How to Enable Security and Add Users & Roles in ELK

black android smartphone on top of white book
Reading Time: 3 minutes

Hello Readers !!! Hope you all are doing well. Today In this blog we ‘ll see How to Enable Security and Add Users & Roles in ELK . Firstly we’ll see how we can enable security in ELK and after that we’ll add users and assign then roles.

So, let’s get started !!!

Introduction

Enabling the Elasticsearch security features and then create passwords for built-in users are important but using the built-in users simplifies the process of enabling security for your cluster.

Prerequisites

Install and configure Elasticsearch and Kibana. See Getting started with the Elastic Stack.

Verify that you are using a license that includes the specific security features you want.

In order to add integration (Github) to the Kibana Dashboard , we have to enable security and add superuser to it .

Enabling Security Features 

  • You can enable the security feature by enabling xpack security to true as below : 
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
  • In the elasticsearch.yml file. Location for the file :
 sudo su 
 cd /etc/elasticsearch
 nano elasticsearch.yml
  • Restart the elasticsearch service using command:
sudo systemctl restart elasticsearch

Create Password for built-in users 

  • Go to location in order to search binary file –  
sudo su  
cd /usr/share/elasticsearch/bin
  • Search for the binary file elasticsearch-setup-passwords as
 ./elasticsearch-setup-passwords
  • Two commands used to set password are : 
Commands

--------

auto - Uses randomly generated passwords

interactive - Uses passwords entered by a user
  • Use command interactive to set-passwords for the services : 
./elasticsearch-setup-passwords interactive

 This will ask you for the confirmation press y and enter password for the  services like image mention below : 

  • Enter password of your choice.
  • Now restart the kibana and elasticsearch service : 
sudo systemctl restart elasticsearch    
sudo systemctl restart kibana

Configuring Kibana to connect to elasticsearch with a password 

  • File location from where keystore will be created is : 
cd /usr/share/kibana/
cd bin
  • Create the Kibana keystore:
./kibana-keystore create
  • Add the password for the kibana_system user to the Kibana keystore
./bin/kibana-keystore add elasticsearch.password

     This password is for the role that we make in kibana

  • Restart Kibana
sudo systemctl restart kibana
  • Log in to Kibana as the elastic user.
Username : elastic

Password :  the password that you have given

         

How to Add Users and Roles in ELK 

  • To add users and roles move to the below directory 
 cd /usr/share/elasticsearch
./bin/elasticsearch-users
  • Commands
--------

useradd - Adds a file user

userdel - Deletes a file based user

passwd - Changes the password of an existing file based user

roles - Edit roles of an existing user

list - List existing file based users and their corresponding roles
  • Now use the below command to add user , password and assign role to that user : 
./elasticsearch-users useradd user-name -p password -r user-role 
  • You can check users by listing as :  
./bin/elasticsearch-users list
  • Now restart the kibana and elasticsearch service : 
sudo systemctl restart elasticsearch    
sudo systemctl restart kibana

Conclusion

So, as you can see above how easily we can Enable Security and Add Users & Roles in ELK. I think you will found this quite helpful and interesting . If you have any issue regarding you are free to ask and also if you can give me suggestions to improve.’

Thank You !!!

Happy Learning !!!

Reference

https://www.elastic.co/guide/en/elasticsearch/reference/current/users-command.html

https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html

Written by 

Deeksha Tripathi is a Software Consultant at Knoldus Inc Software. She has a keen interest toward learning new technologies. Her practice area is DevOps. When not working, she will be busy in listening music , and spending time with her family .

Leave a Reply