AIS3 EOF CTF Infrastructure === 環境：``` Linux abby-virtual-machine 6.8.0-52-generic #53~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 15 19:18:46 UTC 2 x86_64 x86_64 x86_64 GNU/Linux``` ## [安裝 minikube](https://minikube.sigs.k8s.io/docs/start/?arch=%2Flinux%2Fx86-64%2Fstable%2Fbinary+download) ``` $ curl -LO https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-amd64 $ sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64 $ sudo chmod 666 /var/run/docker.sock $ minikube start --cpus 4 --memory 8192 $ alias kubectl="minikube kubectl --" ``` ## [安裝單一節點 Elasticsearch+Kibana](https://dev.to/sagary2j/elk-stack-deployment-using-minikube-single-node-architecture-16cl) ``` kubectl create namespace elk kubectl create -f es-deployment.yaml -n elk kubectl get deployments -n elk kubectl get pods -n elk ``` 看文章依此類推。 1. 所有命令加```-n elk```。 2. Resource YAML: https://github.com/sagary2j/ELK-Stack-Kubernetes-minikube 如果deployment、pod、service的yaml裡面有```namespace: default```要改成```namespace: elk```，原因是如果佈署有東西爛掉直接刪掉整個namespace比較方便。 ## 安裝及使用pcap-archiver串接Elasticseatch 參考：https://github.com/bonifield/pcap-archiver ## 如何查看Elasticsearch有無資料 ``` curl -X GET "http://192.168.49.2:30524/_cat/indices?v" health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana-event-log-7.8.0-000001 1Rsi6C4hToqIyL38BIkULw 1 0 1 0 5.3kb 5.3kb green open .apm-custom-link Svth8MlwTWW9RLTDbJIxsA 1 0 0 0 208b 208b green open .kibana_task_manager_1 Ckh64V2YRKO9FSbURv4dIg 1 0 5 10 31.8kb 31.8kb green open .apm-agent-configuration QlB52iBGRCGW_AdmPcSTaw 1 0 0 0 208b 208b green open .kibana_1 0GBIcc7RSfyOW6j3ch-9CA 1 0 28 3 68.2kb 68.2kb curl -X GET "http://192.168.49.2:30524/.kibana*/_search?pretty" ```