Kibana login

security

(André De Martini) #1

Hey guys.
I installed shield to my elk server, but now i cannot access my kibana anymore.

I did all that this (https://www.elastic.co/guide/en/shield/current/kibana.html) tutorial ask for, but the kibana page always says that the username or the password is wrong.

I am sure that the user/password is correct because I use it to check/add users with the command " POST _shield/user".

Example:
GET http://localhost:9200/_shield/user Enter username for shield at localhost:9200: amartini Password: {"amartini":{"username":"amartini","roles":["admin"],"full_name":null,"email":null,"metadata":#{}}}[

file: elasticsearch.yml
path.data: /export/stack path.logs: /export/logs/elasticsearch network.host: localhost shield.audit.enabled: true

file: kibana.yml
server.host: "localhost" elasticsearch.url: "https://localhost:9200" elasticsearch.username: "kibana" elasticsearch.password: "abc123" server.ssl.cert: /etc/ssl/certs/Wildcard-fcl-SHA2.cert server.ssl.key: /etc/ssl/certs/Wildcard-fcl-SHA2.key elasticsearch.ssl.ca: /etc/ssl/certs/Wildcard-fcl-SHA2.pem logging.dest: /export/logs/kibana/kibana.log

Please help me =(


(Mark Walkom) #2

Check the access logs in ES and it should give you some details on what is happening.


(André De Martini) #3

The only log that is being populated is the elasticsearch-access.log.
It is logging this message every 2 seconds:
[2016-05-03 10:14:58,624] [Midas] [rest] [anonymous_access_denied] origin_address=[edited:MYIP], uri=[/_bulk]


(André De Martini) #4

Dont know if it helps but this log message occurs even if kibana is down.
I tough that only the kibana ask information from ES.


(Mark Walkom) #5

It could be Logstash.


(system) #6