Enable Elasticsearch Security Features(X-PACK)

 

 
The Elasticsearch security features enable you to easily secure a cluster. You can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing.
When you use the basic and trial licenses, the Elasticsearch security features are disabled by default.
In this blog you will learn how to enable elasticstack security features.
 

Add the xpack.security.enabled setting to the elasticsearch.yml file.
xpack.security.enabled: true

Restart the elasticsearch service.
systemctl restart elasticsearch

./bin/elasticsearch-setup-passwords interactive

 

Create a kibana keystore from usr/share/kibana directory


cd /usr/share/kibana 

./bin/kibana-keystore create --allow-root

now choose username and password for kibana.
 
 
./bin/kibana-keystore add elasticsearch.username --allow-root
./bin/kibana-keystore add elasticsearch.password --allow-root

After that restart the kibana serivce
systemctl restart kibana

Let's setup Logstash security as well.
you can see the errors of the logstash from following command

tail -f /var/log/logstash/logstash-plain.log

Now stop the Logstashservice from systemctl stop logstash

Edit logstash.yml file for enablelogstash security.
uncomment the x-pack monitoring username and password and enter your details to here which you enter at the beginning of this post.

 

 Create keystore for logstash as well.

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create

  

    Enter username and password for logstash keystore

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_USER


         username:elastic

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_PWD

 

         password: password you enterd for user "elastic" at the                                                             beginning of the post 

 Editlogstash configuration file for allow access to logstash pipeline.

 nano /etc/logstash/conf.d/estack-test-pipeline.conf

Add following to elastic output section 

user => "${ES_USER}" 

password => "${ES_PWD}"

 

 

Almost done.
Now restart all ELK services and check the status. your security featuresis enabled.

You can see a new login window for kibana and elastic be the superuser for that.
use elastic for login to kibana with superuser priviladge.

 

References:
[1]https://www.elastic.co/guide/en/elasticsearch/reference/7.4/get-started-enable-security.html
[2]https://www.youtube.com/watch?reload=9&v=11PWoDIc10I

0 Comments