elk 6.x

start adjusting helper scripts for elk 6.x
migrate patterns, dashboards, viz, search, etc.
tweaking

docker/elk/elasticsearch/Dockerfile

@@ -14,8 +14,8 @@ RUN apk -U upgrade && \
 # Get and install packages
     cd /root/dist/ && \
     mkdir -p /usr/share/elasticsearch/ && \
-    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz && \
-    tar xvfz elasticsearch-5.6.8.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
+    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.tar.gz && \
+    tar xvfz elasticsearch-6.2.4.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
 
 # Add and move files
     cd /root/dist/ && \
@@ -36,4 +36,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
 
 # Start ELK
 USER elasticsearch:elasticsearch
-CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
+CMD export ES_TMPDIR=/tmp && exec /usr/share/elasticsearch/bin/elasticsearch

docker/elk/elasticsearch/Dockerfile.5x

@@ -0,0 +1,39 @@
+FROM alpine
+
+# Include dist
+ADD dist/ /root/dist/
+
+# Setup env and apt
+RUN apk -U upgrade && \
+    apk add bash \
+            curl \
+            openjdk8-jre \
+            procps \
+            wget && \
+
+# Get and install packages
+    cd /root/dist/ && \
+    mkdir -p /usr/share/elasticsearch/ && \
+    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz && \
+    tar xvfz elasticsearch-5.6.8.tar.gz --strip-components=1 -C /usr/share/elasticsearch/ && \
+
+# Add and move files
+    cd /root/dist/ && \
+    mkdir -p /usr/share/elasticsearch/config && \
+    cp elasticsearch.yml /usr/share/elasticsearch/config/ && \
+
+# Setup user, groups and configs
+    addgroup -g 2000 elasticsearch && \
+    adduser -S -H -s /bin/bash -u 2000 -D -g 2000 elasticsearch && \
+    chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ && \
+
+# Clean up
+    apk del --purge wget && \
+    rm -rf /root/*
+
+# Healthcheck
+HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
+
+# Start ELK
+USER elasticsearch:elasticsearch
+CMD ["/usr/share/elasticsearch/bin/elasticsearch"]

docker/elk/elasticsearch/docker-compose.yml.5x

@@ -0,0 +1,30 @@
+# T-Pot (Standard)
+# For docker-compose ...
+version: '2.2'
+
+services:
+
+# ELK services
+## Elasticsearch service
+  elasticsearch:
+    build: .
+    container_name: elasticsearch
+    restart: always
+    environment:
+     - bootstrap.memory_lock=true
+     - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
+    cap_add:
+     - IPC_LOCK
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    mem_limit: 2g
+    ports:
+     - "127.0.0.1:64298:9200"
+    image: "dtagdevsec/elasticsearch:1804"
+    volumes:
+     - /data:/data