|
|
Posted on 12/23/2021 9:34:05 AM
|
|
|
|
On May 21, 2019, Elastic officially announced that the core security features of Elastic Stack versions 6.8.0 and 7.1.0 are now available for free.
review
This means users can now encrypt network traffic, create and manage users, define roles that can protect index and cluster-level access, and provide full protection for Kibana using Spaces. The core security features available for free are as follows:
- TLS functionality. Encrypt communications
- Files and native Realm. Can be used to create and manage users
- Role-based access control. Can be used to control user access to cluster APIs and indexes
- Security features for Kibana Spaces also allow for multi-tenancy in Kibana
x-pack evolution
- Before the 5.X version: There is no X-pack, it is independent: security, watch, alert, etc.
- 5. X version: A package of the original security, warnings, monitoring, graphics and reports is made into an x-pack.
- Before version 6.3: Additional installation required.
- Version 6.3 and later: Released integrated without additional installation, basic security is paid Gold Edition content. Version 7.1: Basic Security Free.
Before that, ensure the safety of the foundation?
Scene 1: All "naked", I believe this occupies a very large proportion in China. Intranet deployment, no external services. Or ES is used as the basic support of the service, and the public network opens common ports such as 9200, but opens the service port of the service. Possible exposure problems: The company or team has open ports 9200 and 5601, and basic head plug-ins and kibana can be connected, which can easily lead to online indexes or data being accidentally deleted.
Scenario 2: Simple protection is added. Generally, Nginx identity authentication + firewall policy control is used.
Scenario 3: Integrate and use a third-party security authentication solution. For example: SearchGuard, ReadonlyREST.
Scenario 4: You paid for the Elastic-Xpack Gold or Platinum service. Generally, banks and other local tyrant customers have an urgent need for paid functions such as security, early warning, and machine learning, such as Bank of Ningbo paying for platinum services.
Turn on xpack for the standalone version
This article is based on Elasticsearch version 7.10.2 and enables the xpack security service.
{
"name" : "WIN-ITSVSE",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "ad596cwGSFunWSAu0RGbfQ",
"version" : {
"number" : "7.10.2",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "747e1cc71def077253878a59143c1f785afa92b9",
"build_date" : "2021-01-13T00:42:12.435326Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Modify the config folderelasticsearch.ymlThe documents are as follows:
ES has several built-in accounts to manage other integrated components, namely: apm_system, beats_system, elastic, kibana, logstash_system, remote_monitoring_user, before using it, you need to add a password first. defaultThe account password is: elastic:changeme (test invalid)
X-Pack Security provides built-in users to help you get up and running. The elasticsearch-setup-password command is the easiest way to set a built-in user password for the first time.
There are 4 built-in users, as follows:
Elastic Super User
kibana (obsolete) is used to connect to and communicate with Elasticsearch
logstash_system Used to store monitoring information in Elasticsearch
beats_system Used to store monitoring information in Elasticsearch
executeelasticsearch-setup-passwordsThe script sets the password with the following command:
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]
Enter y to continue, and set all passwords as:a123456
After the configuration is complete, restart the Elasticsearch service, open es:9200 through the browser and it will prompt that authentication is required, as shown in the following figure:
The account number is: elastic, password: A123456
Configure the Kibana connection
After enabling security authentication, Kibana requires authentication to connect to ES and access ES. Modify the kibana.yml file under the config folder as follows:
Note: Kibana accounts are outdated, please use kibana_system accounts.
Log in to the Kibana webpage with your Elastic account, as shown below:
Configure Logstash
The configuration is as follows:
If you use an Elastic account directly, if you use a logstash_system account, you will get the following error:
[2021-12-21T11:11:29,813] [ERROR] [logstash.outputs.elasticsearch] [main] [914f6dc36c33b25e36501f5d67843afdaa2117f811140c7c078a808a123d20a3] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>"http://127.0.0.1:9200/_bulk"}
Reference links:
The hyperlink login is visible.
The hyperlink login is visible.
|
Previous:Maven command pushes third-party jar packages to Nexus private repositoriesNext:Performance analysis: TPS, QPS, average response time (RT) concepts
|
