跳至正文

selks修改中文web界面(失败)

  • 本意是要修改中文界面,但是后来发现官方不支持中文。仍然有扩展的知识:debain中设置静态ip,让selks能监听多个网段,

  • 修改配置文件

version: '3.4'
networks:
  network:
volumes:
  elastic-data:  #for ES data persistency
  suricata-rules: #for suricata rules transfer between scirius and suricata and for persistency
  scirius-data: #for scirius data persistency
  scirius-static: #statics files to be served by nginx
  suricata-run: #path where the suricata socket resides
  suricata-logs:
  suricata-logrotate:
    driver_opts:
      type: none
      o: bind
      device: ./containers-data/suricata/logrotate
  logstash-sincedb: #where logstash stores it's state so it doesn't re-ingest
  arkime-logs:
  arkime-pcap:
  arkime-config:
services: 
  elasticsearch:
    container_name: elasticsearch
    image: elastic/elasticsearch:${ELK_VERSION:-7.16.1}
    restart: ${RESTART_MODE:-unless-stopped}
    healthcheck:
      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=false
      - xpack.ml.enabled=${ML_ENABLED:-true}
      - ingest.geoip.downloader.enabled=false
    volumes:
      - ${ELASTIC_DATAPATH:-elastic-data}:/usr/share/elasticsearch/data
    mem_limit: ${ELASTIC_MEMORY:-3G}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      network:
        # ports:
        # - 9200:9200
  kibana:
    container_name: kibana
    image: elastic/kibana:${ELK_VERSION:-7.16.1}
    restart: ${RESTART_MODE:-unless-stopped}
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - i18n.locale=zh-CN
      - server.publicBaseUrl=https://your-kibana-server-domain-or-ip
    healthcheck:
      test: ["CMD-SHELL", "curl --silent --fail localhost:5601 || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    networks:
      network:
    ports:
      - 5601:5601
  logstash:
    container_name: logstash
    image:  elastic/logstash:${ELK_VERSION:-7.16.1}
    depends_on:
      scirius:
        condition: service_healthy #because we need to wait for scirius to populate ILM policy
    restart: ${RESTART_MODE:-unless-stopped}
    healthcheck:
      test: ["CMD-SHELL", "curl --silent --fail localhost:9600 || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    mem_limit: ${LOGSTASH_MEMORY:-2G}
    volumes:
      - logstash-sincedb:/since.db
      - ./containers-data/suricata/logs:/var/log/suricata:ro
      - ./containers-data/logstash/conf.d/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
      - ./containers-data/logstash/templates/elasticsearch7-template.json:/usr/share/logstash/config/elasticsearch7-template.json
    networks:
      network:
        # ports:
        # - 5044:5044
        #- 9600:9600
  suricata:
    container_name: suricata
    image: jasonish/suricata:master-amd64
    entrypoint: /etc/suricata/new_entrypoint.sh
    restart: ${RESTART_MODE:-unless-stopped}
    depends_on:
      scirius:
        condition: service_healthy
    environment:
      - SURICATA_OPTIONS=-c /etc/suricata/suricata.yaml -i ens35 -i ens38 -vvv --set sensor-name=suricata
    cap_add:
      - NET_ADMIN
      - SYS_NICE
    network_mode: host
    volumes:
      - ./containers-data/suricata/logs:/var/log/suricata
      - suricata-rules:/etc/suricata/rules
      - suricata-run:/var/run/suricata/
      - ./containers-data/suricata/etc:/etc/suricata
      - suricata-logrotate:/etc/logrotate.d/
  scirius:
    container_name: scirius
    image: ghcr.io/stamusnetworks/scirius:${SCIRIUS_VERSION:-master}
    restart: ${RESTART_MODE:-unless-stopped}
    environment:
      - SECRET_KEY=${SCIRIUS_SECRET_KEY}
      - DEBUG=${SCIRIUS_DEBUG:-False}
      - SCIRIUS_IN_SELKS=True
      - USE_ELASTICSEARCH=True
      - ELASTICSEARCH_ADDRESS=elasticsearch:9200 #Default
      - USE_KIBANA=True
      - KIBANA_URL=http://kibana:5601 #Default
      - KIBANA_PROXY=True #Get kibana proxied by Scirius
      - ALLOWED_HOSTS=* #allow connexions from anywhere
      - KIBANA7_DASHBOARDS_PATH=/opt/selks/kibana7-dashboards #where to find kibana dashboards
      - SURICATA_UNIX_SOCKET=/var/run/suricata/suricata-command.socket #socket to control suricata
      - USE_EVEBOX=True #gives access to evebox in the top menu
      - EVEBOX_ADDRESS=evebox:5636 #Default
      - USE_SURICATA_STATS=True #display more informations on the suricata page
      - USE_MOLOCH=True
      - MOLOCH_URL=http://arkime:8005    
    volumes:
      - scirius-static:/static/
      - scirius-data:/data/
      - ./containers-data/scirius/logs/:/logs/
      - suricata-rules:/rules
      - suricata-run:/var/run/suricata     
    networks:
      network:     
  evebox:
    container_name: evebox
    image: jasonish/evebox:master
    command: ["-e", "http://elasticsearch:9200"]
    restart: ${RESTART_MODE:-unless-stopped}
    networks:
      network:   
  nginx:
    container_name: nginx
    image: nginx
    command: ['${NGINX_EXEC:-nginx}', '-g', 'daemon off;']
    restart: ${RESTART_MODE:-unless-stopped}
    volumes:
      - scirius-static:/static/:ro
      - ./containers-data/nginx/conf.d/:/etc/nginx/conf.d/:ro
      - ./containers-data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./containers-data/nginx/ssl:/etc/nginx/ssl:ro
    ports:
      - 443:443
    networks:
      network:
  cron:
    # This containers handles crontabs for the other containers, following the 1 task per container principle.
    # It is based on  `docker:latest` image, wich is an alpine image with docker binary
    container_name: cron
    image: docker:latest
    command: [sh, -c, "echo '*    *    *  *    *  run-parts /etc/periodic/1min' >> /etc/crontabs/root && crond -f -l 8"]
    restart: ${RESTART_MODE:-unless-stopped}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # This bind-mout allows using the hosts docker deamon instead of created one inside the container
      # Those volumes will contain the cron jobs
      - ./containers-data/cron-jobs/1min:/etc/periodic/1min/:ro
      - ./containers-data/cron-jobs/15min:/etc/periodic/15min/:ro
      - ./containers-data/cron-jobs/daily:/etc/periodic/daily/:ro
      - ./containers-data/cron-jobs/hourly:/etc/periodic/hourly/:ro
      - ./containers-data/cron-jobs/monthly:/etc/periodic/monthly/:ro
      - ./containers-data/cron-jobs/weekly:/etc/periodic/weekly/:ro
  arkime:
    container_name: arkime
    image: ghcr.io/stamusnetworks/arkimeviewer:${ARKIMEVIEWER_VERSION:-master} ## Repo will need to be changed to stamusnetwork once image built
    restart: ${RESTART_MODE:-no}
    volumes:
      - ./containers-data/suricata/logs:/suricata-logs:ro
      - arkime-config:/data/config
      - arkime-pcap:/data/pcap
      - arkime-logs:/data/logs
    networks:
      network:

  • 主要修改二个地方:

  • 第一个是修改web界面为中文配置(可能配置完也不支持)

  • 第二个是修改监视两个接口

  • 还有就是kibana中的server.publicBaseUrl=http://your-kibana-server-domain-or-ip 这个值要改,否则会导致打开管理面板时候弹窗错误

  • debain静态ip,下面是修改方法。进入配置文件

sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
    address 192.168.1.100    # 指定要分配的固定 IP 地址
    netmask 255.255.255.0    # 指定子网掩码
    gateway 192.168.1.1      # 指定网关(路由器)的 IP 地址
  • 之后重启,注意这里不在有指定监视端口的操作,因为上面配置文件已经设置了
cd /opt/selksd/SELKS/docker/
./easy-setup.sh --non-interactive --no-pull-containers \
--iA --restart-mode always --es-memory 5G && \
sudo -E docker-compose up -d
标签: