SearchGuard配置

elk安全插件searchguard安装

在es下安装 (es版本6.5.4)

  • 下载插件
    /bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:

  • 进入到searchguard安装目录
    cd /plugins/search-guard-/tools

  • 运行安装
    /install_demo_configuration.sh
    生成的文件 /config/elasticsearch.yml

Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
# 集群配置选y
Enable cluster mode? [y/N] n
  • 验证安装
    https://:9200 输入admin\admin账号密码访问测试安装
    https://:9200/_searchguard/authinfo 通过访问显示有关当前登录用户的信息

  • 修改默认账号密码
    生成hash新密码
    sh hash.sh -p chenfh5
    修改/plugins/search-guard-6/sgconfig/sg_internal_users.yml

  • 分发新配置到es集群
    cd /plugins/search-guard-6/tools

./sgadmin.sh -cd ../sgconfig/ -icl -nhnv \
   -cacert ../../../config/root-ca.pem \
   -cert ../../../config/kirk.pem \
   -key ../../../config/kirk-key.pem

kibana 安装SearchGuard (kibana版本6.5.4)

  • 运行安装
    /bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.5.4-17/search-guard-kibana-plugin-6.5.4-17.zip

  • 修改kibana配置
    vim /config/kibana.yml

# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.monitoring.enabled: false
network.host: 0.0.0.0
  • /bin/kibana启动报错
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`

原因是没有node的browserslist没更新,如果直接更新会报错,只能手动下载包再盖到原安装目录

# 安装npm工具,如果有就不用安装
yum install npm
# 新建目录下载新文件
mkdir 
cd 
npm intall caniuse-lite browserslist
cd /node_modules
# 新建目录保存原副本
mv /node_modules/browserslist 
mv /node_modules/caniuse-lite 
mv /node_modules/electron-to-chromium 
mv /node_modules/node-releases 
mv /node_modules/semver 

cd 
mv /* /kibana-6.5.4-linux-x86_64/node_modules

重新启动/bin/kibana 等待node编译完成

  • [error][admin][elasticsearch] Request error, retrying 报错
    编辑 kibana.yml
# 关闭xpack安全认证
xpack.security.enabled: false
#xpack.spaces.enabled: false
# 连接
elasticsearch.url: "https://xxx.xxx.xxx.xxx:9200"
  • 浏览器打开 https://: 输入admin帐号密码打开管理页面

logstash 配置searchguard

  • xxx.conf 加入以下配置
output {
  elasticsearch {
    user => logstash
    password => logstash
    ssl => true
    ssl_certificate_verification => false
    cacert => "/config/spock.pem"
	...
  }
}

你可能感兴趣的:(SearchGuard配置)