In the previous post, we installed and configured Elasticsearch on Ubuntu 20.04. In this post, we install and configure Kibana on Ubuntu 20.04.
Since we already installed some of the prerequisites in the previous post, let's focus now on installing and configuring Kibana.
root@securitynik-monitoring:/etc/elasticsearch# apt-get update && apt-get install kibana
...
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 kibana amd64 7.9.2 [302 MB]
Fetched 302 MB in 10s (31.3 MB/s)
Selecting previously unselected package kibana.
(Reading database ... 88849 files and directories currently installed.)
Preparing to unpack .../kibana_7.9.2_amd64.deb ...
Unpacking kibana (7.9.2) ...
Setting up kibana (7.9.2) ...
Processing triggers for systemd (245.4-4ubuntu3.2) ...
As before, I changed into Kibana directory and made a copy of the original config file.
root@securitynik-monitoring:/etc/elasticsearch# cd /etc/kibana/ root@securitynik-monitoring:/etc/kibana# cp kibana.yml kibana.yml.ORIGINAL
Here are the options I un-commented and or modified.
root@securitynik-monitoring:~# cat /etc/kibana/kibana.yml | grep --perl-regexp "^server.port|^server.host|^server.name|^elasticsearch.host|^elasticsearch.logQueries|run" server.port: 5601 server.host: "10.0.0.1" server.name: "kibana.securitynik.local" elasticsearch.hosts: ["http://10.0.0.1:9200"] elasticsearch.logQueries: true
pid.file: /var/run/kibana/kibana.pid
To prevent Kibana from throwing the error "message":"{ [Error: EACCES: permission denied, open '/var/run/kibana.pid']", I created a directory named "kibana" under "/var/run/" and made the "kibana" user the owner.
root@securitynik-monitoring:~# mkdir /var/run/kibana root@securitynik-monitoring:~# chown kibana.kibana /var/run/kibana/ root@securitynik-monitoring:~# ls -al /var/run/ ... drwxr-xr-x 2 kibana kibana 40 Oct 2 09:37 kibana
Configuring Kibana service.
root@securitynik-monitoring:/etc/kibana# systemctl daemon-reload root@securitynik-monitoring:/etc/kibana# systemctl enable --now kibana.service Synchronizing state of kibana.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable kibana Created symlink /etc/systemd/system/multi-user.target.wants/kibana.service → /etc/systemd/system/kibana.service.
Verify the service is running.
root@securitynik-monitoring:/etc/kibana# systemctl status kibana.service ● kibana.service - Kibana Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-08-14 00:02:02 UTC; 49s ago Main PID: 19495 (node) Tasks: 11 (limit: 4563) Memory: 429.9M CGroup: /system.slice/kibana.service └─19495 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli Aug 14 00:02:02 securitynik-monitoring systemd[1]: Started Kibana. Aug 14 00:02:06 securitynik-monitoring kibana[19495]: {"type":"log","@timestamp":"2020-08-14T00:02:06Z","tags":["warning","plugins-d> Aug 14 00:02:06 securitynik-monitoring kibana[19495]: {"type":"log","@timestamp":"2020-08-14T00:02:06Z","tags":["warning","plugins-d>
Looks good! Verify the service is listening on port 5601.
root@securitynik-monitoring:/etc/kibana# ss --numeric --listen --process --tcp --udp Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process tcp LISTEN 0 511 10.0.0.1:5601 0.0.0.0:* users:(("node",pid=19495,fd=18)) tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9200 *:* users:(("java",pid=18392,fd=267)) tcp LISTEN 0 4096 [::ffff:10.0.0.1]:9300 *:* users:(("java",pid=18392,fd=253))
Looks like the Kibana service is available on port 5601. Time for the final validation. This will be done by connecting to the web UI.
With this done, let's now move to the next post, where we provide some basic security to the communication between the Elastic stack components.
Posts in this series:
Security On The Cheap - Beginning Elastic Stack - Installing Elastic 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic Stack - Installing Kibana 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic Stack - Providing Basic Security to Elastic and Kibana 7.9 communication on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Metricbeat - Elastic Stack 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Auditbeat - Elastic Stack 7.9 on Ubuntu 20.04
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Filebeat - Elastic Stack 7.9 on Ubuntu 20.04
Beginning Elastic - Installing, Configuring and Providing Basic Security to Packetbeat
Security On The Cheap - Beginning Elastic - Installing and Providing Basic Security to Winlogbeat
References:
https://www.elastic.co/guide/en/kibana/7.9/deb.html#deb-repo
https://www.elastic.co/guide/en/kibana/7.9/settings.html
No comments:
Post a Comment