【笔记】Linux部署Elkeid

发表于 更新于 阅读次数:

前言

Linux部署Elkeid

准备工作

  • 8C16G主机

不足16G时,deploy阶段可能会报错:when deploying, an error occurred: AgentCenter installed faield: retry with 0 times and still failed, error: AgentCenter test Failed, Host 127.0.0.1, Url http://127.0.0.1:8088/registry/detail?name=hids_svr_grpc, Error {"data":[],"msg":"ok"}

下载项目

1
2
3
4
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.00
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.01
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/elkeidup_package_v1.9.1.tar.gz.02
cat elkeidup_package_v1.9.1.tar.gz.* > elkeidup_package_v1.9.1.tar.gz

为指定服务器部署

配置ssh

  • 确保可以与指定服务器进行ssh通讯

没有正确配置ssh,deploy阶段可能会报错:when deploying, an error occurred: Redis component load init faield: execute -o StrictHostKeyChecking no -o PasswordAuthentication no -p 22 root@127.0.0.1 echo elkeid_$ failed, err: exit status 255, stderr: root@127.0.0.1: Permission denied (publickey,password).

<ip>:将要部署Elkeid的服务器IP地址

1
ssh-copy-id <ip>

解压压缩包

1
2
3
4
5
mkdir -p /root/.elkeidup
mv elkeidup_package_v1.9.1.tar.gz /root/.elkeidup/elkeidup_package_v1.9.1.tar.gz
cd /root/.elkeidup
tar -zxvf elkeidup_package_v1.9.1.tar.gz
chmod a+x /root/.elkeidup/elkeidup

生成配置文件

<ip>:将要部署Elkeid的服务器IP地址

1
2
/root/.elkeidup/elkeidup init --host <ip>
mv /root/.elkeidup/config_example.yaml /root/.elkeidup/config.yaml

替换编译好的核心(可选)

下载

1
wget https://github.com/bytedance/Elkeid/releases/download/v1.9.1.4/ko_1.7.0.10.tar.xz

替换

1
2
rm /root/.elkeidup/package/to_upload/agent/component/driver/ko.tar.xz
cp ko_1.7.0.10.tar.xz /root/.elkeidup/package/to_upload/agent/component/driver/ko.tar.xz

开始部署部署

--package /root/.elkeidup/package/:指定解压后的安装包路径
--config /root/.elkeidup/config.yaml:指定配置文件

1
/root/.elkeidup/elkeidup deploy
  • 如下提示表示部署完成
1
2
[INFO]		--- Elkeid Backend installation is complete ---
[WARN]		The password file is in /root/.elkeidup/elkeid_passwd, please be sure to transfer, save and delete the file!
  • 此时可以查看各个组件访问路径及默认密码
1
cat /root/.elkeidup/elkeid_passwd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Redis:  xxxxxxxxxxxxxxxxxx
nginx_uploader: admin xxxxxxxxxxxxxxxxxx
prometheus: admin xxxxxxxxxxxxxxxxxx
Mongodb: admin xxxxxxxxxxxxxxxxxx
Mongodb: elkeid xxxxxxxxxxxxxxxxxx
AC: AK xxxxxxxxxxxxxxxx
AC: SK xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MG: AK xxxxxxxxxxxxxxxx
MG: SK xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LD: AK xxxxxxxxxxxxxxxx
LD: SK xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
elkeid_console: root xxxxxxxxxxxxxxxxxxxx
elkeid_console: admin xxxxxxxxxxxxxxxxxxxx
elkeid_hub_frontend: elkeid_hub xxxxxxxxxxxxxxxxxxxx
grafana: admin xxxxxxxxxxxxxxxxxx
Kafka: admin: elkeid 
elkeid_kafka: 127.0.0.1:9092; 
grafana: http://127.0.0.1:8083 
elkeid_hub_frontend: http://127.0.0.1:8081 
elkeid_console: http://127.0.0.1:8082 
elkeid_service_discovery: 127.0.0.1:8089

访问ElkeidHub前端

用户名:elkeid_hub
密码:上一步骤获取的ElkeidHub前端密码

访问云工作负载保护平台

用户名:admin
密码:上一步骤获取的云工作负载保护平台密码

完成

  • 截图纪念

参考文献

bytedance/Elkeid