Skip to content
/ BCS_Bootcamp_Project_1-Elk-Stack-Deployment Public

ELK STACK DEPLOYMENT | Deployed a load-balanced vulnerable web application in Azure cloud environment, secured network with firewalls and jump-box running Ansible, integrated web app with ELK stack and configured Filebeat and Metricbeat to monitor ELK logs and Docker container metrics, automated deployment with YAML playbooks to allow for CI/CD. )

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Maximus-Meridius-SC/BCS_Bootcamp_Project_1-Elk-Stack-Deployment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
Ansible/yml-files
Ansible/yml-files
 
 
Diagrams
Diagrams
 
 
Linux Bash Scrips
Linux Bash Scrips
 
 
README.md
README.md
 
 

Repository files navigation

BCS_Bootcamp_Project_1

Week 13 Project 1 for Bootcamp

Automated ELK Stack Deployment

The files in this repository were used to configure the network depicted below.

Project1_Diagram.png

These files have been tested and used to generate a live ELK deployment on Azure. They can be used to either recreate the entire deployment pictured above. Alternatively, select portions of the yaml_files file may be used to install only certain pieces of it, such as Filebeat.

This document contains the following details:

  • Description of the Topology
  • Access Policies
  • ELK Configuration
    • Beats in Use
    • Machines Being Monitored
  • How to Use the Ansible Build

Description of the Topology

The main purpose of this network is to expose a load-balanced and monitored instance of DVWA, the D*mn Vulnerable Web Application.

Load balancing ensures that the application will be highly responcive, in addition to restricting connections to the network.

  • Load Balancing ensures that the application will be highly responsive, in addition to restricting connection to the network
  • The advantage of a Jumpbox is that restricts access and acts as a gateway for ssh connections in the live enviorment.

Integrating an ELK server allows users to easily monitor the vulnerable VMs for changes to the CPU and system Logs.

  • Filebeat is used for collecting log events of the server it is installed on._
  • MetricBeat is Collects Operation System Metrics such as CPU load, Network Traffic and other related fields.

The configuration details of each machine may be found below.

Name Function IP Address Operating System
Jump Box Gateway 10.0.0.4 Linux
WEB_1 Redunant web server 1 10.0.0.8 Linux
WEB_2 Redunant web server 2 10.0.0.9 Linux
WEB_3 Redunant web server 3 10.0.0.5 Linux
ELK ELK STACK 10.1.0.4 Linux

Access Policies

The machines on the internal network are not exposed to the public Internet.

Only the Load Balancer machine can accept connections from the Internet. Access to this machine is only allowed from the following IP addresses:

  • Port 80 (TCP over HTTP)

Machines within the network can only be accessed by Ansible Container via the JumpBox using Port 22.

  • Jump Box IP 10.0.0.4

A summary of the access policies in place can be found in the table below.

Name Publicly Accessible Allowed IP Addresses
Jump Box NO 10.0.0.4
WEB_1 YES 10.0.0.8
WEB_2 YES 10.0.0.9
WEB_3 YES 10.0.0.5
ELK NO 10.1.0.4

Elk Configuration

Ansible was used to automate configuration of the ELK machine. No configuration was performed manually, which is advantageous because...

  • The advantage of automating configurations with Ansible is efficint synchronicity in deployment across all systems

The playbook implements the following tasks:

  • Checks and installs Docker.io
  • Checks and installs Python3-pip
  • Checks and installs Docker Module (python)
  • Checks and downloads, and run elk container with published ports
  • Enable docker service on boot
  • Increase virtual memory

The following screenshot displays the result of running docker ps after successfully configuring the ELK instance

Elk-container-screenshot.png

Target Machines & Beats

This ELK server is configured to monitor the following machines:

Name Allowed IP Addresses
WEB_1 10.0.0.8
WEB_2 10.0.0.9
WEB_3 10.0.0.5

We have installed the following Beats on these machines:

  • Fileboat
  • Metricbeat

These Beats allow us to collect the following information from each machine:

  • Filebeat collects log files and system logs
  • Matricbeat collects metric for CPU Network and other related services

Using the Playbook

In order to use the playbook, you will need to have an Ansible control node already configured. Assuming you have such a control node provisioned:

configELK.yml is the ansible-playbook copied from install-elk.yml

curl https://columbia.bootcampcontent.com/columbia-bootcamp/CU-VIRT-CYBER-PT-02-2022-U-LOL/-/raw/main/13-ELK-Stack-Project/Activities/Stu_Day_1/Unsolved/Resources/install-elk.yml > configELK.yml

Updated the hosts file to include the ELK-VM under the category elk

nano /etc/ansible/hosts add [elk] and 10.1.0.4

Run the playbook, and navigate to 20.242.81.178:5601 to check that the installation worked as expected.

On CLI local host (if unix-based) open 20.242.81.178:5601

As a Bonus, provide the specific commands the user will need to run to download the playbook, update the files, etc.

About

ELK STACK DEPLOYMENT | Deployed a load-balanced vulnerable web application in Azure cloud environment, secured network with firewalls and jump-box running Ansible, integrated web app with ELK stack and configured Filebeat and Metricbeat to monitor ELK logs and Docker container metrics, automated deployment with YAML playbooks to allow for CI/CD. )

Topics

linux ansible kibana bash-script yaml-configuration elk-stack azure-virtual-machines azure-virtual-networks

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages