Problem with Shield installation

security

(pitt) #1

Hello,

I encounter a trouble in the Shield installation

My installation is based on

  • Kibana-4.4.2-linux-x64
  • ElasticSearch 2.2.0
  • Shield 2.2.0

I installed:

/usr/share/elasticsearch/bin/plugin install file:///data/ELK/sources/plugin-shield/shield-2.2.0.zip

/usr/share/elasticsearch/bin/shield/esusers useradd admin -p mypassword -r admin
/usr/share/elasticsearch/bin/shield/esusers useradd user -p mypassword -r user
/usr/share/elasticsearch/bin/shield/esusers useradd kibana4-server -r kibana4_server -p mypassword

/data/ELK/kibana/bin/kibana plugin -i shield -u file:///data/ELK/sources/plugin-shield/shield-2.2.0.tar.gz

The user "user" belongs to the group "user":

 ## Read-only operations on indices
 #user:
 #  indices:
 #    '*':
 #      privileges: read

I put in

/etc/elasticsearch/elasticsearch.yml

shield:
  authc:
    realms:
      esusers1:
        type: esusers
        order: 0

shield.audit.enabled: true

in
/data/ELK/kibana/config/kibana.yml

elasticsearch.username: kibana4-server
elasticsearch.password: mypassword

# SSL for outgoing requests from the Kibana Server to the browser (PEM formatted)
server.ssl.cert: /data/ELK/sslcert/mycert.crt
server.ssl.key: /data/ELK/sslcert/mycert.key

shield.encryptionKey: "mypassphrase"
shield.sessionTimeout: 600000

When I open https: //xx.xx.xx.xx:5600
I get the login window.
I can log but I have 2 problems

  1. With a user that does not exist I'm logged correctly ... It's very strange!

  2. When I connect with the user "user" which belongs to the group "user", I can delete indice. But with the "user" role privileges, it supposed to be refused!

  3. http: //xx.xx.xx.xx:5600 is already open. I don't have any login windows to access of elasticsearch web interface

Can you help me ?

Thanks


(Michael) #2

I am having the same problem with #1 - I can type anything into the Username/Password box and it get's in every time!!!!


(Jay Modi) #3

Your user role that you show looks like it is commented out, is that accurate?


(pitt) #4

in my file I have no comment on the configuration.

Also, when I open ElasticSearch at xx.xx.xx.xx:9200 , no authentication asked me...

I wonder if my problems are not connected with the fact that I installed just before Marvel with a basic license 1 year .
Iread somewhere that it disables basic demo license for 30 days of schield or other plugin like watcher. Actually when I look xx.xx.xx : 9200 / _schield , the plugin does not appear activated.

 curl -u es_admin http://127.0.0.1:9200/_shield
{
  "status" : "unlicensed",
  "name" : "node-1",

(Jay Modi) #5

@pittoch Your hunch is correct. A basic license will disable Shield. If you would like to evaluate Shield, you can email info@elastic.co to request a trial license that will enable.


(system) #6