Cyber security

Generating Keys And Packages – A Guide To Securing RedELK Server Communications

This step generates TLS key pairs. This is used for encrypting the filebeat traffic between redirectors/C2servers and the RedELK server.

It can be run on any unix based system. But it makes sense completely sense to run this from your dedicated RedELK system.

In Short

  1. modify ./certs/config.cnf
  2. run initial-setup.sh ./certs/config.cnf
  3. copy c2servers.tgz, redirs.tgz and elkserver.tgz to relevant systems

In Detail

Adjust ./certs/config.cnf to include the right details for 2 items: 1) the TLS certificates, and 2) the DNS/IP of your RedELK server.

  1. For the TLS certificate you need to modify the [req_distinguished_name] part. Change it to something that openssl accepts as correct TLS certificate information.
  2. For the DNS/IP info you need to modify the [alt_names] part. Its really important to have the right IP (IP.1) or DNS (DNS.1) name listed in that file! These need to point to either the IP or the DNS of your RedELK server. Otherwise your TLS setup will not function and Logstash will fail and crash miserably with cryptic errors in its log.

Once done, run: initial-setup.sh ./certs/config.cnf This will create a CA, generate necessary certificates for secure communication between redirs, C2-server and elkserver and generates a SSH keypair for secure rsync authentication of the elkserver to the C2server.

It also generates c2servers.tgz, redirs.tgz and elkserver.tgz that contain the installation packages for each component.

You need to copy these tgz files to the relevant systems (C2-servers, redirs en the system you will be using as the central RedELK node).

Rerunning this initial setup is only required if you want new TLS keys to be used. If such is the case, delete the ./certs/redelkCA.* and ./certs/elkserver.* files and rerun initial-setup.sh ./certs/config.cnf.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

2 weeks ago