auth key

logserver/SETUP.md

@@ -0,0 +1,100 @@
+# LogServer Quick Setup Guide
+
+## Prerequisites
+- Docker and Docker Compose installed
+- 4GB+ RAM, 10GB+ disk space
+- Port 5601 (Kibana) and 5044 (Logstash) available
+
+## Initial Setup
+
+### 1. System Configuration
+```bash
+# Required for Elasticsearch
+sudo sysctl -w vm.max_map_count=262144
+echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
+```
+
+### 2. Configure Server
+Edit `config/service.env`:
+```bash
+# Change default password
+KIBANA_PASSWORD=your-secure-password
+```
+
+### 3. Install
+```bash
+dropshell install logserver
+```
+
+## Generate Client API Keys
+
+Run the interactive key generator:
+```bash
+./generate-api-key.sh
+```
+
+Follow the prompts:
+1. Enter hostname for each client
+2. Script generates secure API key
+3. Shows configuration to copy to client
+4. Repeat for additional clients
+
+## Access Kibana
+
+1. Open browser: `http://your-server-ip:5601`
+2. Login: `elastic` / `your-secure-password`
+3. Create index pattern: `filebeat-*`
+4. View logs in Discover tab
+
+## Add Log Clients
+
+On each client machine:
+```bash
+# Get API key from server admin (they run ./generate-api-key.sh)
+
+# Edit logclient/config/service.env:
+LOGSERVER_HOST=your-server-ip
+LOGSERVER_PORT=5044
+API_KEY=your-api-key-here
+
+# Install and start
+dropshell install logclient
+```
+
+## Verify Setup
+
+```bash
+# Check server status
+dropshell status logserver
+
+# View server logs
+dropshell logs logserver
+
+# Test client connection (from client)
+docker logs logclient-filebeat | grep "connection"
+```
+
+## Troubleshooting
+
+**Elasticsearch won't start**: Check `vm.max_map_count` is 262144+
+
+**No logs in Kibana**:
+- Verify client can reach server port 5044
+- Check API key is correct in client's service.env
+- Verify API key exists in server's api-keys.yml
+- Refresh index pattern in Kibana
+
+**High memory usage**: Adjust heap sizes in `service.env`:
+```bash
+ES_HEAP_SIZE=1g  # Reduce from 2g
+LS_HEAP_SIZE=512m  # Reduce from 1g
+```
+
+## Security Checklist
+
+- [ ] Changed default Kibana password
+- [ ] Generated unique API key per client
+- [ ] API keys stored securely
+- [ ] Firewall allows only necessary ports (5601, 5044)
+- [ ] Regular backup configured
+- [ ] Reviewed api-keys.yml for old/unused keys

logserver/config/service.env

@@ -25,18 +25,9 @@ LOGSTASH_SYSLOG_PORT=514
 LOG_RETENTION_DAYS=30
 LOG_MAX_SIZE_GB=50
 
-# Authentication Mode
-AUTH_MODE=mtls  # Options: mtls, apikey, basic
+# Authentication
 ENABLE_TLS=true
-
-# mTLS Settings (if AUTH_MODE=mtls)
-CA_CERT_PATH=/certs/ca.crt
-SERVER_CERT_PATH=/certs/server.crt
-SERVER_KEY_PATH=/certs/server.key
-CLIENT_CERT_REQUIRED=true
-
-# API Key Settings (if AUTH_MODE=apikey)
-API_KEYS_PATH=/config/api-keys.yml
+API_KEYS_FILE=${CONFIG_PATH}/api-keys.yml
 
 # Network Security
 ALLOWED_IPS=""  # Comma-separated list, empty = all

logserver/generate-api-key.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+# Interactive API Key Generation Script for LogServer
+# This script generates secure API keys and adds them to api-keys.yml
+
+API_KEYS_FILE="${CONFIG_PATH:-./config}/api-keys.yml"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Generate a secure random API key
+generate_key() {
+    openssl rand -hex 32 2>/dev/null || cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
+}
+
+# Initialize api-keys.yml if it doesn't exist
+init_api_keys_file() {
+    if [ ! -f "$API_KEYS_FILE" ]; then
+        echo "# API Keys for LogServer Authentication" > "$API_KEYS_FILE"
+        echo "# Format: hostname:api_key" >> "$API_KEYS_FILE"
+        echo "# Generated by generate-api-key.sh" >> "$API_KEYS_FILE"
+        echo "" >> "$API_KEYS_FILE"
+        echo "api_keys:" >> "$API_KEYS_FILE"
+        echo -e "${GREEN}Created new api-keys.yml file${NC}"
+    fi
+}
+
+# Check if hostname already has a key
+check_existing_key() {
+    local hostname=$1
+    if grep -q "^  ${hostname}:" "$API_KEYS_FILE" 2>/dev/null; then
+        return 0
+    fi
+    return 1
+}
+
+# Add key to api-keys.yml
+add_key_to_file() {
+    local hostname=$1
+    local api_key=$2
+    echo "  ${hostname}: ${api_key}" >> "$API_KEYS_FILE"
+}
+
+# Main script
+echo -e "${GREEN}=== LogServer API Key Generator ===${NC}"
+echo ""
+
+# Initialize file if needed
+init_api_keys_file
+
+# Interactive mode
+while true; do
+    echo -e "${YELLOW}Enter hostname for the client (or 'done' to finish):${NC}"
+    read -p "> " hostname
+
+    if [ "$hostname" = "done" ] || [ -z "$hostname" ]; then
+        break
+    fi
+
+    # Validate hostname
+    if [[ ! "$hostname" =~ ^[a-zA-Z0-9][a-zA-Z0-9-_.]*$ ]]; then
+        echo -e "${RED}Invalid hostname format. Use only letters, numbers, dots, dashes, and underscores.${NC}"
+        continue
+    fi
+
+    # Check if key already exists
+    if check_existing_key "$hostname"; then
+        echo -e "${YELLOW}Key already exists for ${hostname}${NC}"
+        read -p "Generate new key? (y/n): " overwrite
+        if [ "$overwrite" != "y" ]; then
+            continue
+        fi
+        # Remove old key
+        sed -i "/^  ${hostname}:/d" "$API_KEYS_FILE"
+    fi
+
+    # Generate new key
+    api_key=$(generate_key)
+
+    # Add to file
+    add_key_to_file "$hostname" "$api_key"
+
+    echo -e "${GREEN}✓ Generated API key for ${hostname}${NC}"
+    echo ""
+    echo "Configuration for ${hostname}:"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "Add to client's service.env:"
+    echo ""
+    echo "LOGSERVER_HOST=$(hostname -I | awk '{print $1}')"
+    echo "LOGSERVER_PORT=5044"
+    echo "API_KEY=${api_key}"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo ""
+
+    # Option to add more
+    read -p "Add another client? (y/n): " add_more
+    if [ "$add_more" != "y" ]; then
+        break
+    fi
+done
+
+# Show summary
+echo ""
+echo -e "${GREEN}=== Summary ===${NC}"
+echo "API keys file: $API_KEYS_FILE"
+echo "Total clients configured: $(grep -c "^  " "$API_KEYS_FILE" 2>/dev/null || echo 0)"
+echo ""
+echo "To view all keys: cat $API_KEYS_FILE"
+echo "To revoke a key: Edit $API_KEYS_FILE and remove the line"
+echo ""
+echo -e "${YELLOW}Remember to restart logserver after adding keys:${NC}"
+echo "  dropshell restart logserver"

logserver/install.sh

@@ -31,10 +31,12 @@ docker pull docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION} || _die
 docker pull docker.elastic.co/logstash/logstash:${LS_VERSION} || _die "Failed to pull Logstash"
 docker pull docker.elastic.co/kibana/kibana:${KIBANA_VERSION} || _die "Failed to pull Kibana"
 
-# Generate certificates if using mTLS
-if [ "$AUTH_MODE" = "mtls" ]; then
-    bash ./scripts/generate-ca.sh || _die "Failed to generate CA certificate"
-    bash ./scripts/generate-server-cert.sh || _die "Failed to generate server certificate"
+# Initialize API keys file if it doesn't exist
+if [ ! -f "${CONFIG_PATH}/api-keys.yml" ]; then
+    echo "No API keys configured yet."
+    echo "Run ./generate-api-key.sh to add client keys"
+    mkdir -p "${CONFIG_PATH}"
+    echo "api_keys:" > "${CONFIG_PATH}/api-keys.yml"
 fi
 
 # Start the ELK stack
@@ -55,8 +57,6 @@ echo "Username: elastic"
 echo "Password: ${KIBANA_PASSWORD}"
 echo ""
 echo "Logstash listening on port ${LOGSTASH_BEATS_PORT} for Filebeat clients"
-if [ "$AUTH_MODE" = "mtls" ]; then
-    echo "Authentication: mTLS (generate client certs with ./scripts/generate-client-cert.sh)"
-elif [ "$AUTH_MODE" = "apikey" ]; then
-    echo "Authentication: API Keys (generate with ./scripts/generate-api-key.sh)"
-fi
+echo ""
+echo "To add client authentication:"
+echo "  ./generate-api-key.sh"