Security for Elasticsearch

I have followed everything on YouTube: Getting Star

but I just made 1 elastic not 2 as requested. is that a problem?

I have made the cert in / config and also I have followed everything I made the xpack in elasticsearch.yml right on my run

I get an error like this:


i used basic and free license
what should i do?

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

Your error message say:

can not run elasticsearch as root.

You need to run bin/elasticsearch while logged in as another user, not root

1 Like

okay i'm sorry,

how i'm not used root if use other user permission denied

Hi again, please take the time to write your questions fully. Add details as:

  • What exactly are you trying to do.
  • What happens instead
  • What is the exact error message you are seeing.

It will greatly increase the chance of someone wanting / being able to help you, if they don't have to guess what you are trying to ask!

i want to using elastic security, when i follow the tutorial it's different i got some error. and the error i already attach the image up there

Apologies,but I have already answered that question. You need to run elasticsearch as another user, not root.

1 Like

but when i used not root, the permission is denied

You need to answer the questions that @ikakavas asked if you want help.

Also I'd recommend following the installation guide.

i've followed from youtube

That isn't anywhere near enough information for us to help you.

Do not try to run as root - it will not work, it is not intended to work, the error you get is intentional.

When you try to run as another user:

  • which user exactly are you trying to run as?
  • what is the exact command did you use to start elasticsearch?
  • what is the exact error message that you see?

If you aren't willing to put in the time to explain your problem in sufficient detail for us to understand the problem, then you cannot reasonably expect us to be able to help you.

Instead, start again from scratch from here: Installing Elasticsearch | Elasticsearch Guide [7.12] | Elastic

If one of the steps does not work for you, tell which step, what exact command from the guide you ran and what is the exact output.

  • i used a root user, because there's no another user
  • i used ./bin/elasticsearch and systemctl start elasticsearch. the error is same

[2021-04-06T01:30:00,001][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] triggering scheduled [ML] maintenance tasks
[2021-04-06T01:30:00,021][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Deleting expired data
[2021-04-06T01:30:00,043][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [bdi-uat-els] Successfully deleted [0] unused stats documents
[2021-04-06T01:30:00,044][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Completed deletion of expired ML data
[2021-04-06T01:30:00,044][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2021-04-06T01:41:11,671][INFO ][o.e.c.m.MetadataMappingService] [bdi-uat-els] [winlogbeat-7.10.2-2021.04.03-000003/bOup-BKdTdem9wc-cEygrQ] update_mapping [_doc]
[2021-04-06T01:41:11,781][INFO ][o.e.c.m.MetadataMappingService] [bdi-uat-els] [winlogbeat-7.10.2-2021.04.03-000003/bOup-BKdTdem9wc-cEygrQ] update_mapping [_doc]
[2021-04-06T05:08:44,149][WARN ][o.e.m.f.FsHealthService ] [bdi-uat-els] health check of [/var/lib/elasticsearch/nodes/0] took [5403ms] which is above the warn threshold of [5s]
[2021-04-06T08:30:00,005][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] starting SLM retention snapshot cleanup task
[2021-04-06T08:30:00,008][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2021-04-06T11:33:20,873][INFO ][o.e.n.Node ] [bdi-uat-els] stopping ...
[2021-04-06T11:33:20,878][INFO ][o.e.x.w.WatcherService ] [bdi-uat-els] stopping watch service, reason [shutdown initiated]
[2021-04-06T11:33:20,879][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [bdi-uat-els] [controller/25413] [Main.cc@154] ML controller exiting
[2021-04-06T11:33:20,879][INFO ][o.e.x.w.WatcherLifeCycleService] [bdi-uat-els] watcher has stopped and shutdown
[2021-04-06T11:33:20,880][INFO ][o.e.x.m.p.NativeController] [bdi-uat-els] Native controller process has stopped - no new native processes can be started
[2021-04-06T11:33:21,420][INFO ][o.e.n.Node ] [bdi-uat-els] stopped
[2021-04-06T11:33:21,421][INFO ][o.e.n.Node ] [bdi-uat-els] closing ...
[2021-04-06T11:33:21,432][INFO ][o.e.n.Node ] [bdi-uat-els] closed
[2021-04-06T11:33:24,302][INFO ][o.e.n.Node ] [bdi-uat-els] version[7.10.1], pid[29341], build[default/rpm/1c34507e66d7db1211f66f3513706fdf548736aa/2020-12-05T01:00:33.671820Z], OS[Linux/3.10.0-1127.el7.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2021-04-06T11:33:24,305][INFO ][o.e.n.Node ] [bdi-uat-els] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-04-06T11:33:24,306][INFO ][o.e.n.Node ] [bdi-uat-els] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-2685646022361486910, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-04-06T11:33:26,208][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [aggs-matrix-stats]
[2021-04-06T11:33:26,208][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [analysis-common]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [constant-keyword]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [flattened]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [frozen-indices]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-common]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-geoip]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [ingest-user-agent]
[2021-04-06T11:33:26,209][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [kibana]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-expression]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-mustache]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [lang-painless]
[2021-04-06T11:33:26,210][INFO ][o.e.p.PluginsService ] [bdi-uat-els] loaded module [mapper-extras]

here's the complete error i got in elasticsearch.log

●> elasticsearch.service - Elasticsearch

Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2021-04-06 11:33:29 WIB; 3min 24s ago
Docs: https://www.elastic.co
Process: 29341 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 29341 (code=exited, status=1/FAILURE)

Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.node.Node.(Node.java:557)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.node.Node.(Node.java:289)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:227)
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: <<>>
Apr 06 11:33:29 bdi-uat-els systemd-entrypoint[29341]: For complete error details, refer to the log at /var/log/elasticsearch/elasticsearch.log
Apr 06 11:33:29 bdi-uat-els systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Apr 06 11:33:29 bdi-uat-els systemd[1]: Failed to start Elasticsearch.
Apr 06 11:33:29 bdi-uat-els systemd[1]: Unit elasticsearch.service entered failed state.
Apr 06 11:33:29 bdi-uat-els systemd[1]: elasticsearch.service failed.

and this with systemctl status elasticsearch

the elastic is fine, till i wanna try use elasticsearch security there's some error

Read Scripting and security | Elasticsearch Guide [7.12] | Elastic

First and foremost, never run Elasticsearch as the root user as this would allow any successful effort to circumvent the other security layers to do anything on your server. Elasticsearch will refuse to start if it detects that it is running as root but this is so important that it is worth double and triple checking.

aah okay, i will try next. thanks btw

i just want to enable tls/https on my elasticsearch server. but i have an error like this

● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2021-04-08 11:51:19 WIB; 13s ago
     Docs: https://www.elastic.co
  Process: 6921 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 6921 (code=exited, status=1/FAILURE)

Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)
Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: <<<truncated>>>
Apr 08 11:51:19 bdi-uat-els systemd-entrypoint[6921]: For complete error details, refer to the log at /var/log/elasticsearch/elasticsearch.log
Apr 08 11:51:19 bdi-uat-els systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Apr 08 11:51:19 bdi-uat-els systemd[1]: Failed to start Elasticsearch.
Apr 08 11:51:19 bdi-uat-els systemd[1]: Unit elasticsearch.service entered failed state.
Apr 08 11:51:19 bdi-uat-els systemd[1]: elasticsearch.service failed.

why? please help

You need to look at the Elasticsearch logs to get details. Don't try and rely on the output from systemd.

here's the complete log

[2021-04-08T01:30:00,000][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] triggering scheduled [ML] maintenance tasks
[2021-04-08T01:30:00,006][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Deleting expired data
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [bdi-uat-els] Successfully deleted [0] unused stats documents
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [bdi-uat-els] Completed deletion of expired ML data
[2021-04-08T01:30:00,008][INFO ][o.e.x.m.MlDailyMaintenanceService] [bdi-uat-els] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2021-04-08T08:30:00,000][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] starting SLM retention snapshot cleanup task
[2021-04-08T08:30:00,002][INFO ][o.e.x.s.SnapshotRetentionTask] [bdi-uat-els] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2021-04-08T10:58:43,955][INFO ][o.e.n.Node               ] [bdi-uat-els] stopping ...
[2021-04-08T10:58:43,962][INFO ][o.e.x.w.WatcherService   ] [bdi-uat-els] stopping watch service, reason [shutdown initiated]
[2021-04-08T10:58:43,963][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [bdi-uat-els] [controller/29792] [Main.cc@154] ML controller exiting
[2021-04-08T10:58:43,963][INFO ][o.e.x.m.p.NativeController] [bdi-uat-els] Native controller process has stopped - no new native processes can be started
[2021-04-08T10:58:43,963][INFO ][o.e.x.w.WatcherLifeCycleService] [bdi-uat-els] watcher has stopped and shutdown
[2021-04-08T10:58:44,337][INFO ][o.e.n.Node               ] [bdi-uat-els] stopped
[2021-04-08T10:58:44,337][INFO ][o.e.n.Node               ] [bdi-uat-els] closing ...
[2021-04-08T10:58:44,349][INFO ][o.e.n.Node               ] [bdi-uat-els] closed
[2021-04-08T11:47:33,845][INFO ][o.e.n.Node               ] [10.194.11.67] version[7.10.1], pid[6491], build[default/rpm/1c34507e66d7db1211f66f3513706fdf548736aa/2020-12-05T01:00:33.671820Z], OS[Linux/3.10.0-1127.el7.x86_64/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2021-04-08T11:47:33,848][INFO ][o.e.n.Node               ] [10.194.11.67] JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]
[2021-04-08T11:47:33,848][INFO ][o.e.n.Node               ] [10.194.11.67] JVM arguments [-Xshare:auto, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/elasticsearch-539247061516994380, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/elasticsearch, -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Des.path.home=/usr/share/elasticsearch, -Des.path.conf=/etc/elasticsearch, -Des.distribution.flavor=default, -Des.distribution.type=rpm, -Des.bundled_jdk=true]
[2021-04-08T11:47:35,798][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [aggs-matrix-stats]
[2021-04-08T11:47:35,798][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [analysis-common]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [constant-keyword]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [flattened]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [frozen-indices]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-common]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-geoip]
[2021-04-08T11:47:35,799][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [ingest-user-agent]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [kibana]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-expression]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-mustache]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [lang-painless]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [mapper-extras]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [mapper-version]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [parent-join]
[2021-04-08T11:47:35,800][INFO ][o.e.p.PluginsService     ] [10.194.11.67] loaded module [percolator]