Stand up a 100% containerized Elastic stack, TLS secured, with Elasticsearch, Kibana, Fleet, and the Detection Engine all pre-configured, enabled and ready to use, within minutes.
If you’re interested in more details regarding this project and what to do once you have it running, check out our blog post on the Elastic Security Labs site.
This is not an Elastic created, sponsored, or maintained project. Elastic is not responsible for this projects design or implementation.
Git clone
this repoelastic-container/
folderchangeme
in the .env
file (don’t change the elastic
username, it’s a required built-in user).env
file (not required, see usage below)elastic-container.sh
shell script executable by running chmod +x elastic-container.sh
elastic-container.sh
shell script with the start argument ./elastic-container start
thisisnotsafe
or click to proceed after which you will be directed to the Elastic log in screen)You can use the links above, the Linux package install commands below, or Homebrew if your’e on MacOS
MacOS:
brew install jq git curl docker-compose
brew install --cask docker
Once we have Docker installed we need to provide it with privileged access for it to function. Run the following command to open the Docker app and follow the proceeding steps.
open /Applications/Docker.app
Ubuntu:
Please follow the Docker installation instructions. Of specific note, you must install the docker-compose-plugin
, which is different than docker-compose
.
apt-get install jq git curl
CentOS/Fedora:
Please follow the Docker installation instructions. Of specific note, you must install the docker-compose-plugin
, which is different than docker-compose
.
dnf install jq git curl
Other Linux distributions:
Please follow the Docker installation instructions. Of specific note, you must install the docker-compose-plugin
, which is different than docker-compose
.
Arch Linux users should install inetutils
and change the shell script from hostname -I
to hostname -i
.
Windows 10/11 with WSL 2 (Ubuntu 20.04):
Make sure you are using WSL version 2. You can check the version using wsl -l -v
in PowerShell. If the version is wrong you can change it with wsl --set-version Ubuntu-20.04 2
apt-get update
apt-get install jq git curl
Please follow the Docker installation instructions. Of specific note, you must install the docker-compose-plugin
, which is different than docker-compose
.
Once the Docker suite is installed run sudo service docker start
to start it.
This uses default creds of elastic:changeme
and is intended purely for security research on a local Elastic stack. Change the password in the .env
file. Don’t change the elastic
username, it’s a required built-in user
This should not be Internet exposed or used in a production environment.
If you want to bulk enable Elastic’s pre-built detection rules by OS, on startup, you can change the value of the chosen OS in the .env
file from 0 to 1.
# Bulk Enable Detection Rules by OS
LinuxDR=0
WindowsDR=1
MacOSDR=0
If you have not changed the default passwords in the .env
file, the script will exit.
Starting will:
elastic
$ ./elastic-container.sh start
...
⠿ Container elasticsearch-security-setup Healthy 7.3s
⠿ Container elasticsearch Healthy 39.3s
⠿ Container kibana Healthy 59.3s
⠿ Container elastic-agent Started 59.7s
Attempting to enable the Detection Engine and Prebuilt-Detection Rules
Kibana is up. Proceeding
Detection engine enabled. Installing prepackaged rules.
Prepackaged rules installed!
Waiting 40 seconds for Fleet Server setup
Populating Fleet Settings
READY SET GO!
Browse to https://localhost:5601
Username: elastic
Passphrase: not-the-default!
After a few minutes, when prompted, browse to and log in with your configured credentials.
Destroying will:
elastic
container network$ ./elastic-container.sh destroy
fleet-server
kibana
elasticsearch
elastic
Stopping will:
stop
command, and then reboot the host, the Fleet server can’t retain its state and fails. Please run stop
before rebooting the host that is running the stack$ ./elastic-container.sh stop
fleet-server
kibana
elasticsearch
elastic
Restarting will:
$ ./elastic-container.sh restart
elasticsearch
kibana
fleet-server
Requesting the status will:
$ ./elastic-container.sh status
NAMES: STATUS
fleet-server: Up 6 minutes
kibana: Up 6 minutes
elasticsearch: Up 6 minutes
Clearing will :
$ ./elastic-container.sh clear
Successfully cleared logs data stream
Successfully cleared metrics data stream
Staging the container images will:
$ ./elastic-container.sh stage
8.6.0: Pulling from elasticsearch/elasticsearch
e7bd69ff4774: Pull complete
d0a0f12aaf30: Pull complete
...
In .env
, the variables are defined, below are the variables that can be changed. You must change the default passwords.
ELASTIC_PASSWORD="changeme"
KIBANA_PASSWORD="changeme"
STACK_VERSION="8.10.2"
STACK_VERSION="8.10.2"
If you want to change the default values, simply replace whatever is appropriate in the variable declaration.
If you want to use different Elastic Stack versions, you can change those as well. Optional values are on Elastic’s Docker hub:
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…