Enable Elasticsearch Security Features(X-PACK)
Add the xpack.security.enabled setting to the elasticsearch.yml file.
xpack.security.enabled: true
Restart the elasticsearch service.
systemctl restart elasticsearch
./bin/elasticsearch-setup-passwords interactive
Create a kibana keystore from usr/share/kibana directory
cd /usr/share/kibana
./bin/kibana-keystore create --allow-root
./bin/kibana-keystore add elasticsearch.username --allow-root
./bin/kibana-keystore add elasticsearch.password --allow-root
After that restart the kibana serivce
systemctl restart kibana
Let's setup Logstash security as well.
you can see the errors of the logstash from following command
tail -f /var/log/logstash/logstash-plain.log
Now stop the Logstashservice from systemctl stop logstash
Edit logstash.yml file for enablelogstash security.
uncomment the x-pack monitoring username and password and enter your details to here which you enter at the beginning of this post.
Create keystore for logstash as well.
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create
Enter username and password for logstash keystore
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_USER
username:elastic
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_PWD
password: password you enterd for user "elastic" at the beginning of the post
Editlogstash configuration file for allow access to logstash pipeline.
nano /etc/logstash/conf.d/estack-test-pipeline.conf
Add following to elastic output section
user => "${ES_USER}"
password => "${ES_PWD}"
Almost done.
Now restart all ELK services and check the status. your security featuresis enabled.
You can see a new login window for kibana and elastic be the superuser for that.
use elastic for login to kibana with superuser priviladge.
References:
[1]https://www.elastic.co/guide/en/elasticsearch/reference/7.4/get-started-enable-security.html
[2]https://www.youtube.com/watch?reload=9&v=11PWoDIc10I
0 Comments