Disclaimer: it's my first experience with ELK, just keep that in mind.
I use ELK stack version 6.5.1 all loaded in a Docker container, by using the sebp/elk Docker image. This comes pre-loaded with the Basic license. I have only 1 Elasticsearch node and I plan to keep it that way.
I use all this together with Filebeat to collect logs from my machines and see them in Kibana.
The problem I run into is the fact that, right now, anyone who knows the URL to my Kibana can just go there and see everything.
In order to prevent this, I figured I need to enable XPack, which will allow me to set up some user account(s). At least that's what I understood from the documentation.
I tried following this guide: Security overview | Elasticsearch Guide [6.5] | Elastic
What I did is to add to the "elasticsearch.yml" the line:
xpack.security.enabled: true
When I got to the next step there, which is to execute this:
./bin/elasticsearch-setup-passwords interactive
That's when I got the error:
Unexpected response code [403] from calling GET http://172.17.0.2:9200/_xpack/security/_authenticate?pretty
It doesn't look like the X-Pack security feature is available on this Elasticsearch node.
Please check if you have installed a license that allows access to X-Pack Security feature.ERROR: X-Pack Security is not available.
And now I'm stuck.
I searched around a bit and what I found is that I need some paid-license to have XPack. This is not something that I want because:
- I don't want premium features
- I don't want customer support
- etc
All I want is to somehow prevent public access to my Kibana instance. Even if it's only 1 account it's fine for me.
Is there some way I can achieve something like this by using the Basic License?