronizing state of elasticsearch.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable elasticsearch Created symlink /etc/systemd/system/multi-user.target.wants/elasticsearch.service → /lib/systemd/system/elasticsearch.service.
root@securitynik-monitoring:~# systemctl status elasticsearch.service ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-08-13 23:05:07 UTC; 4min 27s ago Docs: https://www.elastic.co Main PID: 18392 (java) Tasks: 44 (limit: 4563) Memory: 1.2G CGroup: /system.slice/elasticsearch.service ├─18392 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkad> └─18588 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller Aug 13 23:04:12 securitynik-monitoring systemd[1]: Starting Elasticsearch...
Aug 13 23:05:07 securitynik-monitoring systemd[1]: Started Elasticsearch.
root@securitynik-monitoring:/etc/elasticsearch# ss --numeric --listen --process --tcp --udp Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process ... tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9200 *:* users:(("java",pid=18392,fd=267)) tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9300 *:* users:(("java",pid=18392,fd=253)) ...
root@securitynik-monitoring:/etc/elasticsearch# curl --request GET --verbose "http://10.0.0.1:9200/?pretty" --header "User-Agent: www.securitynik.com" Note: Unnecessary use of -X or --request, GET is already inferred. * Trying 10.0.0.1:9200... * TCP_NODELAY set * Connected to 10.0.0.1 (10.0.0.1) port 9200 (#0) > GET /?pretty HTTP/1.1 > Host: 10.0.0.1:9200 > Accept: */* > User-Agent: www.securitynik.com > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < content-type: application/json; charset=UTF-8 < content-length: 529 < { "name" : "elastic-10.0.0.1", "cluster_name" : "securitynik.local", "cluster_uuid" : "_na_", "version" : { "number" : "7.9.2", "build_flavor" : "default", "build_type" : "deb", "build_hash" : "b5ca9c58fb664ca8bf9e4057fc229b3396bf3a89", "build_date" : "2020-07-21T16:40:44.668009Z", "build_snapshot" : false, "lucene_version" : "8.6.2", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" } * Connection #0 to host 10.0.0.1 left intact
Security On The Cheap - Beginning Elastic Stack - Installing Elastic 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic Stack - Installing Kibana 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic Stack - Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Metricbeat - Elastic Stack 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Auditbeat - Elastic Stack 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Filebeat - Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic - Installing, Configuring and Providing Basic Security to Packetbeat
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Winlogbeat
No comments:
Post a Comment