I am trying to secure my ELK. I have been checking some documentation, tutorials and also topics in discuss.elastic.co, but everybody shows different steps and settings enabled, so I am confused.
*Note: I am using ELK 6.8.8 with Basic License + running on Debian 10
My goals are:
1- Secure internal ELK communication
2- Secure foreign connections (be able to use https) coming from different beats (PCs and servers out of the ELK network) to ES, Kibana and Logstash
3- Create different users with different level access, so each one can see only specific dashboards
1- What comes 1st?:
a) Enable xpack security in Elasticsearch .yml
b) Generate a certificate
2- Should I set my cluster as a CA?
3- Which tool should I use to generate the certificate?:
c) If I can use any of the above, then which one would be recommended as the best option?
4- Cert format "p12" vs "PEM". Do I need to select one or the tool being used to generate the cert will determine the output format?
5- Which tool should I use to generate the system passwords (ES, Kibana, etc.)?:
6- Should I use:
7- Should I use:
a) "xpack.security.transport.ssl" ?
b) "xpack.security.http.ssl" ?
c) "xpack.monitoring" ?
Maybe there are a lot of questions, but I would appreciate and it would be helpful if you could answer them all.
Thanks in advance