install-scripts/graylog/install.sh

139 lines
4.8 KiB
Bash

#!/bin/bash
# Check if the script is being run as root
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
echo "Updating system..."
# Update the system
apt update && apt upgrade -y
echo "Installing dependencies..."
# Install prerequisites for Graylog, OpenSearch, and MongoDB
apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen wget gnupg
check_system_requirements() {
echo "Checking the minimum system requirements for Graylog..."
# Minimum required RAM (in MB)
minimum_ram=4096
# Minimum required disk space (in GB)
minimum_disk_space=50
# Get total RAM in the system
total_ram=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
# Get total disk space in the system
total_disk_space=$(df -BG --output=avail / | sed '1d' | awk '{print $1}' | sed 's/G//')
# Check if RAM meets the minimum requirements
if [ "$total_ram" -lt "$minimum_ram" ]; then
echo "Error: Insufficient RAM. Graylog requires a minimum of $minimum_ram MB of RAM."
exit 1
else
echo "RAM: $total_ram MB - meets minimum requirements."
fi
# Check if disk space meets the minimum requirements
if [ "$total_disk_space" -lt "$minimum_disk_space" ]; then
echo "Error: Insufficient disk space. Graylog requires a minimum of $minimum_disk_space GB of available disk space."
exit 1
else
echo "Disk space: $total_disk_space GB - meets minimum requirements."
fi
echo "System meets the minimum requirements for Graylog."
}
# Disable huge pages support
echo "Disabling huge pages support..."
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
# Set maximum file count for OpenSearch
echo "Setting maximum file count for OpenSearch..."
sysctl -w vm.max_map_count=262144
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
# Add the OpenSearch repository and its GPG key
echo "Adding OpenSearch repository..."
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-2.x.list
# Add the MongoDB repository
echo "Adding MongoDB repository..."
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/debian buster/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list
# Add the Graylog repository and its GPG key
echo "Adding Graylog repository..."
wget -qO - https://packages.graylog2.org/repo/packages/graylog-5.3-repository_latest.deb | dpkg -i -
# Update the package index again
echo "Updating package index..."
apt update
#Add OpenSearch User
echo "Adding Opensearch User"
adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group opensearch
# Install OpenSearch and MongoDB
echo "Installing OpenSearch"
apt install -y opensearch
#Create OpenSearch Directories
mkdir -p /graylog/opensearch/data
mkdir /var/log/opensearch
#Extract Contents from tar
tar -zxf opensearch-2.0.1-linux-x64.tar.gz
mv opensearch-2.0.1/* /graylog/opensearch/
#Create empty log file
sudo -u opensearch touch /var/log/opensearch/graylog.log
#Set Permissions
chown -R opensearch:opensearch /graylog/opensearch/
chown -R opensearch:opensearch /var/log/opensearch
chmod -R 2750 /graylog/opensearch/
chmod -R 2750 /var/log/opensearch/
# Add OpenSearch service and set it to start automatically
echo "Adding OpenSearch service and enabling autostart..."
systemctl enable opensearch
systemctl start opensearch
#Install MongoDB
echo "Installing MongoDB"
sudo apt install -y MongoDB
# Install Graylog
echo "Installing Graylog..."
apt install -y graylog-server
# Prompt user to enter admin user password
read -sp "Enter your desired admin password for Graylog: " GRAYLOG_ADMIN_PASSWORD
echo
# Generate a secret key for Graylog
echo "Generating secret key for Graylog..."
GRAYLOG_SECRET=$(pwgen -N 1 -s 96)
sed -i "s/password_secret =.*/password_secret = $GRAYLOG_SECRET/" /etc/graylog/server/server.conf
# Generate a hash password for the admin user
echo "Generating hash password for the admin user..."
GRAYLOG_PASSWORD=$(echo -n "$GRAYLOG_ADMIN_PASSWORD" | sha256sum | awk '{print $1}')
sed -i "s/root_password_sha2 =.*/root_password_sha2 = $GRAYLOG_PASSWORD/" /etc/graylog/server/server.conf
# Reload systemd
echo "Reloading systemd..."
systemctl daemon-reload
# Enable and start Graylog service
echo "Enabling and starting Graylog service..."
systemctl enable graylog-server
systemctl start graylog-server
echo "Graylog installation complete. You can access it at http://your-server-ip:9000"