使用search-guard加固安全为https访问 1、ES 安装search-guard 安装 1、在linux上下载介质。 下载后无需解压。 wget https://releases.floragunn.com/search-guard-6/6.8.3-25.5/search-guard-6-6.8.3-25.5.zip 2、停止ES运行。 3、使用ES已有的插件工具,安装命令如下。会自动在ES的plugins目录下创建search-guard文件 ./elasticsearch-6.8.3/bin/elasticsearch-plugin install -b file:///home/zyplanke/es/search-guard-6-6.8.3-25.5.zip 4、启用插件。进入插件目录:elasticsearch-6.8.3/plugins/search-guard-6/tools下,执行: bash install_demo_configuration.sh (按提示,输入三次Y) 以上执行后,会自动给elasticsearch-6.8.3/config/elasticsearch.yml文件后面添加以下内容: searchguard.ssl.transport.pemcert_filepath: esnode.pem searchguard.ssl.transport.pemkey_filepath: esnode-key.pem searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem searchguard.ssl.transport.enforce_hostname_verification: false searchguard.ssl.http.enabled: true searchguard.ssl.http.pemcert_filepath: esnode.pem searchguard.ssl.http.pemkey_filepath: esnode-key.pem searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem searchguard.allow_unsafe_democertificates: true searchguard.allow_default_init_sgindex: true searchguard.authcz.admin_dn: CN=kirk,OU=client,O=client,L=test, C=de searchguard.audit.type: internal_elasticsearch searchguard.enable_snapshot_restore_privilege: true searchguard.check_snapshot_restore_write_privileges: true searchguard.restapi.roles_enabled: ["sg_all_access"] cluster.routing.allocation.disk.threshold_enabled: false discovery.zen.minimum_master_nodes: 1 node.max_local_storage_nodes: 3 xpack.security.enabled: false 5、重启ES,使用https访问。 https://IP:9200 会提示输入用户密码,说明插件已经生效。(默认管理员用户为admin;密码为admin) 6、修改admin用户的密码。进入插件目录:elasticsearch-6.8.3/plugins/search-guard-6/tools下,执行: bash hash.sh -p <新密码明文> 7、将得到的新密码密文串, 放入elasticsearch-6.8.3/plugins/search-guard-6/sgconfig/sg_internal_users.yml文件,修改文件admin用户下的hash值(使用刚才得到的新密码密文串)。 (建议同时把readonly设置为false,允许在kibana中修改admin的密码) 注意:这个文件除了admin,还有其他用户,例如kibanaserver用户。 admin: readonly: false hash: $2y$12$/iFel04G0O.0YmK.f31vhuwJZJ3xx9Fv164EveHVv73a8T2XnhGAC roles: - admin attributes: #no dots allowed in attribute names attribute1: value1 attribute2: value2 attribute3: value3 (以下内容省略) 8、初始化Search-Guard。进入插件目录:elasticsearch-6.8.3/plugins/search-guard-6/tools下,执行: bash sgadmin_demo.sh (如果在ES已运行情况下,仍报“ERR: Seems there is no Elasticsearch running on localhost:9300”,有可能是ES监听的IP不对,建议ES监听host的IP配置为0.0.0.0) 9、不用重启ES,使用浏览器登录ES,可发现新密码已经生效。 2、同步修改Kibana配置 1、由于kibana需要连接ES,当ES增加了search-guard插件后,kibana也需要同步修改。 2、编辑kibana目录下的kibana.yml文件, 修改配置如下: elasticsearch.hosts: ["https://IP:9200"] elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" elasticsearch.ssl.verificationMode: none elasticsearch.requestHeadersWhitelist: [ "authorization","sgtenant" ] 3、然后重启kibana,在kibana Web页面中,使用admin用户密码登录。 可成功登录。 3、同步修改logstash配置 修改logstash配置logstash-sample.conf文件。参考格式如下 output { elasticsearch { hosts => ["https://IP:9200"] user => "admin" password => "password" ssl => false ssl_certificate_verification => false index => "nginx-%{+YYYY_MM}" codec => json }
标签:searchguard,search,ssl,guard,elasticsearch,https,ES From: https://www.cnblogs.com/Old-Kang/p/18454162