#!/bin/bash # Check if the script is being run as root if [ "$(id -u)" -ne 0 ]; then echo "This script must be run as root" 1>&2 exit 1 fi echo "Updating system..." # Update the system apt update && apt upgrade -y echo "Installing dependencies..." # Install prerequisites for Graylog, OpenSearch, and MongoDB apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen wget gnupg # Function to check if the system meets the minimum requirements for Graylog check_system_requirements() { echo "Checking system requirements for Graylog..." # Minimum required RAM (in MB) minimum_ram=4096 # Minimum required disk space (in GB) minimum_disk_space=50 # Get total RAM in the system total_ram=$(awk '/MemTotal/ {print $2}' /proc/meminfo) # Get total disk space in the system total_disk_space=$(df -BG --output=avail / | sed '1d' | awk '{print $1}' | sed 's/G//') # Check if RAM meets the minimum requirements if [ "$total_ram" -lt "$minimum_ram" ]; then echo "Error: Insufficient RAM. Graylog requires a minimum of $minimum_ram MB of RAM." exit 1 else echo "RAM: $total_ram MB - meets minimum requirements." fi # Check if disk space meets the minimum requirements if [ "$total_disk_space" -lt "$minimum_disk_space" ]; then echo "Error: Insufficient disk space. Graylog requires a minimum of $minimum_disk_space GB of available disk space." exit 1 else echo "Disk space: $total_disk_space GB - meets minimum requirements." fi echo "System meets the minimum requirements for Graylog." } # Disable huge pages support echo "Disabling huge pages support..." echo never > /sys/kernel/mm/transparent_hugepage/enabled echo never > /sys/kernel/mm/transparent_hugepage/defrag # Set maximum file count for OpenSearch echo "Setting maximum file count for OpenSearch..." sysctl -w vm.max_map_count=262144 echo "vm.max_map_count=262144" >> /etc/sysctl.conf # Add the OpenSearch repository and its GPG key echo "Adding OpenSearch repository..." wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opensearch | apt-key add - echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/debian stable main" | tee /etc/apt/sources.list.d/opensearch.list # Add the MongoDB repository echo "Adding MongoDB repository..." wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/debian buster/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list # Add the Graylog repository and its GPG key echo "Adding Graylog repository..." wget -qO - https://packages.graylog2.org/repo/packages/graylog-5.3-repository_latest.deb | dpkg -i - # Update the package index again echo "Updating package index..." apt update #Add OpenSearch User echo "Adding Opensearch User" adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group opensearch # Install OpenSearch and MongoDB echo "Installing OpenSearch" apt install -y opensearch #Create OpenSearch Directories mkdir -p /graylog/opensearch/data mkdir /var/log/opensearch #Extract Contents from tar tar -zxf opensearch-2.0.1-linux-x64.tar.gz mv opensearch-2.0.1/* /graylog/opensearch/ #Create empty log file sudo -u opensearch touch /var/log/opensearch/graylog.log #Set Permissions chown -R opensearch:opensearch /graylog/opensearch/ chown -R opensearch:opensearch /var/log/opensearch chmod -R 2750 /graylog/opensearch/ chmod -R 2750 /var/log/opensearch/ #Install MongoDB echo "Installing MongoDB" sudo apt install -y MongoDB # Install Graylog echo "Installing Graylog..." apt install -y graylog-server # Prompt user to enter admin user password read -sp "Enter your desired admin password for Graylog: " GRAYLOG_ADMIN_PASSWORD echo # Generate a secret key for Graylog echo "Generating secret key for Graylog..." GRAYLOG_SECRET=$(pwgen -N 1 -s 96) sed -i "s/password_secret =.*/password_secret = $GRAYLOG_SECRET/" /etc/graylog/server/server.conf # Generate a hash password for the admin user echo "Generating hash password for the admin user..." GRAYLOG_PASSWORD=$(echo -n "$GRAYLOG_ADMIN_PASSWORD" | sha256sum | awk '{print $1}') sed -i "s/root_password_sha2 =.*/root_password_sha2 = $GRAYLOG_PASSWORD/" /etc/graylog/server/server.conf # Reload systemd echo "Reloading systemd..." systemctl daemon-reload # Enable and start Graylog service echo "Enabling and starting Graylog service..." systemctl enable graylog-server systemctl start graylog-server echo "Graylog installation complete. You can access it at http://your-server-ip:9000"