def install(esServer, esUser, esPass):
print "Installing Logstash"
logstashLatest = '5.5.1'
cpuArch = os.uname()[4]
cwd = os.getcwd()
#Sometimes it may take awhile to get elastic to first boot up, try a few times to see if we can connect.
elasticTryCount = 0
while True:
elasticTryCount += 1
elasticVersion = os.popen("curl -u %s:%s -XGET 'https://%s:9201' -k" %
(esUser, esPass, esServer)).read()
try:
jsonStuff = json.loads(elasticVersion)
if jsonStuff['tagline'] == "You Know, for Search":
print "Connected to Elasticsearch..."
break
else:
print "Waiting for Elasticsearch to start...try %d of 10" % elasticTryCount
except:
print "Error: Waiting for Elasticsearch to start...try %d of 10" % elasticTryCount
if elasticTryCount == 10:
sys.exit('Unable to connect to Elasticsearch')
else:
sleep(10)
#Install Logstash
logstashInstalled = False
if os.path.isfile('/usr/share/logstash/bin/logstash'):
logstashVersion = os.popen(
'sudo /usr/share/logstash/bin/logstash --version').read()
if logstashLatest == logstashVersion.rstrip().split()[1]:
logstashInstalled = True
if logstashInstalled == False:
#Check if user wants email alerts
while True:
logstashEmail = get_user_input(
"\033[1mConfigure Logstash To Send Email Alerts (Y/n)\033[0m: "
)
if logstashEmail.lower() not in ('y', 'n', ''):
print("Must choose Y or N.")
else:
break
if logstashEmail.lower() == 'y' or len(logstashEmail) == 0:
smtpHost = get_user_input(
" \033[1mEnter SMTP Host (ex: smtp.google.com)\033[0m: ")
smtpPort = get_user_input(
" \033[1mEnter SMTP Port (ex: 587)\033[0m: ")
smtpUser = get_user_input(
" \033[1mEnter Email Address (ex: [email protected])\033[0m: "
)
smtpPass = getpass.getpass(
" \033[1mEnter Email Password (ex: P@55word)\033[0m: ")
print " Downloading Logstash 5.5.1"
os.popen(
'sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-5.5.1.deb 2>&1'
).read()
if not os.path.isfile('logstash-5.5.1.deb'):
sys.exit('Error downloading logstash')
if not hashCheck.checkHash('logstash-5.5.1.deb'):
sys.exit('Error downloading logstash, mismatched file hashes')
print " Installing Logstash"
os.popen('sudo dpkg -i logstash-5.5.1.deb').read()
print " Cleaning Up Logstash Installation Files"
os.remove('logstash-5.5.1.deb')
os.popen('sudo systemctl enable logstash.service').read()
if not cpuArch.startswith('x86'):
#Get ARM JFFI Code
os.popen('sudo git clone https://github.com/jnr/jffi.git').read()
os.chdir('jffi')
os.popen('sudo ant jar').read()
shutil.copyfile(
'build/jni/libjffi-1.2.so',
'/usr/share/logstash/vendor/jruby/lib/jni/arm-Linux/libjffi-1.2.so'
)
os.chdir('/usr/share/logstash/vendor/jruby/lib')
os.popen(
'sudo zip -g jruby-complete-1.7.11.jar jni/arm-Linux/libjffi-1.2.so'
).read()
os.chdir(cwd)
shutil.rmtree("jffi/")
#Install Logstash-Filter-Translate Plugin
print " Installing Translate Plugin"
os.popen(
'sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-translate'
).read()
print " Copying Configuration Files"
if not os.path.exists('/etc/logstash/custom_patterns'):
os.makedirs('/etc/logstash/custom_patterns')
shutil.copyfile('logstash/rules/bro.rule',
'/etc/logstash/custom_patterns/bro.rule')
shutil.copyfile('logstash/rules/sweetSecurity.rule',
'/etc/logstash/custom_patterns/sweetSecurity.rule')
shutil.copyfile('logstash/rules/iptables.rule',
'/etc/logstash/custom_patterns/iptables.rule')
if not os.path.exists('/etc/logstash/translate'):
os.makedirs('/etc/logstash/translate')
shutil.copyfile('logstash/translate/torIP.yaml',
'/etc/logstash/translate/torIP.yaml')
shutil.copyfile('logstash/translate/maliciousIP.yaml',
'/etc/logstash/translate/maliciousIP.yaml')
#Configure Logstash
print " Configuring Logstash"
shutil.move('logstash/conf/logstash.conf',
'logstash/conf/logstash.org')
with open("logstash/conf/logstash.org", "rt") as fileIn:
with open("logstash/conf/logstash.conf", "wt") as fileOut:
for line in fileIn:
if line.rstrip() == " hosts => localhost":
line = ' hosts => "%s:9201"\n' % esServer
line += ' user => "%s"\n' % esUser
line += ' password => "%s"\n' % esPass
if line.rstrip() == "email_block":
#If user wants alerts, insert their credentials.
if logstashEmail.lower() == 'y' or len(
logstashEmail) == 0:
emailBlock = ''
with open("logstash/conf/email.conf",
"rt") as emailIn:
for emailLine in emailIn:
emailBlockLine = ''
if emailLine.rstrip().endswith(
'"SMTP_HOST"'):
emailBlockLine = emailLine.replace(
'SMTP_HOST', smtpHost)
elif emailLine.rstrip().endswith(
'SMTP_PORT'):
emailBlockLine = emailLine.replace(
'SMTP_PORT', smtpPort)
elif emailLine.rstrip().endswith(
'"EMAIL_USER"'):
emailBlockLine = emailLine.replace(
'EMAIL_USER', smtpUser)
elif emailLine.rstrip().endswith(
'"EMAIL_PASS"'):
emailBlockLine = emailLine.replace(
'EMAIL_PASS', smtpPass)
else:
emailBlockLine += emailLine
emailBlock += emailBlockLine
line = emailBlock
else:
line = ''
fileOut.write(line)
#Give logstash user access to read kern.log
os.popen('sudo usermod -a -G adm logstash').read()
#Delete file with user stuff and put old one back.
shutil.copyfile('logstash/conf/logstash.conf',
'/etc/logstash/conf.d/logstash.conf')
os.remove('logstash/conf/logstash.conf')
shutil.move('logstash/conf/logstash.org',
'logstash/conf/logstash.conf')
print " Updating Logstash Template for Elasticsearch"
os.popen(
'curl -k -u %s:%s -XPUT https://%s:9201/_template/logstash -d \'{"template":"logstash-*","settings":{"index":{"refresh_interval":"5s"}},"mappings":{"_default_":{"dynamic_templates":[{"message_field":{"path_match":"message","mapping":{"norms":false,"type":"text"},"match_mapping_type":"string"}},{"string_fields":{"mapping":{"norms":false,"type":"text","fields":{"keyword":{"type":"keyword"}}},"match_mapping_type":"string","match":"*"}}],"_all":{"norms":false,"enabled":true},"properties":{"@timestamp":{"include_in_all":false,"type":"date"},"geoip_dst":{"dynamic":true,"properties":{"ip":{"type":"ip"},"latitude":{"type":"half_float"},"location":{"type":"geo_point"},"longitude":{"type":"half_float"}}},"geoip_src":{"dynamic":true,"properties":{"ip":{"type":"ip"},"latitude":{"type":"half_float"},"location":{"type":"geo_point"},"longitude":{"type":"half_float"}}},"@version":{"include_in_all":false,"type":"keyword"}}}},"aliases":{}}}\''
% (esUser, esPass, esServer)).read()
print " Starting Logstash"
os.popen('sudo service logstash start').read()
else:
print "Logstash already installed"
def install(chosenInterfaceIP):
kibanaLatest = '6.3.0'
cpuArch = os.uname()[4]
cwd = os.getcwd()
# Install Kibana
kibanaInstalled = False
if os.path.isfile('/opt/kibana/bin/kibana'):
kibanaVersion = os.popen(
'sudo /opt/kibana/bin/./kibana --version').read()
if kibanaLatest == kibanaVersion.rstrip():
kibanaInstalled = True
if kibanaInstalled == False:
print "Installing Kibana"
print " Downloading Kibana 6.3.0"
if cpuArch == 'x86_64':
os.popen(
'sudo wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86_64.tar.gz 2>&1'
).read()
if not os.path.isfile('kibana-6.3.0-linux-x86_64.tar.gz'):
sys.exit('Error downloading Kibana')
if not hashCheck.checkHash('kibana-6.3.0-linux-x86_64.tar.gz'):
sys.exit('Error downloading kibana, mismatched file hashes')
print " Installing Kibana"
os.popen('sudo tar -xzf kibana-6.3.0-linux-x86_64.tar.gz').read()
shutil.copytree('kibana-6.3.0-linux-x86_64/', '/opt/kibana')
print " Cleaning Up Installation Files"
os.remove('kibana-6.3.0-linux-x86_64.tar.gz')
shutil.rmtree("kibana-6.3.0-linux-x86_64/")
else:
os.popen(
'sudo wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-linux-x86.tar.gz 2>&1'
).read()
if not os.path.isfile('kibana-6.3.0-linux-x86.tar.gz'):
sys.exit('Error downloading Kibana')
if not hashCheck.checkHash('kibana-6.3.0-linux-x86.tar.gz'):
sys.exit('Error downloading kibana, mismatched file hashes')
print " Installing Kibana"
os.popen('sudo tar -xzf kibana-6.3.0-linux-x86.tar.gz').read()
shutil.copytree('kibana-6.3.0-linux-x86/', '/opt/kibana')
print " Cleaning Up Installation Files"
os.remove('kibana-6.3.0-linux-x86.tar.gz')
shutil.rmtree("kibana-6.3.0-linux-x86/")
# Custom stuff for ARM
if not cpuArch.startswith('x86'):
# Remove nodejs on Pi3
os.popen(
'sudo apt-get -y remove nodejs-legacy nodejs nodered').read()
# Install nodejs v6, required for Kibana 5.3.0 and higher
os.popen(
'sudo wget https://nodejs.org/download/release/v6.10.2/node-v6.10.2-linux-armv6l.tar.gz'
).read()
os.popen(
'sudo mv node-v6.10.2-linux-armv6l.tar.gz /usr/local/node-v6.10.2-linux-armv6l.tar.gz'
)
os.chdir('/usr/local')
os.popen('sudo tar -xzf node-v6.10.2-linux-armv6l.tar.gz --strip=1'
).read()
shutil.move('/opt/kibana/node/bin/node',
'/opt/kibana/node/bin/node.orig')
shutil.move('/opt/kibana/node/bin/npm',
'/opt/kibana/node/bin/npm.orig')
os.popen('sudo ln -s /usr/local/bin/node /opt/kibana/node/bin/node'
).read()
os.popen('sudo ln -s /usr/local/bin/npm /opt/kibana/node/bin/npm'
).read()
os.chdir(cwd)
os.remove('/usr/local/node-v6.10.2-linux-armv6l.tar.gz')
# The --no-warnings flag is no longer a valid option on ARM, need to remove it
# kibanaBin="/opt/kibana/bin/kibana"
# fileContent=open(kibanaBin,'r').readlines()
# lastLine=('exec "${NODE}" $NODE_OPTIONS "${DIR}/src/cli" ${@}')
# fileContent[-1]=lastLine
# open(kibanaBin,'w').writelines(fileContent)
shutil.copyfile('systemd/kibana.service',
'/etc/systemd/system/kibana.service')
os.popen('sudo systemctl enable kibana.service').read()
print "Starting Kibana"
os.popen('sudo service kibana start').read()
else:
print "Kibana already installed"
#Having to induce sleep so Kibana can create initial index stuff
sleep(10)
print "Importing Kibana Index Patterns"
patternPath = os.path.join(cwd, 'kibana/patterns')
for file in os.listdir(patternPath):
importIndexMapping(os.path.join(patternPath, file))
print "Importing Dashboards"
dashboardPath = os.path.join(cwd, 'kibana/dashboards')
for file in os.listdir(dashboardPath):
importDashboard(os.path.join(dashboardPath, file))
#Set logstash-* as the default Kibana index
from elasticsearch import Elasticsearch
esService = Elasticsearch()
body = {'doc': {'defaultIndex': 'logstash-*'}}
while True:
try:
esService.update(index='.kibana',
id='6.3.0',
doc_type='config',
body=body)
break
except:
print "Waiting for Elasticsearch to start..."
sleep(10)
def install(chosenInterface, webServer):
broLatest = '2.5.1'
cwd = os.getcwd()
broInstalled = False
if os.path.isfile('/opt/nsm/bro/bin/bro'):
broVersion = os.popen(
'sudo /opt/nsm/bro/bin/bro -version 2>&1').read()
if broLatest == broVersion.split()[2]:
broInstalled = True
if broInstalled == False:
print "Installing Bro IDS"
print " Downloading Bro IDS 2.5.1"
os.popen(
'sudo wget https://www.bro.org/downloads/bro-2.5.1.tar.gz 2>&1'
).read()
if not os.path.isfile('bro-2.5.1.tar.gz'):
sys.exit('Error downloading Bro')
if not hashCheck.checkHash('bro-2.5.1.tar.gz'):
sys.exit('Error downloading Bro, mismatched file hashes')
print " Unpacking Bro Code"
os.popen('sudo tar -xzf bro-2.5.1.tar.gz').read()
print " Creating Bro Directory Structures"
if not os.path.exists('/opt/nsm'):
os.makedirs('/opt/nsm')
if not os.path.exists('/opt/nsm/bro'):
os.makedirs('/opt/nsm/bro')
os.chdir('bro-2.5.1')
print " Configuring Bro Code"
os.popen('sudo ./configure --prefix=/opt/nsm/bro 2>&1').read()
print " Making Bro Code"
os.popen('sudo make 2>&1').read()
print " Installing Bro Code"
os.popen('sudo make install 2>&1').read()
print " Cleaning Up Bro Installation Files"
os.chdir(cwd)
os.remove('bro-2.5.1.tar.gz')
shutil.rmtree("bro-2.5.1/")
#Update node.cfg to listen on chosen interface
print " Configuring Bro"
newInterfaceString = 'interface=%s\n' % chosenInterface
shutil.move('/opt/nsm/bro/etc/node.cfg', '/opt/nsm/bro/etc/node.orig')
with open("/opt/nsm/bro/etc/node.orig", "rt") as fileIn:
with open("/opt/nsm/bro/etc/node.cfg", "wt") as fileOut:
for line in fileIn:
if line.rstrip() == "interface=eth0":
line = newInterfaceString
fileOut.write(line)
#ignore communication between sensor and webServer, writes a ton of noise
if webServer != 'localhost':
with open("/opt/nsm/bro/etc/broctl.cfg", "a") as broCtlFile:
broCtlFile.write("\nbroargs = -f 'not host %s'\n" % webServer)
print " Deploying and Starting Bro"
os.popen('sudo /opt/nsm/bro/bin/broctl deploy').read()
os.popen('sudo /opt/nsm/bro/bin/broctl start').read()
else:
print "Bro already installed..."
def install(fileCheckKey):
elasticLatest='5.5.1'
#Install Elasticsearch
elasticInstalled=False
if os.path.isfile('/etc/elasticsearch/elasticsearch.yml'):
os.popen('sudo service elasticsearch start').read()
while True:
elasticVersion=os.popen("curl -XGET '10.85.2.150:59200'").read()
try:
jsonStuff=json.loads(elasticVersion)
if jsonStuff['tagline'] == "You Know, for Search":
elasticVersion=jsonStuff['version']['number']
break
else:
print "Waiting for Elasticsearch to start..."
except:
print "Exception: Waiting for Elasticsearch to start..."
sleep(10)
if elasticLatest== elasticVersion.rstrip():
elasticInstalled=True
if elasticInstalled == False:
print "Installing Elasticsearch"
print " Downloading Elasticsearch 5.5.1"
os.popen('sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.1.deb 2>&1').read()
if not os.path.isfile('elasticsearch-5.5.1.deb'):
sys.exit('Error downloading elasticsearch')
if not hashCheck.checkHash('elasticsearch-5.5.1.deb'):
sys.exit('Error downloading elasticsearch, mismatched file hashes')
print " Installing Elasticsearch"
os.popen('sudo dpkg -i elasticsearch-5.5.1.deb').read()
print " Cleaning Up Installation Files"
os.remove('elasticsearch-5.5.1.deb')
os.popen('sudo update-rc.d elasticsearch defaults').read()
#Change heap size to 500m (1/2 of phyical memory)
shutil.move('/etc/elasticsearch/jvm.options','/etc/elasticsearch/jvm.orig')
with open("/etc/elasticsearch/jvm.orig", "rt") as fileIn:
with open("/etc/elasticsearch/jvm.options", "wt") as fileOut:
for line in fileIn:
if line.rstrip() == "-Xms2g":
fileOut.write('-Xms256m\n')
elif line.rstrip() == "-Xmx2g":
fileOut.write('-Xmx256m\n')
else:
fileOut.write(line)
print " Starting Elasticsearch"
os.popen('sudo systemctl enable elasticsearch.service').read()
os.popen('sudo service elasticsearch start').read()
#Sleeping 10 seconds to begin with to give it time to startup.
sleep(10)
while True:
#writeSsIndex = os.popen(
# 'curl -XPUT \'10.85.2.150:59200/sweet_security?pretty\' -H \'Content-Type: application/json\' -d\' {"mappings" : {"ports" : {"properties" : {"mac" : {"type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "port" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}},"protocol" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}},"name" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "product" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "version" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "lastSeen": { "type" : "date" }}}, "devices" : { "properties" : { "hostname" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "nickname" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "ip4" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "vendor" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "ignore" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "active" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "defaultFwAction" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "isolate" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "firstSeen" : { "type" : "date" }, "lastSeen" : { "type" : "date" }}}, "firewallProfiles" : { "properties" : { "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "destination" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, "action" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}}}}}\'').read()
ssIndex='curl -XPUT \'10.85.2.150:59200/sweet_security?pretty\' -H \'Content-Type: application/json\' -d\'' \
' {"mappings" : {' \
' "ports" : {"properties" : {' \
' "mac" : {"type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "port" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}},' \
' "protocol" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}},' \
' "name" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "product" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "version" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "lastSeen": { "type" : "date" }}}, ' \
' "devices" : { "properties" : { ' \
' "hostname" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "nickname" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "ip4" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "vendor" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "ignore" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "active" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "defaultFwAction" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "isolate" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "firstSeen" : { "type" : "date" }, ' \
' "lastSeen" : { "type" : "date" }}}, ' \
' "firewallProfiles" : { "properties" : { ' \
' "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "destination" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "action" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}}},' \
' "sensors" : { "properties" : { ' \
' "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "sensorName" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "broHealth" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "logstashHealth" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "diskUsage" : { "type" : "integer"}, ' \
' "memAvailable" : { "type" : "integer"}, ' \
' "memPercent" : { "type" : "integer"}, ' \
' "memConsumed" : { "type" : "integer"}, ' \
' "firstSeen" : { "type" : "date" }, ' \
' "lastSeen" : { "type" : "date" }}} ' \
'}}\''
writeSsIndex = os.popen(ssIndex).read()
try:
jsonSS = json.loads(writeSsIndex)
if jsonSS['acknowledged'] == True:
print " sweet_security index created"
break
else:
print "Waiting for Elasticsearch to start, will try again in 10 seconds..."
except:
print "Error: Waiting for Elasticsearch to start, will try again in 10 seconds..."
# Sleep 10 seconds to give ES time to get started
sleep(10)
while True:
ssAlertIndex= 'curl -XPUT \'10.85.2.150:59200/sweet_security_alerts?pretty\' -H \'Content-Type: application/json\' -d\'{ ' \
' "mappings" : { ' \
' "alerts" : { "properties" : { ' \
' "source" : { "type" : "text", "fields": {"raw": {"type": "keyword"}}}, ' \
' "message" : { "type" : "text", "fields": {"raw": {"type": "keyword"}}}, ' \
' "mac" : {"type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "firstSeen" : { "type" : "date" }, ' \
' "addressedOn" : { "type" : "date" }, ' \
' "addressed" : { "type" : "integer"}' \
'}}}}\''
writeSsAlertIndex = os.popen(ssAlertIndex).read()
try:
jsonSSAlert = json.loads(writeSsAlertIndex)
if jsonSSAlert['acknowledged'] == True:
print " sweet_security_alert index created"
break
else:
print "Waiting for Elasticsearch to start, will try again in 10 seconds..."
except:
print "Error: Waiting for Elasticsearch to start, will try again in 10 seconds..."
# Sleep 10 seconds to give ES time to get started
sleep(10)
try:
try:
from elasticsearch import Elasticsearch
except:
pass
esService = Elasticsearch()
if fileCheckKey is None:
configData = {'defaultMonitor': 0, 'defaultIsolate': 0, 'defaultFW': 1, 'defaultLogRetention': 0}
else:
configData = {'defaultMonitor': 0, 'defaultIsolate': 0, 'defaultFW': 1, 'defaultLogRetention': 0,
'fileCheckKey': fileCheckKey}
#Sleep a second to make sure index has fully created in ES
sleep(1)
esService.index(index='sweet_security', doc_type='configuration', body=configData)
except Exception, e:
print e
pass
while True:
tardisIndex='curl -XPUT \'10.85.2.150:59200/tardis?pretty\' -H \'Content-Type: application/json\' -d\'' \
' {"mappings" : {' \
' "known_dnsqueries" : {"properties" : {' \
' "mac" : {"type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "query" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}}},' \
' "known_websites" : { "properties" : { ' \
' "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "server_name" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}}}, ' \
' "firewallProfiles" : { "properties" : { ' \
' "mac" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "ip" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}, ' \
' "port" : { "type" : "text", "fields": {"keyword": {"type": "keyword"}}}}}' \
'}}\''
writeTardisIndex = os.popen(tardisIndex).read()
#writeTardisIndex = os.popen('curl -XPUT \'localhost:9200/tardis?pretty\' -H \'Content-Type: application/json\' -d\' {"mappings" : {"known_hosts" : {"properties" : { "mac" : { "type" : "text", "fields": {"raw": {"type": "keyword"}}},"destination" : { "type" : "text", "fields": {"raw": {"type": "keyword"}}},"port" : { "type" : "text", "fields": {"raw": {"type": "keyword"}}}}}}}\'').read()
try:
jsonSS = json.loads(writeTardisIndex)
if jsonSS['acknowledged'] == True:
print " tardis index created"
break
else:
print "Waiting for Elasticsearch to start, will try again in 10 seconds..."
except:
print "Error: Waiting for Elasticsearch to start, will try again in 10 seconds..."
# Sleep 10 seconds to give ES time to get started
sleep(10)