-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade ELK stack to 8.11.1 #86
Conversation
- get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal
Added the following:
Testing:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ran a clean install, version=1.2.0 in lme.conf, checked ELK services are on v8.11.1, all dashboards load and data is forwarded.
* Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com>
* Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com>
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
* added branch naming conventions to Contributing, fixed typo (cisagov#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (cisagov#101) (cisagov#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (cisagov#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (cisagov#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (cisagov#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (cisagov#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (cisagov#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (cisagov#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (cisagov#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (cisagov#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
🗣 Upgrade ELK stack to 8.11.1##
Update the compose file to pull 8.11.1 images and modify deploy to upgrade the stack.
💭 Motivation and context
The ELK stack version had a security vulnerability that needed to be addressed.
🧪 Testing
Test Upgrade
Install a fresh version of LME and then do an upgrade on it. Make sure the new version of ELK is running and the dashboards are not erroring. Check that
/opt/lme.conf
has the correct version number of the release, and that `cat /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml' shows 8.11.1 for all three of the images.Test Fresh Install
On a new server, install this version directly. Make sure the new version of ELK is running and the dashboards are not erroring.
Note: You can check the versions with a
docker ps
on the command line, and from the "Help" ( round lifebuoy ) menu at the top right of the Kibana interface.✅ Pre-approval checklist
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
✅ Post-merge checklist