wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_image_v1.9.1.tar.gz.00
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_image_v1.9.1.tar.gz.01
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_image_v1.9.1.tar.gz.02
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_image_v1.9.1.tar.gz.03
cat elkeidup_image_v1.9.1.tar.gz.* > elkeidup_image_v1.9.1.tar.gz
docker load -i elkeidup_image_v1.9.1.tar.gzdocker run -d --name elkeid_community \
--restart=unless-stopped \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-p 8071:8071 -p 8072:8072 -p 8080:8080 \
-p 8081:8081 -p 8082:8082 -p 8089:8080 -p 8090:8090\
--privileged \
elkeid/all-in-one:v1.9.1
Using this machine IP cannot use 127.0.0.1.
docker exec -it elkeid_community bash
cd /root/.elkeidup/
# This command will start interactive input
./elkeidup public {ip}
./elkeidup agent init
./elkeidup agent build
./elkeidup agent policy create
cat ~/.elkeidup/elkeid_passwdAfter a successful installation, the /root/.elkeidup/elkeid_passwd file records the passwords and associated URLs of each component.
The initial password is fixed when mirroring is built, please do not use it in the production environment for security
| Field | Description |
|---|---|
| elkeid_console | Console account password |
| elkeid_hub_frontend | hub front-end account password |
| grafana | grafana account password |
| grafana | grafana address |
| elkeid_hub_frontend | elkeid hub front-end address |
| elkeid_console | elkeid console address |
| elkeid_service_discovery | Service Discovery Address |
To access elkeid_console, follow the Console instruction manual - Install configuration to install and deploy the Agent.
If the deployment machine is local, you still need to configure the local password-free login, and the login time needs to be less than 1s. The following command can be used to verify that the output of the two date commands needs to be the same.
date && ssh root@{ip} date
# The output time difference should be less than 1s- Download the release product (rolled compressed packet) and merge compressed packets
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.00
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.01
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.02
cat elkeidup_package_v1.9.1.tar.gz.* > elkeidup_package_v1.9.1.tar.gz
You can also refer to Build Elkeid from Source to compile and build packages yourself.
If installed before, delete the
/root/.elkeidupand/elkeidfolders to avoid interference
- Unzip and release products and configuration catalog
mkdir -p /root/.elkeidup && cd /root/.elkeidup
mv {DownloadDir}/elkeidup_package_v1.9.1.tar.gz elkeidup_package_v1.9.1.tar.gz
tar -xf elkeidup_package_v1.9.1.tar.gz
chmod a+x /root/.elkeidup/elkeidup
If it is not a standalone deployment, please refer to the deployment resource manual to modify config.yaml
cd /root/.elkeidup
./elkeidup init --host {ip}
mv config_example.yaml config.yamlcd /root/.elkeidup
# This command will start interactive input
./elkeidup deploycd /root/.elkeidup
./elkeidup agent init
./elkeidup agent build
./elkeidup agent policy createAfter a successful installation, the /root/.elkeidup/elkeid_passwd file records the passwords and associated URLs of each component.
| Field | Description |
|---|---|
| elkeid_console | Console account password |
| elkeid_hub_frontend | hub front-end account password |
| grafana | grafana account password |
| grafana | grafana address |
| elkeid_hub_frontend | elkeid hub front-end address |
| elkeid_console | elkeid console address |
| elkeid_service_discovery | Service Discovery Address |
To access elkeid_console, follow the Console instruction manual - Install configuration to install and deploy the Agent.
- Driver module dependency pre-compile ko, specific support list reference: ko_list
- Under normal circumstances, after the installation of the Agent is completed, it takes about 10 minutes for the Driver module to work normally (involving the automatic download and installation of KO).
- The way the Driver exists:
lsmod | grep hids_driver- If the test machine kernel version is not in the supported list, compile ko file and generate sign file (sha256) and import it into Nginx.
- If you do not agree to the declaration in the execution of elkeidup deploy, you also need to compile ko yourself or download the corresponding pre-compile ko (support list) and sign files in the Release, and import it into Nginx.
The format of the ko/sign file should follow: hids_driver_1.7.0.4_{uname -r}_{arch}.ko/sign format, the file needs to be placed on the corresponding nginx server: /elkeid/nginx/ElkeidAgent/agent/component/driver/ko, and modify the permissions chown -R nginx: nginx /elkeid/nginx. After the placement is completed, the Agent can be restarted.
Elkeid https Configuration documentation
If a component has been updated, or if a component has been recompiled, you can reinstall the specified component using the elkeidup reinstall command. For example, the Hub Community Edition has been updated in release: v 1.9.1.1, and you can reinstall it with the following command.
# {v1.9.1.1} is the unzipped package directory for v1.9.1.1
# reinstall hub
cp {v1.9.1.1}/package/hub/hub.tar.gz /root/.elkeidup/package/hub/hub.tar.gz
cp {v1.9.1.1}/package/hub_leader/hub_leader.tar.gz /root/.elkeidup/package/hub_leader/hub_leader.tar.gz
/root/.elkeidup/elkeidup reinstall --component Hub
/root/.elkeidup/elkeidup reinstall --component HubLeader