Rizwan
Senior Devops Engineer

Setup X-pack Security on Elasticsearch and Kibana

X-Pack is an Elastic Stack extension that provides security, alerting, monitoring, reporting, machine learning, and many other capabilities. By default, when you install Elasticsearch, X-Pack is installed.

The growing popularity of Elasticsearch has made both Elasticsearch and Kibana targets for hackers and ransomware, so it is important never to leave your Elasticsearch cluster unprotected.

From Elasticsearch Version 6.8 and onwards, X Pack Basic License (free) includes security in the standard Elasticsearch version, while prior to that it was a paid for feature.

How to set up X-pack security on Elasticsearch

Bear in mind that the following steps will inevitably require some down time. If your elk stack is already in production, it is advisable to carry out the following on a staging environment first to ensure that you familiarize yourself with all the steps involved before causing down-time in production.

Stop kibana

sudo systemctl stop kibana

Stop elasticsearch

sudo systemctl stop elasticsearch

enable xpack in elasticsearch.yml

sudo nano /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true

Start Elasticsearch

sudo systemctl start elasticsearch

Setup default user passwords

cd /usr/share/elasticsearch/bin
sudo ./elasticsearch-setup-passwords auto

System Passwwords

Changed password for user apm_system
PASSWORD apm_system = ixicTkGDQvsRD4DVud7G
Changed password for user kibana
PASSWORD kibana = bkC6npKCtAMBFWZw4ube
Changed password for user logstash_system
PASSWORD logstash_system = 8t8t6FAbBPU1SYthqQnW
Changed password for user beats_system
PASSWORD beats_system = fRoOzNLyZ5lB8bKD9SaG
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = Ais1CsbZtl0KbIHDHZ2i
Changed password for user elastic
PASSWORD elastic = Vd0DDcdBV5d3gIKRxmVM

Add the default username in kibana

vim /etc/kibana/kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "new_password"

Start Kibana

systemctl start kibana

Access Kibana

Log in to Kibana with the elastic built-in user

https://<ip address>:5601

Create User


Go to the Management / Security / Users page:

more info

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x