Hello Readers !!! Hope you all are doing well. Today In this blog we ‘ll see How to Enable Security and Add Users & Roles in ELK . Firstly we’ll see how we can enable security in ELK and after that we’ll add users and assign then roles.
So, let’s get started !!!
Introduction
Enabling the Elasticsearch security features and then create passwords for built-in users are important but using the built-in users simplifies the process of enabling security for your cluster.
Prerequisites
Install and configure Elasticsearch and Kibana. See Getting started with the Elastic Stack.
Verify that you are using a license that includes the specific security features you want.
In order to add integration (Github) to the Kibana Dashboard , we have to enable security and add superuser to it .
Enabling Security Features
- You can enable the security feature by enabling xpack security to true as below :
xpack.security.enabled: truexpack.security.authc.api_key.enabled: true- In the elasticsearch.yml file. Location for the file :
sudo su cd /etc/elasticsearch nano elasticsearch.yml- Restart the elasticsearch service using command:
sudo systemctl restart elasticsearchCreate Password for built-in users
- Go to location in order to search binary file –
sudo su cd /usr/share/elasticsearch/bin- Search for the binary file elasticsearch-setup-passwords as
./elasticsearch-setup-passwords- Two commands used to set password are :
Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user- Use command interactive to set-passwords for the services :
./elasticsearch-setup-passwords interactiveThis will ask you for the confirmation press y and enter password for the services like image mention below :
- Enter password of your choice.
- Now restart the kibana and elasticsearch service :
sudo systemctl restart elasticsearch sudo systemctl restart kibanaConfiguring Kibana to connect to elasticsearch with a password
- File location from where keystore will be created is :
cd /usr/share/kibana/cd bin- Create the Kibana keystore:
./kibana-keystore create- Add the password for the kibana_system user to the Kibana keystore
./bin/kibana-keystore add elasticsearch.passwordThis password is for the role that we make in kibana
- Restart Kibana
sudo systemctl restart kibana- Log in to Kibana as the elastic user.
Username : elastic
Password : the password that you have given
How to Add Users and Roles in ELK
- To add users and roles move to the below directory
cd /usr/share/elasticsearch./bin/elasticsearch-users- Commands
--------
useradd - Adds a file user
userdel - Deletes a file based user
passwd - Changes the password of an existing file based user
roles - Edit roles of an existing user
list - List existing file based users and their corresponding roles- Now use the below command to add user , password and assign role to that user :
./elasticsearch-users useradd user-name -p password -r user-role - You can check users by listing as :
./bin/elasticsearch-users list- Now restart the kibana and elasticsearch service :
sudo systemctl restart elasticsearch sudo systemctl restart kibana
Conclusion
So, as you can see above how easily we can Enable Security and Add Users & Roles in ELK. I think you will found this quite helpful and interesting . If you have any issue regarding you are free to ask and also if you can give me suggestions to improve.’
Thank You !!!
Happy Learning !!!
Reference
https://www.elastic.co/guide/en/elasticsearch/reference/current/users-command.html
https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html
