Elasticsearch7.2免費安全功能安裝和配置

（一）、簡介
21日，Elastic官方發佈消息： Elastic Stack 新版本6.8.0 和7.1.0的核心安全功能現免費提供。
這意味着用戶現在能夠對網絡流量進行加密、創建和管理用戶、定義能夠保護索引和集羣級別訪問權限的角色，並且使用 Spaces 爲 Kibana
提供全面保護。 免費提供的核心安全功能如下：
TLS 功能。 可對通信進行加密；
文件和原生 Realm。 可用於創建和管理用戶；
基於角色的訪問控制。 可用於控制用戶對集羣 API 和索引的訪問權限；
通過針對 Kibana Spaces 的安全功能，還可允許在Kibana 中實現多租戶。

原先的ES安全認證是通過x-pack來實現的，下邊是x-pack的發展歷史：
5.X版本之前：沒有x-pack，是獨立的：security安全,watch查看，alert警告等獨立單元。
5.X版本：對原本的安全，警告，監視，圖形和報告做了一個封裝，形成了x-pack。
6.3 版本之前：需要額外安裝。
6.3版本及之後：已經集成在一起發佈，無需額外安裝，基礎安全屬於付費黃金版內容。
7.7 .1版本：基礎安全免費。
相關功能網址：https://www.elastic.co/cn/subscriptions#request-info

（二）、安裝配置Elasticsearch
1、ES安裝（略）
2、配置TLS和身份驗證
步驟1：在Elasticsearch主節點上配置TLS.
1、
2、生產證書文件

[root@ES1-4 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-certutil ca
[root@ES1-4 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
[root@ES1-4 elasticsearch]# ll
total 540
drwxr-xr-x  2 root root   4096 Jun 28 10:42 bin
-rw-------  1 root root   3443 Jun 28 16:46 elastic-certificates.p12
-rw-------  1 root root   2527 Jun 28 16:43 elastic-stack-ca.p12
drwxr-xr-x  8 root root     96 Jun 28 10:42 jdk
drwxr-xr-x  3 root root   4096 Jun 28 10:42 lib
-rw-r--r--  1 root root  13675 Jun 20 23:50 LICENSE.txt
drwxr-xr-x 30 root root   4096 Jun 28 10:42 modules
-rw-rw-r--  1 root root 502598 Jun 20 23:56 NOTICE.txt
drwxr-xr-x  2 root root      6 Jun 21 00:04 plugins
-rw-r--r--  1 root root   8478 Jun 20 23:50 README.textile
#####給生產的文件添加elasticsearch組權限
[root@ES1-4 elasticsearch]# chgrp elasticsearch /usr/share/elasticsearch/elastic-certificates.p12 /usr/share/elasticsearch/elastic-stack-ca.p12 
#####給這兩個文件賦640權限
[root@ES1-4 elasticsearch]# chmod 640 /usr/share/elasticsearch/elastic-certificates.p12 /usr/share/elasticsearch/elastic-stack-ca.p12 
######把這兩個文件移動端配置文件夾中
[root@ES1-4 elasticsearch]# mv /usr/share/elasticsearch/elastic-* /etc/elasticsearch/

3、修改配置，添加驗證配置文件

[root@ES1-4 elasticsearch]# vim /etc/elasticsearch/elasticsearch.yml

cluster.name: kjdow
node.name: es-node1
node.data: true
node.master: true
node.attr.tag: hot
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/log
path.repo: [ "/data/daily","/data/weekly", ]
transport.tcp.compress: true
network.host: 192.168.4.215
http.port: 9200

http.cors.enabled: true
http.cors.allow-origin: "*"
cluster.initial_master_nodes: ["192.168.4.215","192.168.4.216"]
#discovery.seed_hosts: ["192.168.4.215","192.168.4.216"]
discovery.seed_hosts: ["192.168.4.215","192.168.4.216","192.168.4.217","192.168.4.218"]
#######優化配置
#bootstrap.memory_lock: true
#indices.breaker.request.limit: 10%
#index.merge.scheduler.max_thread_count: 1
#indices.queries.cache.size: 20%
#indices.requests.cache.size: 2%
#indices.fielddata.cache.size: 30%
node.attr.box_type: hot
######add to the end fro x-pack
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

4、最後把證書文件複製到其他master節點並賦予相關的權限，並同步配置參數。

5、設置密碼

[root@ES1-4 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Passwords do not match.
Try again.
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
####分別設置 elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user賬號的密碼。下邊是輸入剛纔輸入的用戶名和密碼進行查看
[root@ES1-4 elasticsearch]# curl 192.168.4.215:9200/_cat/indices?v -u elastic
Enter host password for user 'elastic':
health status index       uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   .security-7 7phIYLTcTbugIbSimRI03g   1   0          6            0     19.3kb         19.3kb

（三）、配置kibana
1、kibana安裝略
2、配置kibana.yml文件如下

[root@otrs004097 elasticsearch]# grep '^[a-Z]' /etc/kibana/kibana.yml 
server.port: 5601
server.host: "192.168.4.97"
server.name: "192.168.4.97"
elasticsearch.hosts: ["http://192.168.4.97:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "xxxx"

3、配置如下：

圖二

圖三

具體可以參考如下逛網連接：
https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security