def stop_monitor():
"""
Stops ElasticSearch, Logstash, and Kibana on localhost
:return: True, if successfully stopped
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
es_process = elasticsearch.ElasticProcess()
ls_process = logstash.LogstashProcess()
kb_process = kibana.KibanaProcess()
if not (es_profiler.is_installed or ls_profiler.is_installed
or kb_profiler.is_installed):
sys.stderr.write('[-] Could not start monitor. Is it installed?\n')
sys.stderr.write('[-] dynamite install monitor\n')
return False
sys.stdout.write('[+] Stopping monitor processes.\n')
if not es_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.elasticsearch.\n')
return False
elif not ls_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.logstash.\n')
return False
elif not kb_process.stop(stdout=True):
sys.stderr.write('[-] Could not stop monitor.kibana.\n')
return False
return True
def status_monitor():
"""
Retrieve the status of the monitor processes
:return: A tuple where the first element is elasticsearch status (dict), second is logstash status (dict),
and third is Kibana status.
"""
es_profiler = elasticsearch.ElasticProfiler()
ls_profiler = logstash.LogstashProfiler()
kb_profiler = kibana.KibanaProfiler()
es_process = elasticsearch.ElasticProcess()
ls_process = logstash.LogstashProcess()
kb_process = kibana.KibanaProcess()
if not (es_profiler.is_installed or ls_profiler.is_installed
or kb_profiler.is_installed):
sys.stderr.write('[-] Could not start monitor. Is it installed?\n')
sys.stderr.write('[-] dynamite install monitor\n')
return False
return es_process.status(), ls_process.status(), kb_process.status()
def install_monitor(elasticsearch_password='******', verbose=False):
"""
Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana.
:param elasticsearch_password: The password used for authentication across all builtin ES users
:param verbose: Include output from system utilities
:return: True, if installation succeeded
"""
es_pre_profiler = elasticsearch.ElasticProfiler()
ls_pre_profiler = logstash.LogstashProfiler()
kb_pre_profiler = kibana.KibanaProfiler()
if ls_pre_profiler.is_installed and es_pre_profiler.is_installed and kb_pre_profiler.is_installed:
sys.stderr.write(
'[-] Monitor is already installed. If you wish to re-install, first uninstall.\n'
)
return False
if utilities.get_memory_available_bytes() < 14 * (1000**3):
sys.stderr.write(
'[-] WARNING Dynamite standalone monitor requires '
'at-least 14GB to run currently available [{} GB]\n'.format(
utilities.get_memory_available_bytes() / (1024**3)))
if str(utilities.prompt_input('Continue? [y|N]: ')).lower() != 'y':
return False
utilities.create_dynamite_user(utilities.generate_random_password(50))
utilities.download_java(stdout=True)
utilities.extract_java(stdout=True)
utilities.setup_java()
if not es_pre_profiler.is_installed:
sys.stdout.write('[+] Installing Elasticsearch on localhost.\n')
es_installer = elasticsearch.ElasticInstaller(
host='0.0.0.0',
port=9200,
download_elasticsearch_archive=not ls_pre_profiler.is_downloaded,
password=elasticsearch_password,
stdout=True,
verbose=verbose)
es_installer.setup_elasticsearch()
if not elasticsearch.ElasticProfiler().is_installed:
sys.stderr.write(
'[-] ElasticSearch failed to install on localhost.\n')
return False
sys.stdout.write('[+] Starting ElasticSearch on localhost.\n')
es_process = elasticsearch.ElasticProcess()
es_process.start()
if not ls_pre_profiler.is_installed:
ls_installer = logstash.LogstashInstaller(
host='0.0.0.0',
elasticsearch_password=elasticsearch_password,
download_logstash_archive=not es_pre_profiler.is_downloaded,
stdout=True,
verbose=verbose)
ls_installer.setup_logstash()
if not logstash.LogstashProfiler().is_installed:
sys.stderr.write('[-] LogStash failed to install on localhost.\n')
return False
if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler(
).is_installed:
sys.stdout.write('[+] Installing Kibana on localhost.\n')
kb_installer = kibana.KibanaInstaller(
host='0.0.0.0',
port=5601,
elasticsearch_host='localhost',
elasticsearch_port=9200,
elasticsearch_password=elasticsearch_password,
download_kibana_archive=not kb_pre_profiler.is_downloaded,
stdout=True,
verbose=verbose)
if not kb_pre_profiler.is_downloaded:
kb_installer.download_kibana(stdout=True)
kb_installer.extract_kibana(stdout=True)
kb_installer.setup_kibana()
if not kibana.KibanaProfiler().is_installed:
sys.stderr.write('[-] Kibana failed to install on localhost.\n')
return False
sys.stdout.write(
'[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n'
)
sys.stdout.flush()
return True
def install_monitor(elasticsearch_password='******'):
"""
Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana.
:return: True, if installation succeeded
"""
if utilities.get_memory_available_bytes() < 14 * (1000**3):
sys.stderr.write(
'[-] Dynamite standalone monitor requires '
'at-least 14GB to run currently available [{} GB]\n'.format(
utilities.get_memory_available_bytes() / (1024**3)))
return False
utilities.create_dynamite_user(utilities.generate_random_password(50))
utilities.download_java(stdout=True)
utilities.extract_java(stdout=True)
utilities.setup_java()
es_installer = elasticsearch.ElasticInstaller(
host='0.0.0.0', port=9200, password=elasticsearch_password)
es_pre_profiler = elasticsearch.ElasticProfiler()
es_process = elasticsearch.ElasticProcess()
ls_installer = logstash.LogstashInstaller(
host='0.0.0.0', elasticsearch_password=elasticsearch_password)
ls_pre_profiler = logstash.LogstashProfiler()
kb_installer = kibana.KibanaInstaller(
host='0.0.0.0',
port=5601,
elasticsearch_host='localhost',
elasticsearch_port=9200,
elasticsearch_password=elasticsearch_password)
kb_pre_profiler = kibana.KibanaProfiler()
if not es_pre_profiler.is_installed:
sys.stdout.write('[+] Installing Elasticsearch on localhost.\n')
if not es_pre_profiler.is_downloaded:
es_installer.download_elasticsearch(stdout=True)
es_installer.extract_elasticsearch(stdout=True)
es_installer.setup_elasticsearch(stdout=True)
if not elasticsearch.ElasticProfiler().is_installed:
sys.stderr.write(
'[-] ElasticSearch failed to install on localhost.\n')
return False
sys.stdout.write('[+] Starting ElasticSearch on localhost.\n')
es_process.start()
if not ls_pre_profiler.is_installed:
if not ls_pre_profiler.is_downloaded:
ls_installer.download_logstash(stdout=True)
ls_installer.extract_logstash(stdout=True)
ls_installer.setup_logstash(stdout=True)
if not logstash.LogstashProfiler().is_installed:
sys.stderr.write('[-] LogStash failed to install on localhost.\n')
return False
if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler(
).is_installed:
sys.stdout.write('[+] Installing Kibana on localhost.\n')
if not kb_pre_profiler.is_downloaded:
kb_installer.download_kibana(stdout=True)
kb_installer.extract_kibana(stdout=True)
kb_installer.setup_kibana(stdout=True)
if not kibana.KibanaProfiler().is_installed:
sys.stderr.write('[-] Kibana failed to install on localhost.\n')
return False
sys.stdout.write(
'[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n'
)
sys.stdout.flush()
return True
sys.exit(1)
elif args.component == 'agent':
if agent.uninstall_agent(prompt_user=True):
sys.exit(0)
else:
sys.stderr.write('[-] Failed to uninstall Agent.\n')
sys.exit(1)
else:
sys.stderr.write('[-] Unrecognized component - {}\n'.format(
args.component))
sys.exit(1)
elif args.command == 'start':
if args.component == 'elasticsearch':
try:
sys.stdout.write('[+] Starting ElasticSearch.\n')
started = elasticsearch.ElasticProcess().start(stdout=True)
if started:
sys.stdout.write(
'[+] ElasticSearch started successfully. Check its status at any time with: '
'\'dynamite status elasticsearch\'.\n')
sys.exit(0)
elif not elasticsearch.ElasticProfiler(
stderr=False).is_installed:
_not_installed('start', 'elasticsearch')
sys.exit(0)
else:
sys.stdout.write(
'[-] An error occurred while attempting to start ElasticSearch.\n'
)
sys.exit(1)
except Exception: