Enable Elasticsearch Security Features(X-PACK)


The Elasticsearch security features enable you to easily secure a cluster. You can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing.
When you use the basic and trial licenses, the Elasticsearch security features are disabled by default.
In this blog you will learn how to enable elasticstack security features.

Add the xpack.security.enabled setting to the elasticsearch.yml file.
xpack.security.enabled: true

Restart the elasticsearch service.
systemctl restart elasticsearch

./bin/elasticsearch-setup-passwords interactive


Create a kibana keystore from usr/share/kibana directory

cd /usr/share/kibana 

./bin/kibana-keystore create --allow-root

now choose username and password for kibana.
./bin/kibana-keystore add elasticsearch.username --allow-root
./bin/kibana-keystore add elasticsearch.password --allow-root

After that restart the kibana serivce
systemctl restart kibana

Let's setup Logstash security as well.
you can see the errors of the logstash from following command

tail -f /var/log/logstash/logstash-plain.log

Now stop the Logstashservice from systemctl stop logstash

Edit logstash.yml file for enablelogstash security.
uncomment the x-pack monitoring username and password and enter your details to here which you enter at the beginning of this post.


 Create keystore for logstash as well.

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create


    Enter username and password for logstash keystore

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_USER


sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash add ES_PWD