Open IT Experts for Enterprise

Zylk empresa de desarrollo de ecommerce

Security in Elastic Search 7.1

Cesar Capillas
Cesar Capillas
Elastic banner

Setting basic security in ES

As you probably know from Elastic 6.8 and 7.1 versions, security module is free in Basic License, providing important features such as:

  • Native realm for create and managing local users.
  • Role based control access for indices and cluster APIs in Kibana.

From some time ago, I can read news about security breaches about unprotected and misconfigured Kibana instances on the Internet. But this is a lack of a basic configuration of a popular stack as Elastic.

Below, I summarize some of the steps needed for setting local security in a single node setup:

0. Stop Elastic Search and Kibana (if so).

1. Generate a p12 certificate for all Elastic Search nodes.

$ cd /opt/elk/elasticsearch
$ ./bin/elasticsearch-certutil cert
.
.
.
Certificates written to /opt/elk/elasticsearch-7.4.1/config/elastic-certificates.p12

2. In config/elasticsearch.yml , we add:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

4. Then we start Elastic:

[2019-11-06T12:28:10,815][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [pudu1] Active license is now [BASIC]; Security is enabled

5. After this, you can generate passwords:

$ ./bin/elasticsearch-setup-passwords auto

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.

The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N] y

6. Then, change kibana.yml for authetication with kibana user, and start Kibana.
7. Finally, add the corresponding users and passwords for logstash, filebeat and metricbeat.

So, there is no reason to leave misconfigured or unprotected instances of Kibana with access to our data. If you have an older version, you can upgrade to the cited versions for using freely the security features.

You will see a login form in Kibana like this:

Security in Elastic Search 7.1

and the usual endpoints to Elastic Search (curl..) must be used now with user credentials.

Links:

Si te ha parecido interesante comparte este post en RRS

Facebook
LinkedIn
Telegram
Email

Leer más sobre temas relacionados

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *