当前位置:网站首页>SearchGuard配置

SearchGuard配置

2022-08-11 05:25:00 cjx__

elk安全插件searchguard安装

在es下安装 (es版本6.5.4)

  • 下载插件
    <ES directory>/bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:<guard version>

  • 进入到searchguard安装目录
    cd <ES directory>/plugins/search-guard-/tools

  • 运行安装
    <ES directory>/install_demo_configuration.sh
    生成的文件 <ES directory>/config/elasticsearch.yml

Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
# 集群配置选y
Enable cluster mode? [y/N] n

  • 验证安装
    https://<es ip>:9200 输入admin\admin账号密码访问测试安装
    https://<es ip>:9200/_searchguard/authinfo 通过访问显示有关当前登录用户的信息

  • 修改默认账号密码
    生成hash新密码
    sh hash.sh -p chenfh5
    修改<ES directory>/plugins/search-guard-6/sgconfig/sg_internal_users.yml

  • 分发新配置到es集群
    cd <ES directory>/plugins/search-guard-6/tools

./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \
   -cacert ../../../config/root-ca.pem \
   -cert ../../../config/kirk.pem \
   -key ../../../config/kirk-key.pem

kibana 安装SearchGuard (kibana版本6.5.4)

  • 运行安装
    <kibana directory>/bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip

  • 修改kibana配置
    vim <kibana directory>/config/kibana.yml

# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.monitoring.enabled: false
network.host: 0.0.0.0
  • <kibana directory>/bin/kibana启动报错
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`

原因是没有node的browserslist没更新,如果直接更新会报错,只能手动下载包再盖到原安装目录

# 安装npm工具,如果有就不用安装
yum install npm
# 新建目录下载新文件
mkdir <npmdown>
cd <npmdown>
npm intall caniuse-lite browserslist
cd <kibana directory>/node_modules
# 新建目录保存原副本
mv <kibana directory>/node_modules/browserslist <backlib>
mv <kibana directory>/node_modules/caniuse-lite <backlib>
mv <kibana directory>/node_modules/electron-to-chromium <backlib>
mv <kibana directory>/node_modules/node-releases <backlib>
mv <kibana directory>/node_modules/semver <backlib>

cd <npmdown>
mv <npmdown>/* <kibana directory>/kibana-6.5.4-linux-x86_64/node_modules

重新启动/bin/kibana 等待node编译完成

  • [error][admin][elasticsearch] Request error, retrying 报错
    编辑 kibana.yml
# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.spaces.enabled: false
# 连接
elasticsearch.url: "https://xxx.xxx.xxx.xxx:9200"
  • 浏览器打开 https://: 输入admin帐号密码打开管理页面

logstash 配置searchguard

  • xxx.conf 加入以下配置
output {
  elasticsearch {
    user => logstash
    password => logstash
    ssl => true
    ssl_certificate_verification => false
    cacert => "<elasticsearch home>/config/spock.pem"
	...
  }
}
原网站

版权声明
本文为[cjx__]所创,转载请带上原文链接,感谢
https://blog.csdn.net/cjx__/article/details/102219499

边栏推荐

猜你喜欢

随机推荐