Securing Elasticsearch and Kibana with SSL and username and password

Good evening to all,
I have installed Elasticsearch and Kibana on a Centos 7 Virtual Machine.
I have successfully enabled SSL encryption (HTTPS) but although I would also like to enable access to the Kibana GUI only to authenticated users....

If I understand these posts correctly:

I can use the free (Basic) version to:

  • TLS for encrypted communications
  • File and native realm for creating and managing users
  • Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces

TLS encryption of Kibana was easy enough to enable, but I cannot setup authentication...
Am I doing something wrong?
Have I not understood something?

I tried following the instructions, but get an error when creating passwords
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

Unexpected response code [500] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.
emphasized text
ERROR: X-Pack Security is disabled by configuration.

Do I need to install X-Pack, to be able to use RBAC, user name and password authentication?

thank you for your time.

Jacob

# yum list installed | grep elastic
elasticsearch.x86_64                 7.1.1-1                         @elasticsearch-7.x
kibana.x86_64                        7.1.1-1                         @elasticsearch-7.x


# curl -XGET http://127.0.0.1:9200
{
  "name" : "elasticsearch.myhome.net",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "XYZ_123_ZYX_something_else_here",
  "version" : {
    "number" : "7.1.1",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "7a013de",
    "build_date" : "2019-05-23T14:04:00.380842Z",
    "build_snapshot" : false,
    "lucene_version" : "8.0.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
**tcp        0      0 127.0.0.1:9200          0.0.0.0:*               LISTEN      3495/java**
**tcp        0      0 127.0.0.1:9300          0.0.0.0:*               LISTEN      3495/java**
**tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      2904/node**


cat /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
#server.port: 443

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "0.0.0.0"

# The Kibana server's name.  This is used for display purposes.
server.name: "Elastic SIEM"

# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana"
elasticsearch.password: "myPass123"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /etc/pki/tls/certs/mysiem.edu.gr.crt
server.ssl.key: /etc/pki/tls/private/mysiem.edu.gr.key

Hey you got it - you'll want the distrbution with x-pack. The basic license will enable a subset of features.

The "default" distribution that blog article refers is everything, and the oss distribution would be without x-pack

You need to explicitly enable security in Elasticsearch.
Per step 1 of the blog you referenced:

xpack.security.enabled: true

Following the full tutorial may be more helpful than replicating the steps in blog.

Dear Jon and Tim,
thank you for your prompt responses.

In my case (Elasticsearch installed using the yum repo), the configuration file was at: /etc/elasticsearch/elasticsearch.yml

I added the configuration options, you suggested, and as you pointed out, were mentioned in the manual:
xpack.security.enabled: true
discovery.type: single-node

The blog post I followed, said something about out of the box functionality that was now free without enabling paid features (in my mind x-pack), and therefore I would not thing that I should have to explicitly enable X-Pack first.

Thank you again for your help.

Greetings from Greece.

Jacob

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.