CentOS 7, ELK Stack

ELK Stack with CentOS7

Supporting Tools

sudo yum install java-1.8.0-openjdk nano wget net-tools telnet htop

Nginx & Configuration

sudo yum install epel-release
sudo yum install nginx
sudo systemctl start nginx

sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
sudo firewall-cmd --reload

sudo systemctl enable nginx

Elasticsearch & Configuration

sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

sudo vi /etc/yum.repos.d/elasticsearch.repo
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

sudo yum install elasticsearch

Change and Add Config below
network.host: hostip
http.port: 9200
discovery.zen.ping.unicast.hosts: ["hostip ", " hostip:9200"]
cluster.initial_master_nodes: hostip
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

Change password for default elastic account
bin/elasticsearch-setup-passwords interactive
Enter password for [elastic]
Enter password for [kibana]
Enter password for [logstash_system]
Enter password for [apm_system]
Enter password for [beats_system]
Enter password for [remote_monitoring_user]

sudo firewall-cmd --permanent --zone=public --add-port=9200/tcp
sudo firewall-cmd --permanent --zone=public --add-port=9200/udp
sudo firewall-cmd --reload

Configure Data Directory
sudo mv /var/lib/elasticsearch /folder/destination
Change elasticsearch.yml
path.data: /folder/destination
sudo chown elasticsearch:elasticsearch /folder/destination

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

curl -X GET "localhost:9200" -u username:password

Kibana & Configuration

sudo yum install kibana

sudo systemctl enable kibana
sudo systemctl start kibana

Configure Kibana.yml
server.port: 5601
server.host: " hostip "
elasticsearch.hosts: http://hostip:9200
elasticsearch.username: "kibana"
elasticsearch.password: "whateverpasswordyouset"

Creating Self Sign Cert for NGINX Reverse Proxy
openssl pkcs12 -in domain.pfx -nocerts -out domain.key
openssl rsa -in domain.key -out domain_nopem.key
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt

Copy Cert & Key file to different location example below
sudo cp /cert/folder/ /etc/nginx/certfolder
sudo chown nginx:nginx domain.key
sudo chown nginx:nginx domain.crt

sudo firewall-cmd --permanent --zone=public --add-port=5601/tcp
sudo firewall-cmd --permanent --zone=public --add-port=5601/udp
sudo firewall-cmd --reload

Nginx Conf

sudo vi /etc/nginx/conf.d/domain.conf

server {
    listen 443;
    ssl on;
    ssl_certificate /folder/location/certfilename.crt;
    ssl_certificate_key /folder/location/certfilename.key;
    ssl_protocols TLSv1.1 TLSv1.2;
server_tokens off;

    server_name hostname privateip;
    auth_basic ""Restricted Access"";

    location / {
        proxy_pass http:// hostip:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

SELinux
sudo setsebool httpd_can_network_connect 1 -P

sudo systemctl restart nginx

Logstash & Configuration

sudo yum install logstash

sudo systemctl start logstash
sudo systemctl enable logstash

sudo firewall-cmd --permanent --zone=public --add-port=5044/tcp
sudo firewall-cmd --permanent --zone=public --add-port=5044/udp
sudo firewall-cmd --reload

Multiple Config Setup

sudo nano /etc/logstash/pipelines.ym

Disable default config
#- pipeline.id: main
#  path.config: "/etc/logstash/conf.d/*.conf"

Add new config based on requirement, sample below
- pipeline.id: elastiflow
  path.config: "/etc/logstash/elastiflow/conf.d/*.conf"
- pipeline.id: sophos
  path.config: "/etc/logstash/conf.d/sophos/*.conf"
- pipeline.id: CISCO
  path.config: "/etc/logstash/conf.d/CISCO/*.conf"

Account & Roles Creation

Create Users
Management – Security – Users Create Users
Click “Create user”Create Users

Create Roles
Management – Security – Roles
Click “Create role”Create Roles

WordPress CentOS7, MySQL, Nginx, Cloud Service

Install WordPress on CentOS7, with MySQL on ESC

Supporting Tools

sudo yum install wget nano telnet openssl

Install NGINX

sudo yum install epel-release
sudo yum install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo firewall-cmd –permanent –zone=public –add-service=http
sudo firewall-cmd –permanent –zone=public –add-service=https
sudo firewall-cmd –reload

Install PHP

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager –disable remi-php54
yum-config-manager –enable remi-php73
yum install sudo yum install php-cli php-fpm php-mysql php-json php-opcache php-mbstring php-xml php-gd php-curl
php -v
PHP 7.3.8 (cli) (built: Jul 30 2019 09:26:16) ( NTS )


/etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /run/php-fpm/www.sock
listen.owner = nginx
listen.group = nginx
sudo chown -R nginx:nginx /var/lib/php
sudo systemctl enable php-fpm
sudo systemctl start php-fpm

Download WordPress

sudo mkdir -p /var/www/example.com
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar xf latest.tar.gz
sudo mv /tmp/wordpress/* /var/www/example.com/
sudo chown -R nginx: /var/www/example.com

Configure Nginx

sudo nano /etc/nginx/conf.d/example.com.conf
https://www.prado.lt/how-to-install-wordpress-linux-nginx-mariadb-10-3-php-7-3-lemp-stack-on-centos-7

server {
     listen      443;
     server_name publicip example.com;
     ssl on;
     ssl_certificate /home/example.com-cert/example.com.crt;
     ssl_certificate_key /home/example.com-cert/example.com_key.key;
     ssl_protocols TLSv1.1 TLSv1.2;
     server_tokens off;

# Define default caching of 24h
expires 86400s;
add_header Pragma public;
add_header Cache-Control "max-age=86400, public, must-revalidate, proxy-revalidate";

# deliver a static 404
error_page 404 /404.html;
location  /404.html {
    internal;
}

# Deliver 404 instead of 403 "Forbidden"
error_page 403 = 404;

# Do not allow access to files giving away your WordPress version
location ~ /(\.|wp-config.php|readme.html|licence.txt) {
    return 404;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Don't log robots.txt requests
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# Rewrite for versioned CSS+JS via filemtime
location ~* ^.+\.(css|js)$ {
    rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
    expires 31536000s;
    access_log off;
    log_not_found off;
    add_header Pragma public;
    add_header Cache-Control "max-age=31536000, public";
}

# Aggressive caching for static files
# If you alter static files often, please use
# add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
location ~* \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
    expires 31536000s;
    access_log off;
    log_not_found off;
    add_header Pragma public;
    add_header Cache-Control "max-age=31536000, public";
}
error_log  /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;

root  /var/www/example.com/;
location / {
    index  index.php index.html index.htm;
}

# get friendly url links working
if (!-e $request_filename) {
    rewrite ^(.+)$ /index.php?q=$1 last;
}

# pass all PHP files through php-fpm
location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass   unix:/var/run/php-fpm/www.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME /var/www/example.com/$fastcgi_script_name;
    include        /etc/nginx/fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_ignore_client_abort off;
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
}

# deny all apache .htaccess or .htpasswd files
location ~ /\.ht {
    deny all;
}
# Deny access to hidden files
location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
}
}

sudo nano /etc/nginx/conf.d/example.com.conf

MySQL

cd tmp/
get http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
sudo rpm -ivh mysql-community-release-el7-5.noarch.rpm
sudo yum update
sudo yum install mysql
mysql -h<somerandomcharacter.mysql.kualalumpur.rds.aliyuncs.com> -P<Port number> -u<Username> -p<Password>

Design a site like this with WordPress.com
Get started