elk安全插件searchguard安裝
在es下安裝 (es版本6.5.4)
-
下載插件
<ES directory>
/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:<guard version>
-
進入到searchguard安裝目錄
cd<ES directory>
/plugins/search-guard-/tools -
運行安裝
<ES directory>
/install_demo_configuration.sh
生成的文件<ES directory>
/config/elasticsearch.yml
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
# 集羣配置選y
Enable cluster mode? [y/N] n
-
驗證安裝
https://<es ip>
:9200 輸入admin\admin賬號密碼訪問測試安裝
https://<es ip>
:9200/_searchguard/authinfo 通過訪問顯示有關當前登錄用戶的信息 -
修改默認賬號密碼
生成hash新密碼
sh hash.sh -p chenfh5
修改<ES directory>
/plugins/search-guard-6/sgconfig/sg_internal_users.yml -
分發新配置到es集羣
cd<ES directory>
/plugins/search-guard-6/tools
./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \
-cacert ../../../config/root-ca.pem \
-cert ../../../config/kirk.pem \
-key ../../../config/kirk-key.pem
kibana 安裝SearchGuard (kibana版本6.5.4)
-
運行安裝
<kibana directory>
/bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip -
修改kibana配置
vim<kibana directory>
/config/kibana.yml
# 關閉xpack安全認證
xpack.security.enabled: false
#xpack.monitoring.enabled: false
network.host: 0.0.0.0
<kibana directory>/bin/kibana
啓動報錯
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
原因是沒有node的browserslist沒更新,如果直接更新會報錯,只能手動下載包再蓋到原安裝目錄
# 安裝npm工具,如果有就不用安裝
yum install npm
# 新建目錄下載新文件
mkdir <npmdown>
cd <npmdown>
npm intall caniuse-lite browserslist
cd <kibana directory>/node_modules
# 新建目錄保存原副本
mv <kibana directory>/node_modules/browserslist <backlib>
mv <kibana directory>/node_modules/caniuse-lite <backlib>
mv <kibana directory>/node_modules/electron-to-chromium <backlib>
mv <kibana directory>/node_modules/node-releases <backlib>
mv <kibana directory>/node_modules/semver <backlib>
cd <npmdown>
mv <npmdown>/* <kibana directory>/kibana-6.5.4-linux-x86_64/node_modules
重新啓動/bin/kibana 等待node編譯完成
- [error][admin][elasticsearch] Request error, retrying 報錯
編輯 kibana.yml
# 關閉xpack安全認證
xpack.security.enabled: false
#xpack.spaces.enabled: false
# 連接
elasticsearch.url: "https://xxx.xxx.xxx.xxx:9200"
- 瀏覽器打開 https://: 輸入admin帳號密碼打開管理頁面
logstash 配置searchguard
- xxx.conf 加入以下配置
output {
elasticsearch {
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => false
cacert => "<elasticsearch home>/config/spock.pem"
...
}
}