Good evening to all,
I have installed Elasticsearch and Kibana on a Centos 7 Virtual Machine.
I have successfully enabled SSL encryption (HTTPS) but although I would also like to enable access to the Kibana GUI only to authenticated users....
If I understand these posts correctly:
I can use the free (Basic) version to:
- TLS for encrypted communications
- File and native realm for creating and managing users
- Role-based access control for controlling user access to cluster APIs and indexes; also allows multi-tenancy for Kibana with security for Kibana Spaces
TLS encryption of Kibana was easy enough to enable, but I cannot setup authentication...
Am I doing something wrong?
Have I not understood something?
I tried following the instructions, but get an error when creating passwords
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Unexpected response code [500] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.
emphasized text
ERROR: X-Pack Security is disabled by configuration.
Do I need to install X-Pack, to be able to use RBAC, user name and password authentication?
thank you for your time.
Jacob
# yum list installed | grep elastic
elasticsearch.x86_64 7.1.1-1 @elasticsearch-7.x
kibana.x86_64 7.1.1-1 @elasticsearch-7.x
# curl -XGET http://127.0.0.1:9200
{
"name" : "elasticsearch.myhome.net",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "XYZ_123_ZYX_something_else_here",
"version" : {
"number" : "7.1.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "7a013de",
"build_date" : "2019-05-23T14:04:00.380842Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
**tcp 0 0 127.0.0.1:9200 0.0.0.0:* LISTEN 3495/java**
**tcp 0 0 127.0.0.1:9300 0.0.0.0:* LISTEN 3495/java**
**tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 2904/node**
cat /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
#server.port: 443
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
server.host: "0.0.0.0"
# The Kibana server's name. This is used for display purposes.
server.name: "Elastic SIEM"
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana"
elasticsearch.password: "myPass123"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /etc/pki/tls/certs/mysiem.edu.gr.crt
server.ssl.key: /etc/pki/tls/private/mysiem.edu.gr.key