def stop_monitor(): """ Stops ElasticSearch, Logstash, and Kibana on localhost :return: True, if successfully stopped """ es_profiler = elasticsearch.ElasticProfiler() ls_profiler = logstash.LogstashProfiler() kb_profiler = kibana.KibanaProfiler() es_process = elasticsearch.ElasticProcess() ls_process = logstash.LogstashProcess() kb_process = kibana.KibanaProcess() if not (es_profiler.is_installed or ls_profiler.is_installed or kb_profiler.is_installed): sys.stderr.write('[-] Could not start monitor. Is it installed?\n') sys.stderr.write('[-] dynamite install monitor\n') return False sys.stdout.write('[+] Stopping monitor processes.\n') if not es_process.stop(stdout=True): sys.stderr.write('[-] Could not stop monitor.elasticsearch.\n') return False elif not ls_process.stop(stdout=True): sys.stderr.write('[-] Could not stop monitor.logstash.\n') return False elif not kb_process.stop(stdout=True): sys.stderr.write('[-] Could not stop monitor.kibana.\n') return False return True
def profile_monitor(): """ Get information about installation/running processes within the monitor stack :return: A dictionary containing the status of each component """ es_profiler = elasticsearch.ElasticProfiler() ls_profiler = logstash.LogstashProfiler() kb_profiler = kibana.KibanaProfiler() return dict(ELASTICSEARCH=es_profiler.get_profile(), LOGSTASH=ls_profiler.get_profile(), KIBANA=kb_profiler.get_profile())
def status_monitor(): """ Retrieve the status of the monitor processes :return: A tuple where the first element is elasticsearch status (dict), second is logstash status (dict), and third is Kibana status. """ es_profiler = elasticsearch.ElasticProfiler() ls_profiler = logstash.LogstashProfiler() kb_profiler = kibana.KibanaProfiler() es_process = elasticsearch.ElasticProcess() ls_process = logstash.LogstashProcess() kb_process = kibana.KibanaProcess() if not (es_profiler.is_installed or ls_profiler.is_installed or kb_profiler.is_installed): sys.stderr.write('[-] Could not start monitor. Is it installed?\n') sys.stderr.write('[-] dynamite install monitor\n') return False return es_process.status(), ls_process.status(), kb_process.status()
def uninstall_monitor(prompt_user=True): """ Uninstall standalone monitor components (ElasticSearch, Logstash, and Kibana) :return: True, if uninstall successful """ es_profiler = elasticsearch.ElasticProfiler() ls_profiler = logstash.LogstashProfiler() kb_profiler = kibana.KibanaProfiler() if not (es_profiler.is_installed and ls_profiler.is_installed and kb_profiler.is_installed): sys.stderr.write( '[-] A standalone monitor installation was not detected on this system. Please uninstall ' 'ElasticSearch, Logstash, or Kibana individually.\n') return False if prompt_user: sys.stderr.write( '[-] WARNING! UNINSTALLING THE MONITOR WILL PREVENT EVENTS FROM BEING PROCESSED/VISUALIZED.\n' ) resp = utilities.prompt_input( 'Are you sure you wish to continue? ([no]|yes): ') while resp not in ['', 'no', 'yes']: resp = utilities.prompt_input( 'Are you sure you wish to continue? ([no]|yes): ') if resp != 'yes': sys.stdout.write('[+] Exiting\n') return False es_uninstall = elasticsearch.uninstall_elasticsearch(stdout=True, prompt_user=False) ls_uninstall = logstash.uninstall_logstash(stdout=True, prompt_user=False) kb_uninstall = kibana.uninstall_kibana(stdout=True, prompt_user=False) res = es_uninstall and ls_uninstall and kb_uninstall if res: sys.stdout.write('[+] Monitor uninstalled successfully.\n') else: sys.stderr.write( '[-] An error occurred while uninstalling one or more monitor components.\n' ) return res
def install_monitor(elasticsearch_password='******', verbose=False): """ Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana. :param elasticsearch_password: The password used for authentication across all builtin ES users :param verbose: Include output from system utilities :return: True, if installation succeeded """ es_pre_profiler = elasticsearch.ElasticProfiler() ls_pre_profiler = logstash.LogstashProfiler() kb_pre_profiler = kibana.KibanaProfiler() if ls_pre_profiler.is_installed and es_pre_profiler.is_installed and kb_pre_profiler.is_installed: sys.stderr.write( '[-] Monitor is already installed. If you wish to re-install, first uninstall.\n' ) return False if utilities.get_memory_available_bytes() < 14 * (1000**3): sys.stderr.write( '[-] WARNING Dynamite standalone monitor requires ' 'at-least 14GB to run currently available [{} GB]\n'.format( utilities.get_memory_available_bytes() / (1024**3))) if str(utilities.prompt_input('Continue? [y|N]: ')).lower() != 'y': return False utilities.create_dynamite_user(utilities.generate_random_password(50)) utilities.download_java(stdout=True) utilities.extract_java(stdout=True) utilities.setup_java() if not es_pre_profiler.is_installed: sys.stdout.write('[+] Installing Elasticsearch on localhost.\n') es_installer = elasticsearch.ElasticInstaller( host='0.0.0.0', port=9200, download_elasticsearch_archive=not ls_pre_profiler.is_downloaded, password=elasticsearch_password, stdout=True, verbose=verbose) es_installer.setup_elasticsearch() if not elasticsearch.ElasticProfiler().is_installed: sys.stderr.write( '[-] ElasticSearch failed to install on localhost.\n') return False sys.stdout.write('[+] Starting ElasticSearch on localhost.\n') es_process = elasticsearch.ElasticProcess() es_process.start() if not ls_pre_profiler.is_installed: ls_installer = logstash.LogstashInstaller( host='0.0.0.0', elasticsearch_password=elasticsearch_password, download_logstash_archive=not es_pre_profiler.is_downloaded, stdout=True, verbose=verbose) ls_installer.setup_logstash() if not logstash.LogstashProfiler().is_installed: sys.stderr.write('[-] LogStash failed to install on localhost.\n') return False if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler( ).is_installed: sys.stdout.write('[+] Installing Kibana on localhost.\n') kb_installer = kibana.KibanaInstaller( host='0.0.0.0', port=5601, elasticsearch_host='localhost', elasticsearch_port=9200, elasticsearch_password=elasticsearch_password, download_kibana_archive=not kb_pre_profiler.is_downloaded, stdout=True, verbose=verbose) if not kb_pre_profiler.is_downloaded: kb_installer.download_kibana(stdout=True) kb_installer.extract_kibana(stdout=True) kb_installer.setup_kibana() if not kibana.KibanaProfiler().is_installed: sys.stderr.write('[-] Kibana failed to install on localhost.\n') return False sys.stdout.write( '[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n' ) sys.stdout.flush() return True
def install_monitor(elasticsearch_password='******'): """ Installs Logstash (with ElastiFlow templates modified to work with Zeek), ElasticSearch, and Kibana. :return: True, if installation succeeded """ if utilities.get_memory_available_bytes() < 14 * (1000**3): sys.stderr.write( '[-] Dynamite standalone monitor requires ' 'at-least 14GB to run currently available [{} GB]\n'.format( utilities.get_memory_available_bytes() / (1024**3))) return False utilities.create_dynamite_user(utilities.generate_random_password(50)) utilities.download_java(stdout=True) utilities.extract_java(stdout=True) utilities.setup_java() es_installer = elasticsearch.ElasticInstaller( host='0.0.0.0', port=9200, password=elasticsearch_password) es_pre_profiler = elasticsearch.ElasticProfiler() es_process = elasticsearch.ElasticProcess() ls_installer = logstash.LogstashInstaller( host='0.0.0.0', elasticsearch_password=elasticsearch_password) ls_pre_profiler = logstash.LogstashProfiler() kb_installer = kibana.KibanaInstaller( host='0.0.0.0', port=5601, elasticsearch_host='localhost', elasticsearch_port=9200, elasticsearch_password=elasticsearch_password) kb_pre_profiler = kibana.KibanaProfiler() if not es_pre_profiler.is_installed: sys.stdout.write('[+] Installing Elasticsearch on localhost.\n') if not es_pre_profiler.is_downloaded: es_installer.download_elasticsearch(stdout=True) es_installer.extract_elasticsearch(stdout=True) es_installer.setup_elasticsearch(stdout=True) if not elasticsearch.ElasticProfiler().is_installed: sys.stderr.write( '[-] ElasticSearch failed to install on localhost.\n') return False sys.stdout.write('[+] Starting ElasticSearch on localhost.\n') es_process.start() if not ls_pre_profiler.is_installed: if not ls_pre_profiler.is_downloaded: ls_installer.download_logstash(stdout=True) ls_installer.extract_logstash(stdout=True) ls_installer.setup_logstash(stdout=True) if not logstash.LogstashProfiler().is_installed: sys.stderr.write('[-] LogStash failed to install on localhost.\n') return False if not kb_pre_profiler.is_installed and elasticsearch.ElasticProfiler( ).is_installed: sys.stdout.write('[+] Installing Kibana on localhost.\n') if not kb_pre_profiler.is_downloaded: kb_installer.download_kibana(stdout=True) kb_installer.extract_kibana(stdout=True) kb_installer.setup_kibana(stdout=True) if not kibana.KibanaProfiler().is_installed: sys.stderr.write('[-] Kibana failed to install on localhost.\n') return False sys.stdout.write( '[+] Monitor installation complete. Start the monitor: \'dynamite start monitor\'.\n' ) sys.stdout.flush() return True
def _get_parser(): parser = argparse.ArgumentParser( description='Install/Configure the Dynamite Network Monitor.') parser.add_argument('command', metavar='command', type=str, help='An action to perform [{}]'.format( '|'.join(COMMANDS))) parser.add_argument( 'component', metavar='component', type=str, help='The component to perform an action against [{}]'.format( '|'.join(COMPONENTS))) parser.add_argument('--interface', type=str, dest='network_interface', required='install' in sys.argv and 'agent' in sys.argv, help='A network interface to analyze traffic on.') parser.add_argument( '--agent-label', type=str, dest='agent_label', required='install' in sys.argv and 'agent' in sys.argv, help='A descriptive label associated with the agent. ' 'This could be a location on your network (VLAN01),' 'or the types of servers on a segment (E.G Workstations-US-1).') parser.add_argument( '--ls-host', type=str, dest='ls_host', required=('point' in sys.argv) or ('install' in sys.argv and 'agent' in sys.argv), help='Target Logstash instance; A valid Ipv4/Ipv6 address or hostname') parser.add_argument( '--ls-port', type=int, dest='ls_port', default=5044, help='Target Logstash instance; A valid port [1-65535]') parser.add_argument( '--es-host', type=str, dest='es_host', required=(not elasticsearch.ElasticProfiler().is_installed and 'install' in sys.argv and ('kibana' in sys.argv or 'logstash' in sys.argv)), help= 'Target ElasticSearch cluster; A valid Ipv4/Ipv6 address or hostname') parser.add_argument( '--es-port', type=int, dest='es_port', default=9200, help='Target ElasticSearch cluster; A valid port [1-65535]') parser.add_argument('--debug', default=False, dest='debug', action='store_true', help='Include detailed error messages in console.') return parser
sys.stderr.write('[-] Failed to install ElasticSearch.\n') sys.exit(1) elif args.component == 'logstash': if logstash.install_logstash( elasticsearch_host=args.es_host, elasticsearch_port=args.es_port, elasticsearch_password=utilities.prompt_password(), stdout=True, create_dynamite_user=True, install_jdk=True): sys.exit(0) else: sys.stderr.write('[-] Failed to install Logstash.\n') sys.exit(1) elif args.component == 'kibana': if not elasticsearch.ElasticProfiler().is_installed: if kibana.install_kibana( elasticsearch_host=args.es_host, elasticsearch_port=args.es_port, elasticsearch_password=utilities.prompt_password(), stdout=True, create_dynamite_user=True, install_jdk=True): sys.exit(0) else: sys.stderr.write('[-] Failed to install Kibana.\n') sys.exit(1) else: if kibana.install_kibana( elasticsearch_host=args.es_host, elasticsearch_port=args.es_port,