OS:Linux Ubuntu Desktop. ELK version:8.2.0
- OS environment
sudo apt update
sudo apt install -y git vim make docker.io docker-compose python3 curl
sudo usermod -aG docker $USER && newgrp docker- install
- Clone project
git clone https://github.com/guan4tou2/Lnadlse.git
cd Lnadlse- Data-process-module install
cd ELK
makeAfter above command,you can use make check to check is elasticsearch successful install and running.
If you get curl: (56) Recv failure: Connection reset by peer,restart terminal and try chech again.
If your kibana get error,it may be server.publicBaseUrl,you can try replace url elasticsearch to your ELK host ip in kibana/config/kibana.yml. And restart it docker restart docker-elk_kibana.
If you need api key,you can use make apikey to set it.
- Attack-and-Defense-module install
cd Machines
makeBefore make,you can change attacker's username and password in makefile.
It will build attack-and-defense-environment by default.Attacker is kali(GUI),Targeter is httpd with packetbeat.
You can change machines by make.py.
Use python3 make.py -h to see what machines can used.
- aider-module install
docker pull portainer/portainer
docker run -d -p 9000:9000 --restart=always --name portainer -v /var/run/docker.sock:/var/run/docker.sock portainer/portainerPortainer can help you to manage your docker container.
It's not necessarily to install,but recommended.
- Useage
- Data-process-module
Use kibana withhttp://localhost:5601
username: elastic
password: changeme
You can change password after you installed Data-process-module,find the file named.env,And usemake start. - Attack-and-Defense-module
Use ssh or rdp to connect attacker- SSH
ssh [email protected] -p 222 - RDP
[email protected]- Windows mobaxterm
- Linux remmina
- SSH
username: kali
password: kali
In attacker,if you want more tools,sudo apt install -y <kali-linux-default> or <kali-linux-large>.
- Remove
- Data-process-module
cd ELK
make remove- Attack-and-Defense-module
cd Machines
make remove- aider-module
docker stop portainer