I have made an installation of ELK stack version 8.1 on three different servers (one for Kibana, one for Logstash and one for Elasticsearch)
I have reviewed the documentation and I have seen that to integrate ELK against LDAP or SAML you need a paid license. Right now access to Kibana is not secure, so anyone who knows the URL can access the data. Is there a way to secure access to Kibana with local users?
I have seen in some forum, that it can be secured by installing an nginx in front and putting the authentication by nginx but it does not work for me since users and roles could not be defined.
Is there a way to secure Kibana using local users?
In the installation of ELK I followed the documentation for installation via apt install on Ubuntu machines, and I did not change anything in the default Elasticsearch configuration.
This is my ES config
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/elk/elasticsearch/lib
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 10.140.220.150
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["tfvs0754.domain.net"]
# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]
# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
#
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
I understand that to enable the login screen in Kibana I have to change several parameters:
In ES I have to put xpack.security.enabled: true
And then change in Kibana.yml where the configuration is indicated towards ES adding username and password.
Certain?
I have an elk version 7 installed for testing and for kibana authentication I only have to enable the xpack.security.enabled parameter in ES: true without the need to configure certificates
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
