Merge pull request #2 from AdsumSOK/master

bitsofinfo · web-flow · commit d06301cc8f4a · 2019-07-24T08:00:55.000-06:00
Update Elastic search to 7.2.0
diff --git a/Dockerfile b/Dockerfile
@@ -3,8 +3,8 @@ FROM centos:latest
 EXPOSE 9200
 EXPOSE 5601
 
-ENV ES_VERSION 5.6.3
-ENV KIBANA_VERSION 5.6.3
+ENV ES_VERSION 7.2.0
+ENV KIBANA_VERSION 7.2.0
 
 RUN yum -y install epel-release && yum clean all
 RUN yum -y install unzip zip curl git java-1.8.0-openjdk python python-pip && yum clean all
@@ -14,12 +14,15 @@ RUN pip install beautifulsoup4 python-dateutil html5lib lxml tornado retrying py
 
 RUN mkdir /toolbox
 ADD kibana.yml /toolbox
-RUN useradd -r elasticsearch
+#Trick to adjust access rights between host and docker shared directories
+RUN groupadd  -g 1001 elasticsearch 
+RUN useradd -r elasticsearch --uid 1000 --gid 1001
 
 RUN cd /toolbox && \
-    curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ES_VERSION}.zip && \
-    unzip elasticsearch-${ES_VERSION}.zip && \
-    rm -rf elasticsearch-${ES_VERSION}.zip && \
+#Elasticsearch is now a tar.gz file
+    curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ES_VERSION}-linux-x86_64.tar.gz && \
+    tar -xvzf elasticsearch-${ES_VERSION}-linux-x86_64.tar.gz && \
+    rm -rf elasticsearch-${ES_VERSION}-linux-x86_64.tar.gz && \
     ln -s elasticsearch-${ES_VERSION} elasticsearch && \
     chown -R elasticsearch elasticsearch-${ES_VERSION}
 
@@ -35,9 +38,17 @@ RUN cd /toolbox && \
 
 RUN cd /toolbox && git clone https://github.com/bitsofinfo/elasticsearch-gmail.git
 RUN cd /toolbox && git clone https://github.com/bitsofinfo/csv2es.git
+#get this intersting repo too
+RUN cd /toolbox && git clone https://github.com/cvandeplas/ELK-forensics
+
+#Trick to modify elasticsearch-gmail.git repo to comply to new elastic search requirements
+RUN sed -i 's~request = HTTPRequest(tornado.options.options.es_url + "/_bulk", method="POST", body=upload_data_txt, request_timeout=tornado.options.options.es_http_timeout_seconds)~request = HTTPRequest(tornado.options.options.es_url + "/_bulk", method="POST", body=upload_data_txt, request_timeout=tornado.options.options.es_http_timeout_seconds,headers={"content-type":"application/json"})~g' /toolbox/elasticsearch-gmail/src/index_emails.py
+#New elasticsearch mandatory params
+RUN sed -i 's/#node.name: node-1/node.name: node-1/g' /toolbox/elasticsearch/config/elasticsearch.yml
+RUN sed -i 's/#cluster.initial_master_nodes: \["node-1", "node-2"\]/cluster.initial_master_nodes: \["node-1"\]/g' /toolbox/elasticsearch/config/elasticsearch.yml
+
+
 
 ADD entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
-
-#CMD ["python","/toolbox/elasticsearch-gmail/src/index_emails.py"]
diff --git a/README.md b/README.md
@@ -118,7 +118,8 @@ Bring up a terminal or command prompt on your computer and run the following, be
 *Note: if using Docker Toolbox for Windows*: All of the mounted volumes below should live somewhere under your home directory under `c:\Users\[your username]\...` due to permissions issues.
 
 ```
-docker run --rm -ti -p 5601:5601 \
+docker run --rm -ti \
+   --ulimit nofile=65536:65536 \
   -v PATH/TO/YOUR/my-email.mbox:/toolbox/email.mbox \
   -v PATH/TO/ELASTICSEARCH_DATA_DIR:/toolbox/elasticsearch/data \
   comms-analyzer-toolbox:latest \
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -8,11 +8,10 @@ else
   echo "using: ES_JAVA_OPTS=$ES_JAVA_OPTS"
 fi
 
-
 echo
 echo "Starting ElasticSearch.... please wait"
 echo
-su -c "export ES_JAVA_OPTS='$ES_JAVA_OPTS'; nohup /toolbox/elasticsearch/bin/elasticsearch -d -Enetwork.host=0.0.0.0 &>/toolbox/elasticsearch/elasticsearch.log &" -s /bin/bash elasticsearch
+su -c "export ES_JAVA_OPTS='$ES_JAVA_OPTS'; nohup /toolbox/elasticsearch/bin/elasticsearch -d -Enetwork.host=0.0.0.0 &>/toolbox/elasticsearch/logs/elasticsearch.log &" -s /bin/bash elasticsearch
 sleep 10
 timeout 30 tail -f /toolbox/elasticsearch/logs/elasticsearch.log
 
