101 lines
3.4 KiB
Bash
101 lines
3.4 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
# Check if the script is being run as root
|
||
|
if [ "$(id -u)" -ne 0 ]; then
|
||
|
echo "This script must be run as root" 1>&2
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
echo "Updating system..."
|
||
|
# Update the system
|
||
|
apt update && apt upgrade -y
|
||
|
|
||
|
echo "Installing dependencies..."
|
||
|
# Install prerequisites for Graylog, OpenSearch, and MongoDB
|
||
|
apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen wget gnupg
|
||
|
|
||
|
# Disable huge pages support
|
||
|
echo "Disabling huge pages support..."
|
||
|
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
||
|
echo never > /sys/kernel/mm/transparent_hugepage/defrag
|
||
|
|
||
|
# Set maximum file count for OpenSearch
|
||
|
echo "Setting maximum file count for OpenSearch..."
|
||
|
sysctl -w vm.max_map_count=262144
|
||
|
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
|
||
|
|
||
|
# Add the OpenSearch repository and its GPG key
|
||
|
echo "Adding OpenSearch repository..."
|
||
|
wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opensearch | apt-key add -
|
||
|
echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/debian stable main" | tee /etc/apt/sources.list.d/opensearch.list
|
||
|
|
||
|
# Add the MongoDB repository
|
||
|
echo "Adding MongoDB repository..."
|
||
|
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add -
|
||
|
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/debian buster/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list
|
||
|
|
||
|
# Add the Graylog repository and its GPG key
|
||
|
echo "Adding Graylog repository..."
|
||
|
wget -qO - https://packages.graylog2.org/repo/packages/graylog-5.3-repository_latest.deb | dpkg -i -
|
||
|
|
||
|
# Update the package index again
|
||
|
echo "Updating package index..."
|
||
|
apt update
|
||
|
|
||
|
#Add OpenSearch User
|
||
|
echo "Adding Opensearch User"
|
||
|
adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group opensearch
|
||
|
|
||
|
# Install OpenSearch and MongoDB
|
||
|
echo "Installing OpenSearch"
|
||
|
apt install -y opensearch
|
||
|
|
||
|
#Create OpenSearch Directories
|
||
|
mkdir -p /graylog/opensearch/data
|
||
|
mkdir /var/log/opensearch
|
||
|
|
||
|
#Extract Contents from tar
|
||
|
tar -zxf opensearch-2.0.1-linux-x64.tar.gz
|
||
|
mv opensearch-2.0.1/* /graylog/opensearch/
|
||
|
|
||
|
#Create empty log file
|
||
|
sudo -u opensearch touch /var/log/opensearch/graylog.log
|
||
|
|
||
|
#Set Permissions
|
||
|
chown -R opensearch:opensearch /graylog/opensearch/
|
||
|
chown -R opensearch:opensearch /var/log/opensearch
|
||
|
chmod -R 2750 /graylog/opensearch/
|
||
|
chmod -R 2750 /var/log/opensearch/
|
||
|
|
||
|
#Install MongoDB
|
||
|
echo "Installing MongoDB"
|
||
|
sudo apt install -y MongoDB
|
||
|
|
||
|
# Install Graylog
|
||
|
echo "Installing Graylog..."
|
||
|
apt install -y graylog-server
|
||
|
|
||
|
# Prompt user to enter admin user password
|
||
|
read -sp "Enter your desired admin password for Graylog: " GRAYLOG_ADMIN_PASSWORD
|
||
|
echo
|
||
|
|
||
|
# Generate a secret key for Graylog
|
||
|
echo "Generating secret key for Graylog..."
|
||
|
GRAYLOG_SECRET=$(pwgen -N 1 -s 96)
|
||
|
sed -i "s/password_secret =.*/password_secret = $GRAYLOG_SECRET/" /etc/graylog/server/server.conf
|
||
|
|
||
|
# Generate a hash password for the admin user
|
||
|
echo "Generating hash password for the admin user..."
|
||
|
GRAYLOG_PASSWORD=$(echo -n "$GRAYLOG_ADMIN_PASSWORD" | sha256sum | awk '{print $1}')
|
||
|
sed -i "s/root_password_sha2 =.*/root_password_sha2 = $GRAYLOG_PASSWORD/" /etc/graylog/server/server.conf
|
||
|
|
||
|
# Reload systemd
|
||
|
echo "Reloading systemd..."
|
||
|
systemctl daemon-reload
|
||
|
|
||
|
# Enable and start Graylog service
|
||
|
echo "Enabling and starting Graylog service..."
|
||
|
systemctl enable graylog-server
|
||
|
systemctl start graylog-server
|
||
|
|
||
|
echo "Graylog installation complete. You can access it at http://your-server-ip:9000"
|