I installed an Elasticsearch 7 on CentOS 7 using rpm file. After install, elaticsearch user and group is created, user which can't be used to manage elasticsearch (no login) but from what I saw will own es data directory. I don't want to manage elasticsearch with root user. Should I create a new user for that or to modify elasticsearch user? What will be the best approach?
Thank you!
I found that, after elasticsearch is started, another user is created (elastic), owner of the elasticsearch process. This user can by added to the sudoers file and can by used to start/stop elasticsearch. But, I think the best partice is to use other user for that, added in sudoers, of cource.
Related
When a new agent joins the fleet, I want to make a few notes on my application. Is it possible to get a notification whenever a new agent joins to fleet?
I checked elasticsearch watcher but haven't found solution so far.
Tldr;
There are no built in mechanism to perform such a task.
Nonetheless it is possible to create it, but it will be a bit of a hack.
Use the .fleet-agents index which won't be accessible in the 8.x releases
Use the Kibana agent api which is in experimental state.
I have a simple etcd server running and I am using this github project called etcd-keeper to visualize the data in the etcd.
you can find the etcd-keeper project here: https://github.com/evildecay/etcdkeeper
I have created the root using etcdctl and everything works fine.
And I needed to create a another user that has limited view access. So, I created another test-user user and added read-only role with relevant persmissions.
Everything is good but, when I try to access the etcd server using etcd-keeper it doesn't allow me to log in with the test-user credentials unless I signed in with root user first
I don't need to share the root user credentials with the person logs with test-user. Otherwise no point in creating a new user noh.
I get this warning as below:
Can someone please help me to fix this problem? Is this error from etcd servr side? Anyone has used this etcd-keeper before?
Thank you.
Setup
ElasticSearch v6.8
Context
I'm trying to build a couple of AMI's for ElasticSearch and Kibana using Packer.
I've been reading the official docs and have run into something confusing (for me at least)
I'm setting up the built-in users in ElasticSearch according to this doc. I'm using the auto option as opposed to interactive
bin/elasticsearch-setup-passwords auto
Once this is done I need to modify the kibana.yml file to use the built-in user whilst communicating with ElasticSearch. This doc describes what to do. Essentially you add these two lines:
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"
Questions
How can I automatically read the password output for the built in Kibana user (bin/elasticsearch-setup-passwords auto) so that I can add it to the kibana.yml file?
Is storing the password in plain text in the 'kibana.yml' file secure? I fear it is not... but is there an alternative?
Thanks
For elasticsearch-setup-passwords rather than using auto, look into --batch, so you can define the password and then use that for Kibana.
You probably want to use a keystore for Kibana.
I have 40 users in my sonarqube instance.
After updating to Sonarqube 6.5 in Administration/Security/Users there is only Administrator.
Sonarqube connected to PostgreSQL database and table users contains all 40 users. Also they can login. Creating missing users fails with message: An active user with login 'XXXX' already exists.
I tried REINDEX DATABASE sonarqube; with no result.
How can I solve this problem?
The list of users is by default not shown completely in newer versions of SonarQube. Start typing a user's name or email in the filter input box to find the users you are looking for.
While a list of 40 users would be easy to display, some instances of SonarQube have thousands of users. The new behaviour of the user list improves the user experience on such systems.
Side note: If an unexpected error occurred during startup you indeed might have to reindex the database once. To do this stop SonarQube, make a backup of everything, remove the data/es directory and start SonarQube again.
I am going to use logstash+ES+kibana for my project. I want to know how to use this framework for multi tenants. Can any one explain me how after the authentication Kibana query the elastic search index and load in Kibana's dashboard? Can I restrict kibana to look for a specifix index of Elastic search for a particular user or some-id? Anybody has tried this?
Thnx
You could, but depending on your use case it is probably not a good idea. There are a few gotchas, particularly regarding security and separating the users. First Kibana is just javascript running in the browser. So whatever Kibana is allowed to do so is your user. You can however have a separate index pattern for each "user", but elastic search does not provide you any ways of authenticating a users or authorizing a user access to a specific index. You would have to use some sort of proxy for this.
I recommend http://www.found.no/foundation/elasticsearch-in-production/ and http://www.found.no/foundation/elasticsearch-security/ for a more in depth explanation.
Create an index for each tenant.
In this way you can use a proxy (like the app the hosts kibana) to intercept the request and return a settings that includes the index to use.
The value that specifies the index to use can be the logged in user or you can get that value somewhere else.
To separate even more the data, you can use a prefix in each index name, and then when you specify an index you can use a pattern to take all the index related to only certain kind of data/entities.
Hope this help.
Elasticsearch announced today a plugin they are working on that should provide security features to ES product. Probably, this will contain ways of restricting access based on roles and users setup at cluster and indices level. If this happens I see no way for them not to extend this security layer to Kibana, as well. Also, it seems this plugin will have a commercial version only.