Securing Elasticsearch and Kibana

Krunal Shah

Nov 02, 2017 | 3 min read

Securing Elasticsearch and Kibana

X-Pack security enables you to easily secure a cluster. Using X-Pack security we can secure Elasticsearch and Kibana instances.

X-Pack security features give the right access to the right people. This blog will drive you through the steps of securing Elasticsearch and Kibana using X-Pack.

X-Pack security provides a built-in elastic superuser you can use to start setting things up. This elastic user has full access to the cluster, including all indices and data, so make sure you change the default password and protect the elastic user credentials accordingly.

After successfully installing Elasticsearch and Kibana, download X-Pack from https://www.elastic.co/downloads/x-pack.

You can change the default password of the Elasticsearch, Kibana and Logstash by using the following set of commands

curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"
}'
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/kibana/_password' -H "Content-Type: application/json" -d '{
  "password" : "kibanapassword"
}'
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/logstash_system/_password' -H "Content-Type: application/json" -d '{
  "password" : "logstashpassword"
}'

The default password for the elastic user is changeme.

Set up roles and users to control access to Elasticsearch and Kibana. For example, to grant John Doe full access to all indices that match the pattern events* and enable him to create visualizations and dashboards for those indices in Kibana, you could create an events_adminrole and and assign the role to a new johndoe user.

curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{
  "indices" : [
    {
      "names" : [ "events*" ],
      "privileges" : [ "all" ]
    },
    {
      "names" : [ ".kibana*" ],
      "privileges" : [ "manage", "read", "index" ]
    }
  ]
}'
curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content-Type: application/json" -d '{
  "password" : "userpassword",
  "full_name" : "John Doe",
  "email" : "john.doe@anony.mous",
  "roles" : [ "events_admin" ]
}'

Enable Auditing to keep track of attempted and successful interactions with your Elasticsearch cluster:

Add the following setting to elasticsearch.yml on all nodes in your cluster:

xpack.security.audit.enabled: true

Now restart Elasticsearch and navigate to Kibana at http://localhost:5601/.

You have now successfully secured your ELK!!!

We look forward hear your comments about the implementations. We know this the very basic but, you can explore in detail the X-Pack Security and make the access accordingly.

If you are looking to get your ELK secured or you want to setup the Elasticsearch, Logstash and Kibana just drop us a message and experts from Third Rock Techkno will get back to you in 4 hours.

Visit Third Rock Techkno to know more about our expertise in AngularJS, NodeJS and IONIC.

· · · ·

Third Rock Techkno is a leading IT services company. We are a top-ranked web, voice and mobile app development company with over 10 years of experience. Client success forms the core of our value system.

We have expertise in the latest technologies including angular, react native, iOs, Android and more. Third Rock Techkno has developed smart, scalable and innovative solutions for clients across a host of industries.

Our team of dedicated developers combine their knowledge and skills to develop and deliver web and mobile apps that boost business and increase output for our clients.