Configuring security settings for ELK stack
Follow the instructions in this topic to configure security settings for ELK stack
Applying security for Windows
- Open /config/elasticsearch.yml and add setting "xpack.security.enabled: true".
- If your cluster has a single node, add setting "discovery.type: single-node".
- Open command prompt and traverse to directory where elasticsearch is installed, run command "bin\elasticsearch".
- Open another command prompt and traverse to directory where elasticsearch is installed, run
command to set the password for built-in users:
Using the auto parameter outputs randomly-generated passwords to the console that you can change later if necessary. Command "bin/elasticsearch-setup-passwords auto".
If want to set your own password then run command: "bin/elasticsearch-setup-passwords interactive".
- Save the password set for the respective users for further use.
Configure Kibana to use the built-in kibana_system user and the password that you created earlier. Kibana performs some background tasks that require use of the kibana_system user.
- Open /config/kibana.yml and add setting "elasticsearch.username: "kibana_system"".
- Open cmd and traverse to directory where kibana is installed, run command "bin/kibana-keystore create".
- After step 7, run command "bin/kibana-keystore add elasticsearch.password", When prompted, enter the password for the kibana_system user.
- Run command "bin\kibana" to start the kibana.
- Log in to Kibana as the elastic user. Use this superuser account to manage spaces, create new users, and assign roles. If you’re running Kibana locally, go to http://localhost:5601 to view the login page.
Applying SSL, and TLS for elastic search clusters. https
- Create folder "temp" in elasticsearch installed directory, and create file "instance.yml" inside the temp folder.
- Edit the instance.yml file and add the instances of the nodes of cluster, for
eg:
"
instances:
- name: 'NodeName1'
ip: [ 'ipaddress' ]
- name: 'node2'
dns: [ 'node1.elastic.test.com' ]
"
- Open command prompt in elastic search installed location and run command " bin/elasticsearch-certutil cert --keep-ca-key --pem --in temp/instance.yml --out temp/certs.zip".
- Unzip the zip file created from step3 in temp folder. Copy all the *.crt files and *.key files generated in subfolders of certs folder to a common folder /config/cert folder (if folder does exist, please create it).
- Open elasticsearch.yml file present in config folder and add below settings:
node.name: node1
network.host: node1_DNS/node1_IP
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: "cert/node1.key"
xpack.security.http.ssl.certificate: "cert/node1.crt"
xpack.security.http.ssl.certificate_authorities: "cert/ca.crt"
xpack.security.transport.ssl.key: "cert/ndoe1.key"
xpack.security.transport.ssl.certificate: "cert/node1.crt"
xpack.security.transport.ssl.certificate_authorities: "cert/ca.crt"
discovery.seed_hosts: [ "node1_ip", "node2_ip" ]
cluster.initial_master_nodes: [ "node1" ]
"
"cluster.initial_master_nodes" setting doesn't work with setting "discovery.type: single-node", hence comment the latter.
- Copy the cert folder from location /config/cert folder present in elasticsearch (created in step4), to kibana folder (where kibana is installed).
- Open /config/kibana.yml file and add below settings:
"
server.name: node1
server.host: ipAddress
server.ssl.enabled: true
server.ssl.certificate: "cert/node1.crt"
server.ssl.key: "cert/node1.key"
elasticsearch.hosts: ["https://node1_DNS:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_system"
elasticsearch.ssl.certificateAuthorities: [ "cert/ca.crt" ]
"
- Open cmd in kibana folder and run command bin\kibana.bat, verify the changes by browsing address "https://ipAddress:5601/" (For ipAddress refer to server.host in step 7).