activecm / beaker Goto Github PK
View Code? Open in Web Editor NEWBeacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
License: GNU General Public License v3.0
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
License: GNU General Public License v3.0
Currently, BeaKer uses Elasticsearch v7.16.1, Kibana v7.5.0., and Winlogbeat v7.5.2. These versions are out of date.
Elasticsearch and Kibana should share the same version in order to keep the stack consistent.
All three components should be upgraded to v8.x.
There is a required intermediate upgrade to v7.17.x before upgrading to v8.x. This should be facilitated by the automated installers.
There are a number of breaking changes between these three components and should be addressed by the installer.
I wrote the initial agent script on Win10 with Powershell 5.1.
We don't know what versions of Powershell the agent script is compatible with from there.
I've been requested to update references to the shell-lib submodule to point to the latest commit.
I used ./install_beaker.sh
to install beaker on Ubuntu 16.04 but I got the curl: (22) The requested URL returned error: 503 Service unavailable error
and I'm not able to access kibana dashboard.
When viewing the Sysmon dashboard, the following error message is sometimes displayed:
The first case of this happening occurred in Microsoft Edge on Windows 10. After switching to Google Chrome on Windows 10, the error went away.
Enabling state:storeInSessionStorage
disables the url parameters for selecting the source and destination IP addresses as well as the time period.
If a user changes the elastic password via kibana, they must also update the password in the env file. There should be a comment in the env file letting the user know this.
After changing the elastic password in both the UI and /etc/BeaKer/env, which appear to work, I log out and try to log back in. That page ( https://167.99.207.13:5601/login#?_g=() ) only returns: "Welcome to Kibana, Your window into the Elastic Stack , Cannot connect to the ElasticSearch cluster, See the Kibana logs for details and try reloading this page."
Hi @activecm team,
Unable to install beaker due to below error . i downloaded the code from GIT & i dont see acmlib.sh file under any any folders . Can you assist please ?
./install_beaker.sh
./install_beaker.sh: line 34: ./shell-lib/acmlib.sh: No such file or directory
The agent installer PowerShell script has code that checks if script was run in an Administrator context. If not, the code prompts the user for Administrator credentials or to accept the UAC prompt. The code then re-runs the script in the Administrator context.
There are two issues present. The first is that $args is used for passing the initial command-line arguments onto the script in the Administrator context. $args doesn't appear to be populated if function "param" arguments are declared. The fix for is to enumerate each of "param" arguments when building the $arguments variable.
The next issue is that the execution policy is not set when calling the install script in the Administrator context. The default execution policy is to not allow scripts to be run. This means that on most systems this will likely fail if the execution policy is not specified when the script is called.
When I start this command:
./install_beaker.sh: line 34: ./shell-lib/acmlib.sh: No such file or directory
On my download, the 'shell-lib is empty.
The directory used for creating and storing snapshots for Elasticsearch doesn't always have the necessary permissions from within the container to create a snapshot.
On an upgrade from v7.17.9 to v8.7.0, creating a snapshot fails. The /usr/share/elasticsearch/snapshot
directory is owned by root:root
even though the build for the image changes ownership to elasticsearch:root
. It seems that the permissions are sometimes reverted when the container is restarted/recreated.
User problem: Unable to enter the BeaKer console with the default heap of 1GB. Recommend expanding that to 3GB by default in docker-compose.yml .
The used winlogbeat version v7.5.2 is quite old and becomes Security Support EoL this June. The current stable version is 7.10.2 and should be downloaded via the install script.
The new version also allows “ssl.validation_mode: certificate”. This enables to check the BeaKer/Espy-side server certificate against a CA without requiring an actual matching FQDN in the certificate. It makes securing the communication between the winlogbeat and elasticsearch (in case of BeaKer) or redis (Espy) pretty straight forward, as the server side CA cert can just be included in the winlogbeat config and the server certificate is still considered valid when accessing it directly via IP address or any hostname/FQDN. In short: this makes secure TLS encryption possible without requiring customers to set up DNS entries, internal PKI configuration and manual setup of certificates on both ends.
So far I tested v7.10.2 with BeaKer and Espy configurations on a Windows-VM and have not observed any issues, yet. This also includes testing the TLS approach stated before with BeaKer using the automatically generated kibana CA. Checking this with Espy/Redis is still ongoing as your helper script (generate_tls_certs.sh) only generate a self-signed cert without a CA.
Cheers
Clemens
Original user report
Ran into an issue installing beaker agent on a system that did not have sysmon
installed first. The system is a windows 10, up to date latest patch and the script
was run from an admin user in an admin opened shell. The script runs without issue
but sysmon does not install causing the winlogbeat client to create an error 1706
and not start the service. The error is based on the fact that the service starting
cannot find the sysmon/operational logs since sysmon was not installed. Sysmon
downloads and unpacks just fine and outside of the winlogbeats client not stating,
there is no other error generated during the install process. This was all fixed
by just running the sysmon install. I am going to try again on another machine
to see if I get the same results. Thus far all other installs have been on
machines with sysmon already installed.
Affected OS: Win 10 pro - 10.0.18362 build 18362
Debugging with another user, it was discovered this issue was due to a new version of Sysmon (v11) release on Apr 28, 2020. This release removes the -n
flag that was previously used by the installer. Passing -n
now results in a failed installation of Sysmon.
When installing BeaKer overtop of itself post-upgrade to 8.7.0 and there is an existing snapshot, the elasticsearch container will fail to start and provides the error: Error response from daemon: readdirent /var/lib/docker/volumes/beaker_elasticsearch_snapshots/_data: no such file or directory
The /opt/BeaKer
directory is deleted each time the installer is ran, which contains the snapshots
directory that stores the Elasticsearch snapshots. The snapshots directory should not be deleted.
The installer currently generates self signed certificates to encrypt communications to the Elastic server. We could replace the self signed certificates by having users add volume mounts to replace the installed certificates in the elasticsearch and kibana containers. We should wrap this mechanism and make it more user friendly.
Install log:
Script started on Mon 12 Jul 2021 06:58:57 PM UTC
@.***: @.***�[00m:�[01;34m~/AC-Hunter-v5.3.0�[00m$ ./install_acm.sh beaker 104.131.28.214================ Verifying Connectivity ================
Verifying that we can ssh to 104.131.28.214 - you may need to provide a password to access this system.
Warning: Permanently added '104.131.28.214' (ECDSA) to the list of known hosts.About to open a long-lived connection to 104.131.28.214 - you may need to provide a password to access this system.
BeaKer is an alpha-stage open source project. Any questions or issues should be directed to the issue tracker https://github.com/activecm/BeaKer/issues
Would you still like to continue installing BeaKer? (Y/N)? Y================ Transferring BeaKer.tar to 104.131.28.214. ================
BeaKer.tar 0% 0 0.0KB/s --:-- ETA
BeaKer.tar 15% 101MB 100.9MB/s 00:05 ETA
BeaKer.tar 30% 202MB 100.9MB/s 00:04 ETA
BeaKer.tar 41% 280MB 98.6MB/s 00:03 ETA
BeaKer.tar 56% 376MB 98.4MB/s 00:02 ETA
BeaKer.tar 67% 454MB 96.4MB/s 00:02 ETA
BeaKer.tar 82% 550MB 96.3MB/s 00:01 ETA
BeaKer.tar 97% 649MB 96.6MB/s 00:00 ETA
BeaKer.tar 100% 668MB 95.4MB/s 00:07================ Installing BeaKer.tar on 104.131.28.214. ================
================ Checking for administrator priviledges ================
================ Checking minimum requirements ================
CentOS or Redhat 7 installation detected, good.
/home/wstearns has at least 5120MB of free space, good.
/var/lib has at least 5120MB of free space, good.
/etc has at least 5120MB of free space, good.
/usr has at least 5120MB of free space, good.================ Moving files to /opt/BeaKer ================
================ Installing supporting software ================
Package curl-7.29.0-59.el7_9.1.x86_64 already installed and latest version
Package coreutils-8.22-24.el7_9.2.x86_64 already installed and latest version
Package redhat-lsb-core-4.1-27.el7.centos.1.x86_64 already installed and latest version
No Presto metadata available for updates================ Installing Docker ================
Docker appears to already be installed. Skipping.
Starting the docker service...
Docker service started.
Installing Docker-Compose v1.25.5...
Docker installation complete. 'docker' and 'docker-compose' must be run using sudo or the root account unless you have added your user to the 'docker' group.Docker appears to be working, continuing.
================ Generating BeaKer configuration ================
Please enter a password for the admin Elasticsearch user account.
Username: elastic
�[?1034hPassword:
Password (Confirmation):================ Installing Elasticsearch and Kibana ================
�[1A�[1K�[K
77b174a6a187: Loading layer [> ] 557.1kB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==> ] 9.47MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [=====> ] 23.95MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [========> ] 36.77MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==========> ] 46.24MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [============> ] 52.36MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==============> ] 61.83MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [================> ] 69.63MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==================> ] 80.22MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [=====================> ] 91.91MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [========================> ] 104.7MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [===========================> ] 114.8MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [============================> ] 122MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==============================> ] 129.2MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [================================> ] 135.9MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==================================> ] 143.7MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [====================================> ] 154.9MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [=======================================> ] 164.9MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [========================================> ] 172.1MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [=========================================> ] 177.1MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [===========================================> ] 183.3MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [===========================================> ] 184.9MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==============================================> ] 198.3MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [=================================================> ] 210MB/211.2MB
�[1B�[1A�[1K�[K
77b174a6a187: Loading layer [==================================================>] 211.2MB/211.2MB
�[1B
�[1A�[1K�[K
4c995709a2d2: Loading layer [> ] 557.1kB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [========> ] 13.93MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [================> ] 27.85MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [=====================> ] 35.65MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [============================> ] 46.24MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [=================================> ] 55.71MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [===================================> ] 57.93MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [===========================================> ] 72.42MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [==================================================>] 82.44MB/82.44MB
�[1B�[1A�[1K�[K
4c995709a2d2: Loading layer [==================================================>] 82.44MB/82.44MB
�[1B
�[1A�[1K�[K
bdb18b95f57d: Loading layer [===================> ] 32.77kB/82.43kB
�[1B�[1A�[1K�[K
bdb18b95f57d: Loading layer [==================================================>] 82.43kB/82.43kB
�[1B�[1A�[1K�[K
bdb18b95f57d: Loading layer [==================================================>] 82.43kB/82.43kB
�[1B
�[1A�[1K�[K
1294654b7325: Loading layer [============================> ] 32.77kB/57.86kB
�[1B�[1A�[1K�[K
1294654b7325: Loading layer [==================================================>] 57.86kB/57.86kB
�[1B�[1A�[1K�[K
1294654b7325: Loading layer [==================================================>] 57.86kB/57.86kB
�[1B
�[1A�[1K�[K
8b9919ccaad1: Loading layer [> ] 557.1kB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [> ] 6.128MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [> ] 10.58MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=> ] 15.04MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=> ] 18.94MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=> ] 23.95MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=> ] 28.41MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==> ] 32.87MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==> ] 37.32MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==> ] 42.89MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===> ] 47.91MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===> ] 51.81MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====> ] 68.52MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====> ] 82.44MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======> ] 93.03MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======> ] 108.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======> ] 116.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 119.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 120.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 123.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 125.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 127MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 129.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========> ] 131.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 134.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 137MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 139.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 140.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 142.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========> ] 145.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========> ] 149.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========> ] 163.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========> ] 167.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============> ] 178.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============> ] 181MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============> ] 184.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============> ] 188.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 190.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 193.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 195.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 198.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 201.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============> ] 203.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============> ] 208.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============> ] 210MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============> ] 215MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============> ] 217.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============> ] 219.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 221.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 223.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 225.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 226.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 227.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 230.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 231.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============> ] 233.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================> ] 239MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================> ] 241.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================> ] 244MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================> ] 245.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================> ] 246.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================> ] 249MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================> ] 250.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================> ] 254MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================> ] 255.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================> ] 264MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================> ] 271.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================> ] 276.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================> ] 279.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================> ] 281.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================> ] 282.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================> ] 286.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================> ] 292.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====================> ] 300.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================> ] 308.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================> ] 314.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================> ] 318.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================> ] 322MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================> ] 324.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================> ] 327.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================> ] 333.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================> ] 335.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======================> ] 339.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======================> ] 342.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 352.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 356.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 359.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 361.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 363.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================> ] 365.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================> ] 368.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================> ] 371.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================> ] 373.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================> ] 377.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================> ] 381MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================> ] 384.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================> ] 388.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================> ] 390.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================> ] 394.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================> ] 396.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================> ] 399.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================> ] 402.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================> ] 403.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================> ] 406.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============================> ] 411.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============================> ] 415MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============================> ] 419.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============================> ] 426.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============================> ] 431.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============================> ] 436.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============================> ] 440.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============================> ] 444.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============================> ] 450.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============================> ] 452.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============================> ] 457.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============================> ] 461.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============================> ] 465.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================> ] 469.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================> ] 473.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================> ] 474.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================> ] 478MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================> ] 483.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================> ] 486.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================> ] 494.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================================> ] 499.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================================> ] 503MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================================> ] 507.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================================> ] 511.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================================> ] 515.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================================> ] 519.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================================> ] 522.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===================================> ] 525.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====================================> ] 528.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====================================> ] 535.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====================================> ] 537MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [====================================> ] 540.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================================> ] 545.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================================> ] 549.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================================> ] 553.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=====================================> ] 553.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 557.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 561.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 562.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 564.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 566MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [======================================> ] 569.9MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======================================> ] 576.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======================================> ] 582.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=======================================> ] 584.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================================> ] 587.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================================> ] 593.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================================> ] 595.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================================> ] 597.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [========================================> ] 599.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================================> ] 601.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================================> ] 605MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================================> ] 607.7MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=========================================> ] 614.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==========================================> ] 620.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================================> ] 630MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===========================================> ] 637.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [============================================> ] 646.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============================================> ] 660.1MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=============================================> ] 671.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==============================================> ] 683.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============================================> ] 698MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [===============================================> ] 702.4MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================================> ] 705.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================================> ] 708.6MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================================> ] 712.5MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [================================================> ] 715.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================================> ] 718MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================================> ] 720.8MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================================> ] 725.3MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [=================================================> ] 729.2MB/732MB
�[1B�[1A�[1K�[K
8b9919ccaad1: Loading layer [==================================================>] 732MB/732MB
�[1B
�[1A�[1K�[K
fc8883e0b768: Loading layer [==================================================>] 2.048kB/2.048kB
�[1B�[1A�[1K�[K
fc8883e0b768: Loading layer [==================================================>] 2.048kB/2.048kB
�[1B
�[1A�[1K�[K
906f9038e2bf: Loading layer [==================================================>] 4.096kB/4.096kB
�[1B�[1A�[1K�[K
906f9038e2bf: Loading layer [==================================================>] 4.096kB/4.096kB
�[1B
�[1A�[1K�[K
a55965912b38: Loading layer [==================================================>] 10.75kB/10.75kB
�[1B�[1A�[1K�[K
a55965912b38: Loading layer [==================================================>] 10.75kB/10.75kB
�[1B
�[1A�[1K�[K
5793bc280f6b: Loading layer [==================================================>] 2.56kB/2.56kB
�[1B�[1A�[1K�[K
5793bc280f6b: Loading layer [==================================================>] 2.56kB/2.56kB
�[1B
�[1A�[1K�[K
1a2a3db47b7c: Loading layer [====> ] 32.77kB/374.8kB
�[1B�[1A�[1K�[K
1a2a3db47b7c: Loading layer [==================================================>] 374.8kB/374.8kB
�[1B�[1A�[1K�[K
1a2a3db47b7c: Loading layer [==================================================>] 374.8kB/374.8kB
�[1B
�[1A�[1K�[K
1503aa92c98d: Loading layer [==================================================>] 4.096kB/4.096kB
�[1B�[1A�[1K�[K
1503aa92c98d: Loading layer [==================================================>] 4.096kB/4.096kB
�[1BLoaded image: activecm-beaker/kibana:latest�[1A�[1K�[K
f1b5933fe4b5: Loading layer [> ] 65.54kB/5.796MB
�[1B�[1A�[1K�[K
f1b5933fe4b5: Loading layer [==================================================>] 5.796MB/5.796MB
�[1B
�[1A�[1K�[K
427d5aba030d: Loading layer [> ] 557.1kB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [========> ] 12.26MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [==================> ] 26.74MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [==========================> ] 39.55MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [================================> ] 48.46MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [===================================> ] 52.92MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [====================================> ] 54.59MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [=======================================> ] 58.49MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [=========================================> ] 61.83MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [==========================================> ] 63.5MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [=============================================> ] 66.85MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [===============================================> ] 70.75MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [=================================================> ] 73.53MB/73.92MB
�[1B�[1A�[1K�[K
427d5aba030d: Loading layer [==================================================>] 73.92MB/73.92MB
�[1B
�[1A�[1K�[K
933563071d9a: Loading layer [> ] 65.54kB/5.534MB
�[1B�[1A�[1K�[K
933563071d9a: Loading layer [==================================================>] 5.534MB/5.534MB
�[1B
�[1A�[1K�[K
dcece9135cc8: Loading layer [==================================================>] 3.584kB/3.584kB
�[1B�[1A�[1K�[K
dcece9135cc8: Loading layer [==================================================>] 3.584kB/3.584kB
�[1B
�[1A�[1K�[K
4a0398bd9cd1: Loading layer [> ] 557.1kB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [===> ] 5.014MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [=======> ] 10.58MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [========> ] 12.26MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [==========> ] 15.04MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [=============> ] 20.61MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [==================> ] 27.3MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [=========================> ] 37.88MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [=================================> ] 49.58MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [==========================================> ] 62.95MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [=============================================> ] 66.85MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [==============================================> ] 69.07MB/73.86MB
�[1B�[1A�[1K�[K
4a0398bd9cd1: Loading layer [==================================================>] 73.86MB/73.86MB
�[1B
�[1A�[1K�[K
ff7e31bd2d7d: Loading layer [==================================================>] 3.584kB/3.584kB
�[1B�[1A�[1K�[K
ff7e31bd2d7d: Loading layer [==================================================>] 3.584kB/3.584kB
�[1BLoaded image: taskrabbit/elasticsearch-dump:v6.28.0�[1A�[1K�[K
a637c5048a11: Loading layer [> ] 557.1kB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [=========> ] 14.48MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [================> ] 25.62MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [======================> ] 34.54MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [=============================> ] 45.12MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [================================> ] 50.14MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [==================================> ] 52.36MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [===========================================> ] 66.29MB/76.05MB
�[1B�[1A�[1K�[K
a637c5048a11: Loading layer [==================================================>] 76.05MB/76.05MB
�[1B
�[1A�[1K�[K
98a00a66ddc9: Loading layer [====> ] 32.77kB/379.4kB
�[1B�[1A�[1K�[K
98a00a66ddc9: Loading layer [==================================================>] 379.4kB/379.4kB
�[1B�[1A�[1K�[K
98a00a66ddc9: Loading layer [==================================================>] 379.4kB/379.4kB
�[1B
�[1A�[1K�[K
8c209f7b77e4: Loading layer [> ] 557.1kB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=> ] 12.81MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==> ] 24.51MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [====> ] 39.55MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=====> ] 52.92MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [======> ] 62.95MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=======> ] 76.87MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=========> ] 90.24MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==========> ] 100.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===========> ] 110.3MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [============> ] 120.9MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==============> ] 137MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===============> ] 147.6MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [================> ] 158.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [================> ] 161MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=================> ] 174.9MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===================> ] 188.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [====================> ] 198.9MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=====================> ] 211.7MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=======================> ] 226.2MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [========================> ] 239MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==========================> ] 254.6MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===========================> ] 270.7MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=============================> ] 284.1MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=============================> ] 285.2MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==============================> ] 299.1MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===============================> ] 310.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=================================> ] 324.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=================================> ] 331.4MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==================================> ] 335.3MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===================================> ] 345.9MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [====================================> ] 361MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [======================================> ] 377.1MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [========================================> ] 393.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=========================================> ] 409.4MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===========================================> ] 422.8MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [============================================> ] 438.4MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=============================================> ] 444.5MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [=============================================> ] 449.5MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [===============================================> ] 464MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [================================================> ] 477.4MB/489.2MB
�[1B�[1A�[1K�[K
8c209f7b77e4: Loading layer [==================================================>] 489.2MB/489.2MB
�[1B
�[1A�[1K�[K
51c8b344aff4: Loading layer [==================================================>] 4.608kB/4.608kB
�[1B�[1A�[1K�[K
51c8b344aff4: Loading layer [==================================================>] 4.608kB/4.608kB
�[1B
�[1A�[1K�[K
bbe00082f193: Loading layer [==================================================>] 7.68kB/7.68kB
�[1B�[1A�[1K�[K
bbe00082f193: Loading layer [==================================================>] 7.68kB/7.68kB
�[1B
�[1A�[1K�[K
1db22aac58f9: Loading layer [==================================================>] 9.728kB/9.728kB
�[1B�[1A�[1K�[K
1db22aac58f9: Loading layer [==================================================>] 9.728kB/9.728kB
�[1B
�[1A�[1K�[K
f3a70014af53: Loading layer [==================================================>] 4.608kB/4.608kB
�[1B�[1A�[1K�[K
f3a70014af53: Loading layer [==================================================>] 4.608kB/4.608kB
�[1BLoaded image: activecm-beaker/elasticsearch:latest
docker-compose: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permittedInstallation failed on line install_beaker.sh:139.
Shared connection to 104.131.28.214 closed.
Installation failed on line install_acm.sh:419.
@.***: @.***�[00m:�[01;34m~/AC-Hunter-v5.3.0�[00m$ exit
Script done on Mon 12 Jul 2021 07:03:08 PM UTC
By default, winlogbeat uses plain http authentication to authenticate to elasticsearch.
We need to create a self signed cert for elasticsearch and edit the winlogbeat configuration to accept the self signed cert.
https://www.elastic.co/guide/en/beats/winlogbeat/current/securing-communication-elasticsearch.html
We should add a script to configure data from audit and feed it into Elastic Auditbeat
which can then ship it to Elasticsearch.
Elasticsearch is affected by the CVE-2021-44228 log4j vulnerability. As of now, the issue has been fixed in Elasticsearch 7.16.1.
Kibana and winlogbeat are not affected. No action should be taken to update the docker images for Kibana and winlogbeat.
More information here
Upgrade the image for Elasticsearch to 7.16.1
We often test the result of a curl command in the installer to know if a REST action succeeded when interacting with ES/ Kibana. If the server successfully returns a non-200 HTTP code, curl returns 0 to the script. The --fail
flag tells curl to error out on non-200 error codes. It was successfully added to kibana/import-dashboard.sh to alleviate timing issues w.r.t. ES initializing. We have seen installs where the ingest user account is not created, but the installer believes it was. Adding the --fail
flag will likely resolve these issues as well.
#11 introduced es-dump as a docker container dependency. However, it is not exported when generate_installer.sh is ran. This results in an installer that requires access to dockerhub to run.
We should export es-dump with the rest of the docker images to remove the runtime dependency on access to dockerhub.
I see that the BeaKer/Espy installation-scripts install-sysmon-beats.ps1 install winlogbeat into C:\Program Files\winlogbeat- and parts of the config in C:\ProgramData\winlogbeat. Incase winlogbeat is already installed on this machine (e.g. for some custom logging unrelated to BeaKer/Espy/AC-Hunter), the script would overwrite the previously existing installation.
My idea to not have this issue would be to create own directories in Program Files and ProgramData (e.g. espy-agent) and change the winlogbeat service installation script to create a service with another name (e.g. “espy-agent” instead “winlogbeat”).
This may also extend a little to Sysmon configuration (creating sysmon-net-only.xml), but to my understanding this xml file would probably not exist previously anyways (but it may still be worth considering to name it different, preventing any possible conflicts).
Cheers
Clemens
Is it possible to add beaker dashboard on an already installed Kibana?
During install I’m getting the following error
curl: (35) OpenSSL SSL_conmect: Connection reset by peer in connection to localhost:5601
The installer encountered an error while uploading dashboards to Kibana…
In https://github.com/activecm/BeaKer/blob/master/installer/stage/BeaKer/install_beaker.sh , function ensure_certificates_exist , we never set the permissions on Kibana.crt , Kibana.key , and the parent directories. One customer has found that their ownership and permissions were root.root , mode 600; this doesn't allow the Kibana container to read those files as the container runs under a non-root user. I'd like to suggest adding something like this to that function after the files are created and opened back up from the zip (immediately following '$SUDO rm "$BEAKER_CONFIG_DIR/certificates/certs.zip"'):
$SUDO chmod 644 /etc/BeaKer/certificates/Kibana/Kibana.*
$SUDO chmod 755 /etc/BeaKer/ /etc/BeaKer/certificates/ /etc/BeaKer/certificates/Kibana/
The $Env:ProgramData\winlogbeat folder that is created as part of the agent install script is accessible by all users. Although users cannot delete or modify the files, they are able to view the files and create new files in the folder. This could cause some potential security concerns. For instance, users can potentially access the keystore file in that folder that is used for accessing the Elasticsearch instance.
Add [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
to the agent script which forces Powershell to use TLS 1.2 rather than the default 1.0. This is only used to download Sysmon and WinLogBeat.
We should be able to create a dataset using the software normally and export that dataset so it can be re-used during QA cycles.
Beaker docker can not be installed properly and many errors come up. after 2 days struggling to solve the errors, still no output.
is it possible to provide a more comprehensive install instructions? for manual setup
OS:
Fresh installs of each
Tested on rehl 7.9 server with gui.
Tested on Ubuntu 20.04 Desktop
Tested on Ubuntu 20,04 server
HWinfo:
CPU: min 8 cores
Physical CPU's tested: Ryzen 4800u; Ryzen 7735h ; Ryzen 5800hs
VCPU: qemu type 3 CPU
RAM: tested with betwee 8 and 12 Gb.
Process:
install OS
Install docker-compose 2.17.3
Versionlock/mark docker-compose to prevent it from updating.
Run the installer to allow all other components to install from Repos.
Result:
After install completes when you try to access localhost:5601 OR 127.0.0.1:5601 OR x.x.x.x:5601 from external machine. All tests result in browser saying the connection was reset.
netstat -tulpn on the host shows 5601 exposed.
curl localhost:5601 receives an empty frame response.
Notes:
I have noticed that the first 3 containers that are built don't appear to be finishing completion within the script. That is the only section where x/y =/= 1 for the completion status... but there is not an error or a stop code being generated.
I'm unsure where to go from here but I can provide more info as needed. Just let me know what you want to know. Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.