{"id":24458277,"url":"https://github.com/whyuhurtz/cilogs","last_synced_at":"2026-05-08T00:45:34.286Z","repository":{"id":265339691,"uuid":"895807705","full_name":"whyuhurtz/cilogs","owner":"whyuhurtz","description":"A simple shell script to automate centralizing log server process.","archived":false,"fork":false,"pushed_at":"2024-12-01T13:17:34.000Z","size":3188,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-18T14:39:47.692Z","etag":null,"topics":["automation","bash-script","centralized-logging"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whyuhurtz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-29T00:24:38.000Z","updated_at":"2024-12-01T13:17:38.000Z","dependencies_parsed_at":"2025-01-18T14:39:50.709Z","dependency_job_id":"42dc2d8d-2bdd-4c2c-8075-ab319161b09e","html_url":"https://github.com/whyuhurtz/cilogs","commit_stats":null,"previous_names":["wahyukiddies/cilogs","whyuhurtz/cilogs"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyuhurtz%2Fcilogs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyuhurtz%2Fcilogs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyuhurtz%2Fcilogs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whyuhurtz%2Fcilogs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whyuhurtz","download_url":"https://codeload.github.com/whyuhurtz/cilogs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243551239,"owners_count":20309290,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","bash-script","centralized-logging"],"created_at":"2025-01-21T03:13:24.800Z","updated_at":"2026-05-08T00:45:29.263Z","avatar_url":"https://github.com/whyuhurtz.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cilogs | Centralized Log Server Solution\n\nA shell script to automate the installation and configuration process of Centralized Log Server using several open-source tools, such as **Wazuh, Autofs, and GPG**. Additionally, we're adding security feature to do active response for **SSH brute force attack**, which will **block the attacker connection with Firewalld** and **send the alert notification to user Telegram**. Hopefully, this project will help you to securely centralizing log server.\n\n## I. Required Specifications\n\n- RAM: \u003e= 8GB\n- Storage: \u003e= 90GB\n- OS: RHEL ver-9.0+ (can be as vm or host os)\n\n## II. Used Tools\n\n### Node 1\n\n- wazuh-agent\n\n### Node 2\n\n- wazuh-manager\n- wazuh-indexer\n- wazuh-dashboard\n- wazuh-indexer-performance-analyzer\n- nfs-utils\n\n### Node 3\n\n- autofs\n- gnupg2\n\n## III. Usage\n\n### 0. VM's Preparation\n\n- Make sure you prepare 3 RHEL (9.0+) VMs\n- We recommend you to setup all nodes / servers with this hardware specification\n\nNode | CPU cores | RAM | Storage |\n---- | --------- | --- | ------- |\nnode1 | 4        | 2GB | \u003e= 20GB |\nnode2 | 4        | 6GB | \u003e= 50GB |\nnode3 | 4        | 2GB | \u003e= 20GB |\n\n- For you that have been installed the Timedrills Lab from IL, you need to add new partition in node 2 to extend the root LVM, just follow this step:\n\n```bash\nfdisk /dev/nvme0n1 # -\u003e change this according to your disk label name\nn # create a new partition\np # create a primary partition\n3 # create 3rd primary partition\n(enter) # first sector default\n+25G\n\nt # change the type of partition\n3 # change the 3rd primary partition type\nlvm # change the type of 3rd primary partition to LVM\n\nw # save and exit from fdisk mode\n\npvcreate /dev/nvme0n1p3 # label the created new partition with PV\nvgextend cs /dev/nvme0n1p3 # Extend the 'cs' VG with size of labeled partition\nlvextend -r -L +20G /dev/cs/root # Extend more +20GB of the 'cs-root' LVM partition\n\nsystemctl daemon-reload # reload daemon\nudevadm settle; partprobe # just to make sure that the Kernel have know it that the root LVM is extended.\n\nexit # from root\nlab validate # make sure that the Lab is still functional.\n# WE RECOMMEND TO TAKE SNAPSHOT BEFORE JUMP TO THE NEXT STEP!.\n```\n\n### 1. Clone this repository\n\n- You've to clone this repo to get the `install.sh` (installer) script and some important files.\n\n```bash\ngit clone https://github.com/wahyukiddies/cilogs.git\n```\n\n### 2. Configure the environment variable file\n\n- This step is also important to set the all nodes that you want to configure.\n- Here's some parameters in the `.env` file that you've to configure:\n\n```txt\nIP_NODE1=192.168.241.128\nSSH_PORT_NODE1=22\nROOT_PASS_NODE1=redhat\nIP_NODE2=192.168.241.134\nSSH_PORT_NODE2=22\nROOT_PASS_NODE2=redhat\nIP_NODE3=192.168.241.133\nSSH_PORT_NODE3=22\nROOT_PASS_NODE3=redhat\n\nTELEGRAM_API_TOKEN=7577658133:AAGGVeqh82OONOKcQxwZ3kzAOGDxNqbRaPc\nGROUP_CHAT_ID=-4771858758\n\nBACKUP_MOUNT_POINT=/mnt/backup\nCOMPRESSED_LOG_DIR=/mnt/compressed\nBACKUP_IN_DAYS=1\nGPG_KEY_HOME=/root/.gnupg\nGPG_KEY_NAME=Testing\nGPG_KEY_MAIL=testing@mail.com\nGPG_KEY_COMMENT=\"Testing Purposes\" # If the comment have spaces, use doubtle quotes!\nGPG_KEY_PASSPHRASE=testing123\n```\n\n### 3. Run the installer script\n\n**RECOMMENDATION STEP**:\n\n- If you just want to test the installer script, we recommend you to change the default value `${BACKUP_IN_DAYS}` for backup job, you can set the backup job to per minute / per hour like this:\n\n```bash\n* * */${BACKUP_IN_DAYS} * * /root/backup-job.sh\n\n# per minute backup job\n*/1 * * * * /root/backup-job.sh\n# or per hour\n* */1 * * * /root/backup-job.sh\n```\n\n- Then, you can run the installer script with the following commands:\n\n```bash\n# Add execute permission to all shell script files.\nchmod -R +x cilogs/*.sh\n\n# Make sure you inside the `cilogs` dir.\ncd cilogs/\n\n# Run the installer script.\n./install.sh\n```\n\n## IV. Additional Step: Run node 1 and node 3 as container in node 2 (workstation)\n\n- If you've an issue **according to hardware specification**, such as cannot run 3 VM's because lack of RAM, you can run the `setup.sh` script.\n\n```bash\n./setup.sh\n```\n\n- After the installation of setup script is done, you can communicate to node 1 and node 3 via node 2 using `192.168.1.0/24` network.\n  - Node 1: **192.168.1.2/24**\n  - Node 2: **192.168.1.1/24**\n  - Node 3: **192.168.1.3/24**\n- You can check the IP of node 1 and node 3 using this command:\n\n```bash\npodman exec -it node1-ctr ip -br a\npodman exec -it node3-ctr ip -br a\n```\n\n- If you've a problem of **container 1 or container 3 cannot connect to internet**, make sure your **workstation (node 2) is connected to internet**.\n- If it's still error, **you can restart the container** with this command:\n\n```bash\npodman restart node{1,3}-ctr # Choose the container that have internet issue\n\n# Testing\npodman exec -it node{1,3}-ctr ping google.com # Choose the container that have internet issue\n```\n\n## V. Additional Step: Decrypt the encrypted log files\n\n- Use the following command to **decrypt the encrypted log files** located in your `COMPRESSED_LOG_DIR`.\n\n```bash\ngpg --batch --yes --output ${OUTPUT_FILENAME} --decrypt ${COMPRESSED_LOG_FILE}\n# Replace the ${OUTPUT_FILENAME} with the decrypted file name\n# Replace the ${COMPRESSED_LOG_FILE} with the compressed log files, maybe located in /mnt/compressed in default\n```\n\n## VI. SSH Brute Force Attack Simulation\n\n- We provide a simple Python script to **performing SSH brute force attack**, just run with the following command:\n\n```sh\npython attacks.py  # For Windows\npython3 attacks.py # For Linux/Mac\n\n# \u003e Enter the IP address of target machine (node 1): 192.168.241.128\n# \u003e Enter the SSH port that the target machine (node 1) used: 22 (default)\n```\n\n## VII. Flowchart / System Diagram\n\n![System Diagram](./assets/cilogs-system-diagram.png)\n\n## VIII. Showcase Video\n\n[Showcase Video Link](https://drive.google.com/file/d/1I-DWR-QgCjqltJm6JWp_T122mnSq_0K9/view?usp=drivesdk)\n\n## IX. Document Attachments\n\n1. [Research Paper](https://docs.google.com/document/d/1mPCNVVcSWGiXO0kJXTk8Wg3yfwToL1ag5Z7mYHmOiDo/edit?usp=sharing)\n2. [Design Thinking Board](https://miro.com/welcomeonboard/TFFWWTFabEZoVzA4aXlaZnh2bWJVaWpzMWxKaG4yQ24xMzJTeXpTTlVwZjEwZ0hURDdjRk5kdFAybFEwRXEyOXwzNDU4NzY0NjA0MDU0MzUwNTYxfDI=?share_link_id=804140861053)\n\n## X. Contributors / Cilogs Team Members\n\n- Adryan Usfirahiman\n- Dafi Nafidz Radhiyya\n- Jerry Jardian\n- Wahyu Priambodo (team leader)\n- Wilsen Lau\n\n---\n\n© 2024 - Infinite Learning Indonesia | MSIB Batch 7\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhyuhurtz%2Fcilogs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhyuhurtz%2Fcilogs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhyuhurtz%2Fcilogs/lists"}