mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
bump elk stack to 6.6.1
This commit is contained in:
@ -17,9 +17,9 @@ RUN apk -U add \
|
||||
git clone --depth=1 https://github.com/dtag-dev-sec/listbot /etc/listbot && \
|
||||
cd /root/dist/ && \
|
||||
mkdir -p /usr/share/logstash/ && \
|
||||
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.4.tar.gz && \
|
||||
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.1.tar.gz && \
|
||||
wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz && \
|
||||
tar xvfz logstash-6.5.4.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
|
||||
tar xvfz logstash-6.6.1.tar.gz --strip-components=1 -C /usr/share/logstash/ && \
|
||||
/usr/share/logstash/bin/logstash-plugin install logstash-filter-translate && \
|
||||
/usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
|
||||
tar xvfz GeoLite2-ASN.tar.gz --strip-components=1 -C /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-filter-geoip-5.0.3-java/vendor/ && \
|
||||
@ -30,7 +30,7 @@ RUN apk -U add \
|
||||
chmod u+x /usr/bin/update.sh && \
|
||||
mkdir -p /etc/logstash/conf.d && \
|
||||
cp logstash.conf /etc/logstash/conf.d/ && \
|
||||
cp elasticsearch-template-es6x.json /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.2.4-java/lib/logstash/outputs/elasticsearch/ && \
|
||||
cp elasticsearch-template-es6x.json /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.3.2-java/lib/logstash/outputs/elasticsearch/ && \
|
||||
|
||||
# Setup user, groups and configs
|
||||
addgroup -g 2000 logstash && \
|
||||
@ -50,4 +50,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9600'
|
||||
|
||||
# Start logstash
|
||||
#USER logstash:logstash
|
||||
CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --java-execution
|
||||
CMD update.sh && exec /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic --java-execution
|
||||
|
1
docker/elk/logstash/dist/logstash.conf
vendored
1
docker/elk/logstash/dist/logstash.conf
vendored
@ -131,6 +131,7 @@ filter {
|
||||
field => "[alert][signature_id]"
|
||||
destination => "[alert][cve_id]"
|
||||
dictionary_path => "/etc/listbot/cve.yaml"
|
||||
fallback => "-"
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -12,7 +12,7 @@ services:
|
||||
# condition: service_healthy
|
||||
env_file:
|
||||
- /opt/tpot/etc/compose/elk_environment
|
||||
image: "dtagdevsec/logstash:1811"
|
||||
image: "dtagdevsec/logstash:1903"
|
||||
volumes:
|
||||
- /data:/data
|
||||
- /root/tpotce/docker/elk/logstash/dist/logstash.conf:/etc/logstash/conf.d/logstash.conf
|
||||
|
Reference in New Issue
Block a user