| skipped 205 lines |
206 | 206 | | |
207 | 207 | | - **elk** a kibana is configured on http://192.168.56.50:5601 to follow the lab events |
208 | 208 | | - infos : log encyclopedia : https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/ |
209 | | - | - the elk is not installed installed by default due to ressources reasons. |
| 209 | + | - the elk is not installed by default due to resources reasons. |
210 | 210 | | - to install and start the elk play the following commands : |
211 | | - | 1. uncomment the elk vm in vagrant and provision with `vagrant up elk` |
| 211 | + | 1. uncomment the elk vm in vagrant and provision with `vagrant up elk` (do not forget to add a coma on the box before) |
212 | 212 | | ``` |
213 | 213 | | # { :name => "elk", :ip => "192.168.56.50", :box => "bento/ubuntu-18.04", :os => "linux", |
214 | 214 | | # :forwarded_port => [ |
| skipped 2 lines |
217 | 217 | | # } |
218 | 218 | | ``` |
219 | 219 | | |
220 | | - | 2. you need `sshpass` for the elk installation |
| 220 | + | 2. uncomment the elk part in ansible/hosts file |
221 | 221 | | ``` |
222 | | - | sudo apt install sshpass |
223 | | - | ``` |
| 222 | + | [elk:vars] |
| 223 | + | ansible_connection=ssh |
| 224 | + | ansible_ssh_user=vagrant |
| 225 | + | ansible_ssh_private_key_file=./.vagrant/machines/elk/virtualbox/private_key |
| 226 | + | ansible_ssh_port=22 |
| 227 | + | host_key_checking = false |
224 | 228 | | |
225 | | - | 3. Chocolatey is needed to use elk. To install it run: |
| 229 | + | [elk] |
| 230 | + | 192.168.56.50 |
226 | 231 | | ``` |
227 | | - | ansible-galaxy collection install chocolatey.chocolatey |
| 232 | + | |
| 233 | + | 3. install with docker |
| 234 | + | ```bash |
| 235 | + | sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook elk.yml |
228 | 236 | | ``` |
229 | 237 | | |
230 | | - | 4. play the elk.yml playbook to install and run elk: |
| 238 | + | 3. or install on hand : |
| 239 | + | |
| 240 | + | - you need `sshpass` for the elk installation |
| 241 | + | ```bash |
| 242 | + | sudo apt install sshpass |
231 | 243 | | ``` |
| 244 | + | - Chocolatey is needed to use elk. To install it run: |
| 245 | + | ```bash |
| 246 | + | ansible-galaxy collection install chocolatey.chocolatey |
| 247 | + | ``` |
| 248 | + | - play the elk.yml playbook to install and run elk: |
| 249 | + | ```bash |
232 | 250 | | ansible-playbook elk.yml |
233 | 251 | | ``` |
234 | 252 | | |
| skipped 332 lines |