# Configure Elasticsearch and Kibana setup in ubuntu Ubuntu’s default package repositories do not include Elasticsearch components. However, you can install them via APT by adding Elastic’s official package source. To enhance security and prevent package spoofing, all packages are signed with a GPG key, enabling the package manager to verify their authenticity. Before proceeding with the installation, let’s import the public GPG key and add the Elastic package source list. ```bash wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg ```

* : Elasticsearch’s public **GPG key**, a cryptographic "signature" used to verify the authenticity of packages. * **`--dearmor`**: Converts the GPG key from human-readable text to **binary format** because Debian’s `apt` expects keys in binary format for verification. Next, let's add Elasticsearch Repository to APT Sources: ```bash echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list ```

* **apt** where to find Elasticsearch packages * \[signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] option ensures packages from repository are verified using the GPG key. Next, update APT packages. ```bash sudo apt update ```

Next, install the Elasticsearch Debian package. ```bash sudo apt install elasticsearch ```

Next, we need to update the elasticsearch.yml with nano to configure network host and port. ```bash sudo nano /etc/elasticsearch/elasticsearch.yml ```

Now, enable Elasticsearch to start automatically on system boot. ```bash sudo systemctl daemon-reload sudo systemctl enable elasticsearch ```

Next, start the Elasticsearch Service. ```bash sudo systemctl start elasticsearch sudo systemctl status elasticsearch ```

We need to confirm that Elasticsearch is running correctly and is accessible via HTTPS on , when it need login username & password click cancel.

We can also confirm the service is up and accessible using this command: ```bash sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200 ```

The file `/etc/elasticsearch/certs/http_ca.crt` is the CA certificate generated during Elasticsearch installation. In case you forget your elastic user password, you can use the following command: ```bash cd /usr/share/elasticsearch ./bin/elasticsearch-reset-password -u elastic ```

Now, we install and configure Kibana ```bash sudo apt install kibana ```

Now, we need to edit **`kibana.yml`** file to determine how it connects to Elasticsearch and how it behaves. ```bash sudo nano /etc/kibana/kibana.yml ```

* **`server.port: 5601`** : the port on which Kibana will run * **`server.host: "0.0.0.0"`** : the IP address Kibana will bind to * **`elasticsearch.hosts: ["http://localhost:9200"]`** : the Elasticsearch instance Kibana will connect to Next, start and enable Kibana to ensures it starts automatically when the system boots. ```bash sudo systemctl start kibana sudo systemctl enable kibana ```

Access with address , make sure Kibana is running.

Now, we need to generate an **enrollment token** for Kibana and using it to securely connect Kibana to Elasticsearch. ```bash sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana ```

Next, let's open Kibana, enter the copied token into the input field, and click **Configure Elastic** to proceed.

After this Kibana prompted for Verification code.

To generate Verification code , we need to navigate to Kibana installation directory and execute the following script. ```bash sudo /usr/share/kibana/bin/kibana-verification-code ```

Next, log in with your account and password.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://vanluong.gitbook.io/book-of-vanluong/blue-teaming/siem-tools/build-elk-lab/configure-elasticsearch-and-kibana-setup-in-ubuntu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.