SearchGuard configuration

elk security plugin searchguard installation

Install under es (es version 6.5.4)

• Download plugin
  /bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:

• Go to the searchguard installation directory
  cd /plugins/search-guard-/tools

• Run Install
  /install_demo_configuration.sh
  Generated file /config/elasticsearch.yml

Install demo certificates? [y/N] yInitialize Search Guard? [y/N] y# Cluster configuration select yEnable cluster mode? [y/N] n

• Verify the installation
  https://:9200 Enter the admin\admin account password to access the test installation
  https://:9200/_searchguard/authinfo Displays information about the currently logged in user by accessing

• Modify the default account password
  Generate a new hash password
  sh hash.sh -p chenfh5
  Modify /plugins/search-guard-6/sgconfig/sg_internal_users.yml

• Distribute new configuration to es cluster
  cd /plugins/search-guard-6/tools

./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \-cacert ../../../config/root-ca.pem \-cert ../../../config/kirk.pem \-key ../../../config/kirk-key.pem

kibana install SearchGuard (kibana version 6.5.4)

• Run Install
  /bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip

• Modify kibana configuration
  vim /config/kibana.yml

# Turn off xpack security authenticationxpack.security.enabled: false#xpack.monitoring.enabled: falsenetwork.host: 0.0.0.0

• /bin/kibanaStartup error

Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`

The reason is that the browserslist without node has not been updated. If it is updated directly, an error will be reported. You can only download the package manually and then cover it to the original installation directory

# Install npm tools, if there is no need to installyum install npm# Create a new directory to download new filesmkdir cd npm install caniuse-lite browserslistcd /node_modules# Create a new directory to save the original copymv /node_modules/browserslist mv /node_modules/caniuse-lite mv /node_modules/electron-to-chromium mv /node_modules/node-releases mv /node_modules/semver cd mv /* /kibana-6.5.4-linux-x86_64/node_modules

Restart /bin/kibana and wait for node compilation to complete

• [error][admin][elasticsearch] Request error, retrying error
  Edit kibana.yml

# Turn off xpack security authenticationxpack.security.enabled: false#xpack.spaces.enabled: false# connectelasticsearch.url: "https://xxx.xxx.xxx.xxx:9200"

• Open the browser https://: enter the admin account and password to open the management page

logstash configure searchguard

• xxx.conf add the following configuration

output {elasticsearch {user => logstashpassword => logstashssl => truessl_certificate_verification => falsecacert => "/config/spock.pem"...}}