Securing Elasticsearch and Kibana

X-Pack security enables you to easily secure a cluster. Using X-Pack security we can secure Elasticsearch and Kibana instances.

X-Pack security features give the right access to the right people. This blog will drive you through the steps of securing Elasticsearch and Kibana using X-Pack.

X-Pack security provides a built-in elastic superuser you can use to start setting things up. This elastic user has full access to the cluster, including all indices and data, so make sure you change the default password and protect the elastic user credentials accordingly.

After successfully installing Elasticsearch and Kibana, download X-Pack from https://www.elastic.co/downloads/x-pack.

You can change the default password of the Elasticsearch, Kibana and Logstash by using the following set of commands

curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"
}'
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/kibana/_password' -H "Content-Type: application/json" -d '{
  "password" : "kibanapassword"
}'
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/logstash_system/_password' -H "Content-Type: application/json" -d '{
  "password" : "logstashpassword"
}'

The default password for the elastic user is changeme.

Set up roles and users to control access to Elasticsearch and Kibana. For example, to grant John Doe full access to all indices that match the pattern events* and enable him to create visualizations and dashboards for those indices in Kibana, you could create an events_adminrole and and assign the role to a new johndoe user.

curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/events_admin' -H "Content-Type: application/json" -d '{
  "indices" : [
    {
      "names" : [ "events*" ],
      "privileges" : [ "all" ]
    },
    {
      "names" : [ ".kibana*" ],
      "privileges" : [ "manage", "read", "index" ]
    }
  ]
}'
curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content-Type: application/json" -d '{
  "password" : "userpassword",
  "full_name" : "John Doe",
  "email" : "john.doe@anony.mous",
  "roles" : [ "events_admin" ]
}'

Enable Auditing to keep track of attempted and successful interactions with your Elasticsearch cluster:

Add the following setting to elasticsearch.yml on all nodes in your cluster:

xpack.security.audit.enabled: true

Now restart Elasticsearch and navigate to Kibana at http://localhost:5601/.

You have now successfully secured your ELK!!!

We look forward hear your comments about the implementations. We know this the very basic but, you can explore in detail the X-Pack Security and make the access accordingly.

If you are looking to get your ELK secured or you want to setup the Elasticsearch, Logstash and Kibana just drop us a message and experts from Third Rock Techkno will get back to you in 4 hours.

Visit Third Rock Techkno to know more about our expertise in AngularJS, NodeJS and IONIC.

· · · ·

Third Rock Techkno is a leading IT services company. We are a top-ranked web, voice and mobile app development company with over 10 years of experience. Client success forms the core of our value system.

We have expertise in the latest technologies including angular, react native, iOs, Android and more. Third Rock Techkno has developed smart, scalable and innovative solutions for clients across a host of industries.

Our team of dedicated developers combine their knowledge and skills to develop and deliver web and mobile apps that boost business and increase output for our clients.

How NodeJS Require works!

As node developers, we all know what the require() function does. But how many of us actually know how it works? We use it every day to load libraries and modules but its behavior is still a mystery for us, so let’s solve this mystery.

Read More

Angular vs React vs Vue: Which Framework To Use In 2020?

Here is a detailed comparison between Angular vs React vs Vue to help you choose the right framework for your next web app development project.

Read More

Top Front-End JavaScript Frameworks to Use in 2020

In this technology-dominated world, it’s only obvious that there is a myriad of programming languages available worldwide. Despite the competition, JavaScript has emerged as the most popular programming language for many years now.

Read More