Kibana 5601 port protocol & cipher vulnerability

cijub · October 25, 2018, 2:48pm

To solve vulnerability issues
(TLS Server Supports TLS version 1.0, TLS/SSL Server is enabling the BEAST attack, TLS/SSL Server Supports The Use of Static Key Ciphers),

we have tried all below property in kibana.yml. But with all below settings, server is started, but 5601 port not opened and logs are not generated. Such behavior only happened when below properties tried.

Note: x-pack is enabled for communication between elasticsearch and kibana.

xpack.ssl.supported_protocols: TLSv1.2
ssl.supported_protocols: TLSv1.2
server.ssl.supported_protocols: TLSv1.2
ssl.supportedPprotocols: TLSv1.2
kibana.ssl.supportedPprotocols: TLSv1.2
xpack.ssl.cipher_suites : <list of ciphers>
server.ssl.cipherSuites :

Query:

What is correct kibana property to enable cipher protocol and suites
Is there any other way, we can configure kibana application(node.js) to add such protocol and cipher settings .

Please help.

Bargs · October 25, 2018, 6:33pm

Hi @cijub, I believe you need to set server.ssl.cipherSuites and server.ssl.supportedProtocols in the kibana.yml.

https://www.elastic.co/guide/en/kibana/current/settings.html

sourabh_sharma · October 26, 2018, 6:52am

Hi Bargs, I am from Siju's team.
We already have tried those setting which you suggested and kibana behavior is same, not getting logs and 5601 port not open. One observation I want to add here :
When we check status of kibana (using command "service kibana status" ), we are seeing below output about which we do not have idea :

root@np-coordinator:/etc/kibana# service kibana status
● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2018-10-26 06:19:20 UTC; 2s ago
Main PID: 8339 (node)
Tasks: 6
Memory: 144.8M
CPU: 2.403s
CGroup: /system.slice/kibana.service
└─8339 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml

Oct 26 06:19:22 np-coordinator kibana[8339]: dev: { basePathProxyTarget: 5603 },
Oct 26 06:19:22 np-coordinator kibana[8339]: pid: { exclusive: false },
Oct 26 06:19:22 np-coordinator kibana[8339]: cpu: undefined,
Oct 26 06:19:22 np-coordinator kibana[8339]: cpuacct: undefined,
Oct 26 06:19:22 np-coordinator kibana[8339]: server:
Oct 26 06:19:22 np-coordinator kibana[8339]: { port: 5601,
Oct 26 06:19:22 np-coordinator kibana[8339]: host: '10.123.148.43',
Oct 26 06:19:22 np-coordinator kibana[8339]: name: 'my-kibana',
Oct 26 06:19:22 np-coordinator kibana[8339]: ssl: [Object] } },
Oct 26 06:19:22 np-coordinator kibana[8339]: annotate: [Function] }

Can you please help us understand what these logs mean and how to solve our issue?

Todd_Lyons · October 26, 2018, 2:44pm

On your box running kibana, first run netstat -ltnp and make sure that kibana is actually listening on port 5601 like it claims in your logs. Then take a look at any firewall (iptables) that might be running on the machine and make sure it isn't blocking port 5601.

If any of this applies to you, then:

take a look at any firewall that might be between your box and the rest of the network/internet to make sure it is allowing port 5601.
take a look at any load balancer that might be between your box and the rest of the network/internet to make sure it is listening and forwarding requests on port 5601.

After you have verified that it is listening on the port and nothing is blocking it, my advice is to check using curl from the commandline from various points within your network to figure out where it works and where it does not (including from localhost).

system · November 23, 2018, 2:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.