X-Pack is an Elastic Stack extension that provides security, alerting, monitoring, reporting, machine learning and many other features. After ES7., by default, X-Pack will be installed when Elasticsearch is installed, and there is no need to install it separately.
Since versions 6.8 and 7.1+, basic-level security is permanently free.
By default, Elasticsearch security features are disabled when you have a Secure Free license. To enable security features, xpack.security.enabled needs to be set.
In the elasticsearch.yml configuration file of each node, add:
Scope of use: Configuring transport layer security is suitable for clusters with multiple nodes and requiring external network communication Single node ES accessed.
Single-node ES using loopback address 127.0.0.1 does not need to be configured.
Elasticsearch nodes may store confidential data that is coveted by ubiquitous cyberattacks.
Cyber ??attacks include sniffing of data, manipulation of data, and attempts to gain access to servers and, thus, files where data is stored.
Securing nodes helps reduce the risk of attacks from the network.
1. The principle of encrypted communication using certificates
TLS requires an X.509 certificate (an X.509 certificate is a digital certificate that uses the X.509 public key infrastructure standard to A public key is associated with the identity contained in the certificate. An X.509 certificate is issued by a trusted entity called a Certificate Authority (CA), which uses one or more special certificates called CA certificates. This certificate is used to issue X.509 certificates. Only the certification authority has access to the CA certificate to perform encryption and authentication for applications that communicate with it. In order for communication between nodes to be truly secure, certificates must be verified.
The recommended way to verify certificate authenticity in an Elasticsearch cluster is to trust the Certificate Authority (CA) that signed the certificate.
In this way, the node can be automatically allowed to join the cluster simply by using a certificate signed by the same CA.
2. Use the elasticsearch-certutil command to generate a certificate
After enabling the security function, TLS must be used to ensure that the communication between nodes is encrypted.
Add the following configuration in the elasticsearch.yml center:
Use elasticsearch-setup-passwords to set the cluster password.
Core:
auto - Randomly generate passwords.
interactive - customize passwords for different users.
Note: You must configure xpack before you can set a password. Otherwise, an error will be reported.
The simplest method,
assumes the initial deployment phase of the cluster.
The core three steps of X-Pack security configuration:
These are just scratches the surface for security. More roles, permissions, and spaces need to be implemented with the help of Kibana.
5.1 pom file
5.2 Modify configuration file