Enable Elasticsearch Security Features(X-PACK)
The Elasticsearch security features enable you to easily secure a cluster. You can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing.
When you use the basic and trial licenses, the Elasticsearch security features are disabled by default.
In this blog you will learn how to enable elasticstack security features.
Add the xpack.security.enabled setting to the elasticsearch.yml file.
Restart the elasticsearch service.
After that restart the kibana serivce
systemctl restart kibana
Add the xpack.security.enabled setting to the elasticsearch.yml file.
xpack.security.enabled: true
Restart the elasticsearch service.
systemctl restart elasticsearch
./bin/elasticsearch-setup-passwords interactive
Create a kibana keystore from usr/share/kibana directory
cd /usr/share/kibana
./bin/kibana-keystore create --allow-root
now choose username and password for kibana.
./bin/kibana-keystore add elasticsearch.username --allow-root
./bin/kibana-keystore add elasticsearch.password --allow-root
After that restart the kibana serivce
systemctl restart kibana
Let's setup Logstash security as well.
you can see the errors of the logstash from following command
tail -f /var/log/logstash/logstash-plain.log
Now stop the Logstashservice from systemctl stop logstash
Edit logstash.yml file for enablelogstash security.
uncomment the x-pack monitoring username and password and enter your details to here which you enter at the beginning of this post.
Create keystore for logstash as well.
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create
Enter username and password for logstash keystore
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_USER
username:elastic
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_PWD