Need to disable x-pack in ELK - elasticsearch

We are using Elastic, logstash and kibana with x-pack trial period, now that x-pack license is expired... How do I disable the x-pack license permanently.
In kibana, I am getting as below, How to avoid this alert.
Your trial license is expired
Contact your administrator or update your license directly.
We have add the configuration as below in elastic,kibana... but seems to be not working.
xpack.security.enabled: false
lastly Index management not able to view as license period has expired.
You do not have permissions to use Index Management
Any help is appreciated on above questions.

Related

Enable RBAC features in kibana alone

I want to create a new space in kibana and create a new user , attach a role with specific access and only to the space. This is a straight-forward thing with lot of docs provided by elasticsearch itself, but however there is one thing that I cannot find any clear documentation on. Does kibana support RBAC without enabling security features in elasticsearch? Is it possible to create roles in kibana without enabling security features in elasticsearch? I'm almost sure that it is not possible but since there is not direct wordings in the documents stating the above, I'm skeptical about it and hence posting here for expert suggestions.
I'm using kibana version 7.7.1. In my dashboard I'm not able to see the word "security" anywhere as described in the document. Posting a sample screenshot below.
Finally Found an official document that states the same. To answer the question, Yes Kibana doesn't support RBAC in a standalone manner. It depends on elasticsearch.
https://www.elastic.co/guide/en/kibana/7.x/using-kibana-with-security.html

Kibana Elasticsearch 6.4 basic security

I'm really confused when I'm reading the documentation of security. I would like to protect the kibana with username and password. When I'm reading docs there is no mention that is free or not. Only the things with AD or Ldap that I'm aware are paid. So my question is: is it allowed to use basic security for free? Do I need to install an additional plugin for that if I use ELK 6.4.x?
I can recommend Search Guard (https://search-guard.com/product/) community edition. This is a free and Apache 2 licensed feature rich open source security plugin for Elasticsearch which also comes with a Kibana plugin. Username/Password protection as well as SSL support is also free.
For advanced features like federated authentication, LDAP/AD and Audit logging you need to purchase a license.
Github link: https://github.com/floragunncom/search-guard
You need x-pack plugin for user & role based access to secure Kibana. X-pack is not free but I believe they have like a 30-day trial period.
The security feature in the Elastic Stack is not free, you need a license for that, but if your goal is to set a username and password for acessing kibana there are other alternatives.
You can try the Community Edition of Search Guard, a security plugin for the elastic stack, or you can use nginx to secure the acess to kibana and other endpoints of the elastic api, as described on this post on the elastic blog: https://www.elastic.co/blog/playing-http-tricks-nginx

Lock Kibana Dashboard

I have set up Elastic Search and Kibana and prepared different monitoring dashboard. So how can i lock my dashboard so dashboard is visible to all and even they can apply filters and visualize but it shouldn't change original dashboard so when they open dashboard again it should be same as one which i had prepared. I tried to check elastic search website and they offer subscription for X-pack which provides role based access control. But is there anyway I can lock the dashboard rather than subscription because i used Kibana as it was open source.
Thank You in advance.
- Sam

Implementing security on ELK using x-pack

I want to secure all the communications in ELK. For that i have installed x-pack plugin. Please let me know if its right plugin to do so. I want to introduce username & password and also SSL enabled communication.
I have installed x-pack plugin in elasticsearch.
elasticsearch-plugin.bat install x-pack
i have also learnt that there are 3 default users in x-pack. elastic, kibana and logstash-system.
Even though i have installed x-pack only on elasticsearch, kibana also asks for credentials.
My Doubts:
I want to know why kibana is asking for credentials.
If i give credentials as kibana/changeme, i dont get any logs in kibana. But if i login as elastic/changeme, i can see logs in kibana.Why it is so? Is it like, the credentials used should be same across elasticsearch and kibana?
How should i manage using elastic, kibana and logstash-system users provided by x-pack?
You can check out the users (assuming you are accessing Kibana on localhost and authenticate with elastic and changeme) at http://localhost:5601/app/kibana#/management/security/users?_g=().
In that list you'll also see the user kibana with the role kibana_system. If you check out the details of that role, you'll see that it only has the monitor privilege and can only access the indices .kibana* and .reporting-*. That explains why your kibana user cannot see any data.
If you want to make this production ready:
Only enable the users that you need.
Change passwords.
Maybe disable the default users and just create your own.
PS: I've only checked this on the 6.0.0-alpha2, but I think this should be the same on version 5 as well.

Administer issues does not work as Anyone

I cannot get administration of issues to be active for Anyone.
I have added the group Anyone to both browse and administer issues for the project.
Anyone can browse, but not administer issues.
It works if i create a user and add it to administer issues (when logged in as that user), but i do not want to use users at all.
I want anyone to be able to administer issues.
I tried deleting the project and created a default template with Anyone for browse and administer thinking that perhaps the setting cannot be changed for existing projects for some reason, but that did not help.
Running sonarqube 4.4
Plugins:
Checkstyle 2.1
Findbugs 3.0
Java 2.4
PMD 2.2
SCM Activity 1.8
Scm Stats 0.3.1
By definition, to do actions on issues on SQ (SonarQube), you must be authenticated because SQ needs to keep track of who did what. By default, authenticated users in SQ are part of the "sonar-users" group. So you just have to add the "sonar-users" group to the "Administer Issues" permission.

Resources