Shulou(Shulou.com)06/01 Report--

This article shows you how to open ES cluster user authentication in EFK. The content is concise and easy to understand. It will definitely make your eyes shine. I hope you can gain something through the detailed introduction of this article.

Kibana and filebeat authentication based on ES built-in and custom users

close the service

Please close all ElasticSearch, kibana, filebeat processes before performing the following experiments

elasticsearch-modify elasticsearch.yml configuration

Add elasticsearch.yml configuration parameter under conf directory according to the corresponding example of the above table

#Add the following configuration to all instances #Enable local users xpack.security.enabled: true#Version of xpack xpack.license.self_generated.type: basicelasticsearch-Enable services

Open all ES services

sudo -u elasticsearch ./ bin/elasticsearchelasticsearch-Create local built-in users

Local built-in elastic, apm_system, kibana, logstash_system, beats_system, remote_monitoring_user

#operate on one of the master nodes # interactive custom password auto auto-generate password sudo -u elasticsearch ./ bin/elasticsearch-setup-passwords interactive#Enter elastic password #Enter apm_system password #Enter kibana password #Enter logstash_system password #Enter beats_system password #Enter remote_monitoring_user password

Testing internal users

Encrypt elastic users with base64 in the format "elastic:elastic's password"

#For example, the following format curl -H "Authorization: Basic ZWxhc3RpYzplbGFzdGkxMjM0NTY3OA =" "http://192.168.1.31:9200/_cat/nodes? v"

If you do not access via Basic or base64 encryption errors, the following error will be reported

kibana-Create a private key repository

Create private key repository on 192.168.1.21

cd /opt/kibana/#Create Keystore sudo -u kibana ./ bin/kibana-keystore create#Connect ES username, here enter kibanasudo -u kibana ./ bin/kibana-keystore add elasticsearch.username#Connect ES password, here enter the password just set kibana sudo -u kibana ./ bin/kibana-keystore add elasticsearch.password

Confirm the private key repository on 192.168.1.21

sudo -u kibana ./ bin/kibana-keystore list

start the service

sudo -u kibana /opt/kibana/bin/kibana -c /opt/kibana/config/kibana.ymlkibana-WEB Interface confirms user

Login to kibana

Enter elastic's password before entering 192.168.1.21:5601 in the browser, username: elastic Password:

filebeat-Create characters and users in the WEB interface

Create custom filebeat roles

For a description of role permissions, see the appendix link for yourself

Create custom filebeat users

filebeat-Create a keystore on the server

Create filebeat keystore on 192.168.1.11

cd /opt/filebeat/#Create a keystore./ filebeat keystore create#Create test-filebeat user private key./ filebeat keystore add test-filebeat

Confirm filebeat keystore

./ filebeat keystore list

filebeat-Configure filebeat.yml

Configure filebeat.yml

#file input filebeat.inputs: #file input type-type: log #Start loading enabled: true #file location paths: - /var/log/nginx/access.log #Custom Parameters fields: type: nginx_access #type is nginx_access, consistent with fields.type above #output to elasticsearchoutput.elasticsearch: #username to connect ES cluster: test-filebeat #password to connect ES cluster: "${test-filebeat password}" # elasticsearch cluster hosts: ["http://192.168.1.31:9200", "http://192.168.1.32:9200", "http://192.168.1.33:9200"] #index configuration indices: #index name - index: "nginx_access_%{+yyy.MM}" #Use this index when type is nginx_access when.equals: fields.type: "nginx_access"#Close built-in template setup.template.enabled: false#Enable logging logging.to_files: true#Log level logging.level: info#Log files logging.files: #Log location path: /opt/logs/filebeat/ #Log name: filebeat #Log rotation period, must be 2~1024 keepfiles: 7 #Log rotation permissions: 0600

Start filebeat

/opt/filebeat/filebeat -e -c /opt/filebeat/filebeat.yml -d "publish" test

Write a piece of data

curl -I "http://192.168.1.11"

View in kibana

Kibana character permissions related documentation links

https://www.elastic.co/guide/en/elasticsearch/reference/7.3/security-privileges.html#privileges-list-cluster The above content is how to open ES cluster user authentication in EFK. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.