I have wazuh plugin running in kibana, After I have enabled security the wazuh plugin no longer works. in the logs I am getting the following error message.
2001 - [security_exception] action [indices:data/read/search] is unauthorized for user [kibana] (/elastic/apis)
But the kibana user is a system user and I cannot modify it so that I would give it access to the api.
Is there a workaround for this?
Configuring the elastic user into kibana.yml instead of the kibana user did the trick however that's not the proper way to configure it because elastic user gives too much power to the kibana. Would make sense to properly assign rights to the kibana role to have access to the elastic api.
Hey @zozo6015, you're right that you really should be setting elasticsearch.username: elastic in the kibana.yml. This is rather insecure as it allows the Kibana system itself to be a "superuser" and perform actions it shouldn't be able to perform.
The kibana user is reserved, and it can't be modified. However, the kibana user has the kibana_system role, which you can assign to a custom user. I'd recommend asking the Wazuh maintainers which additional privileges the Kibana server needs, creating an additional role which grants those privileges, and then creating a new user which has both the kibana_system role and the wazuh privileges.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.