elasticsearch 安装search guard

search guard用语elk的角色划分

./plugin install -b com.floragunn/search-guard-ssl/2.3.3.11

./plugin install -b com.floragunn/search-guard-2/2.3.5.5


下载源代码 使用工具包

git clone https://github.com/floragunncom/search-guard-ssl.git

cd search-guard-ssl/example-pki-scripts

./example.sh

vim elasticsearch.yaml

cp node-1-keystore.jks /etc/elasticsearch/

cp truststore.jks /etc/elasticsearch/


cat elasticsearch.yaml 

security.manager.enabled: false

searchguard.authcz.admin_dn:

  - "CN=kirk,OU=client,O=client,l=tEst, C=De"

searchguard.audit.type: internal_elasticsearch

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_type: JKS

searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks

searchguard.ssl.transport.truststore_type: JKS

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: true

searchguard.ssl.transport.resolve_hostname: true

searchguard.ssl.transport.enable_openssl_if_available: false




service ealsticsearch restart

./tools/sgadmin.sh  -h 127.0.0.1 -cd  sgconfig -ks  sgconfig/kirk-keystore.jks -kspass changeit  -ts sgconfig/truststore.jks 



具体信息修改example.sh



你可能感兴趣的:(elk)