I create a Kibana dashboard using HDFS data.(Note: I connect Elasticsearch with Hotonworks using Elasticsearch-Hadoop).I want to secure Kibana Dashboard.Is it possible to do that Security function with Ranger.
I don't think it is possible. You can check documentation which shows what projects does Apache Ranger support.
I your case you can use:
X-Pack - great security plugin for Elasticsearch and Kibana, but it is paid.
Search Guard - free Elasticsearch and Kibana security plugin. I think it is very good tool.
But if you don't want to deploy a real security plugin (which contains SSL etc.) or something like that and you only need dashboard security you can use Kibana Own Home plugin. It is multitenancy plugin for Kibana which creates separate .kibana index for every user. It works with Apache httpd or nginx. Read more here.
Related
I'm using Elastic search to analyze my logs in WSO2 API Manager. I'm using basic authentication mode. After setting up Elastic and Kibana and configuring its setting, these errors appear when I want to see Kibana dashboards. How can I solve these problems?
In you Elasticsearch looks like there is no index which starts with apim_event_faulty or apim_event*, you can check all the indices in your Elasticsearch cluster by hitting _cat/indices?v API of Elasticsearch.
Check whether there is /repository/logs/apim_metrics.log inside your WSO2 API Manager home directory.
If you don't have the apim_metrics.log file, most like there is an issue in configurations you have done in API Manager. Refer this documentation https://apim.docs.wso2.com/en/latest/api-analytics/on-prem/elk-installation-guide/
If you have the apim_metrics.log file, check the content. If it does not have any logs, most likely API Manger haven't gone through any event to trigger apim_event_faulty, apim_event_response logs. Try invoking an API and observe the logs.
I am new to kibana the requirement is to build an analytical dashboard, so we are thinking of uploading the data into elastic search and give access to only visualization of kibana to build reports and use the different dashboards. I have googled and found some links for building custom dashboards using kibana plugin but We don't need any customization so we wanted to use the same kibana UI. Please share your thoughts.
Elasticsearch and Kibana are both open-source.
If you want to prevent your users from read/writing to cluster but allow them to create visualisations and dashboards then you can do so by using a basic license and setting up Role-based access control. You'll need to give them full access to .kibana index. Have a look at Elastic subscriptions to understand the different types of licenses (subscriptions).
If they only want to view and not create visualisations/dashboards, then create a RO (read-only) user with limited privileges i.e read-all but no-write permissions.
Can i use Kibana UI for client's ? Is it open source?
Yes, Kibana is open source. You need a server to host Kibana for free, or you can buy some special option like 10 nodes ES server and Kibana with SAML (Platinium plan).
Check: https://www.elastic.co/subscriptions
The name you are looking for is Elastic stack not solo Kibana.
For example Kibana needs Elasticsearch always.
Some features are in paid versions only, or in some free additional plugins.
We are using Elasticsearch in a Kubernetes cluster (not exposed publicly) without X-Pack security, and had it working in 5.x with elastic/changeme, but after trying to get it set up with 6.x, it's now requiring a password, and the default of elastic/changeme no longer works.
We didn't explicitly configure it to require authentication, since it's not publicly exposed and only accessible internally, so not sure why it's requiring the password, or more importantly, how we can find out what it is or how to set/change it without using X-Pack security.
Will we end up needing to subscribe to X-Pack since we're trying to us it within a Kubernetes cluster?
Not sure how you are deploying Elasticseach in Kubernetes but we had a similar issue an ended passing this:
xpack.security.enabled=false
through the environment to the container.
If you don't use XPack at all you should use oss flavor of Elasticsearch. It includes only open source components of Elasticsearch:
docker pull docker.elastic.co/elasticsearch/elasticsearch-oss:6.4.2
The interesting thins is, Elastic have removed any mention of it in documentation since 6.3.
See:
Docker 6.2
Docker current
I'm trying to add a role based access control over Kibana to have different privileges and dashboards for different types of users and I found those projects:
Elastic Shield Plugin
Search Guard Kibana Multitenancy Module
Elasticsearch Read Only Rest Plugin
Kibana plugin Own Home
What I found is that:
Elastic Shield (now called X-Pack) is the best, but unfortunately it's only 30 days free trial.
search guard module is a little complicated and it does the job, but it's not for free for commercial use which isn't suitable for my case.
ReadonlyREST plugin allows you to define which user reads which data, and their Enterprise Kibana plugin (non-free) also allows you to assign kibana indices to groups or users.
Kibana Plugin Own Home is a workaround solution as it defines different kibana index for different user which isn't practical.
If you know any other projects or any workaround for the mentioned projects above that satisfies my requirements, I'd be so grateful.
Disclaimer: I work for floragunn, makers of Search Guard.
The only real way to separate dashboards and visualizations based on users/tenants is to place them in separate Kibana indices. This is what both Search Guard and Own Home does.
The reason for this is how Kibana works internally: Out of the box, Kibana will place all of these objects in one global Kibana index, shared by all users. Since Kibana itself has no notion of users, roles or tenants, the only way to do it is to intercept the calls to the Kibana index, and rewrite the index name based on the provided user/role information.
Search Guard does this directly on Elasticsearch level, so the tenant
dashboards are separated even if you access Elasticsearch directly.
Own Home does that on Kibana level, but the effect/outcome is
basically the same.
X-Pack does not have multi-tenancy for Kibana, so
there's no separation of dashboards, only access control on Elasticsearch. Same is true for ReadOnly Rest.
One other option you have is to use the Red Hat OpenShift platform. They have an Elasticsearch plugin that is integrated with the Community Edition of Search Guard, and their own Kibana multi-tenancy module. As far as I know, this plugin is completely free.
This use case is now completely supported by ReadonlyREST via the Enterprise Kibana plugin.
And it comes with a lot more multitenancy/multiuser related features:
Remove certain Kibana apps to certain users
RBAC for indices, tenancies
Read only users won't see "save", "delete", "add" buttons in the Kibana UI
I made a video months ago that shows how this looks like.
Disclaimer: I work at ReadonlyREST, happy to take questions! :-)
Open Distro for Elasticsearch is a very good opensource project for multitenancy configuration in kibana. But the problem is proper documentation is not available easily for the older versions.
Set up Multi-Tenant Kibana Access in Open Distro for Elasticsearch
Kibana multi-tenancy
We are using the combination of hadoop and elasticsearch on production. We'd like to use Kerberos to centralise the authentication.
Does Elastic Search support Kerberos? Or is there a plugin around for this?
Checkout Search Guard 2 plugin: https://github.com/floragunncom/search-guard
Advanced functionalities like LDAP and **Kerberos** authentication/authorization as well as DLS/FLS will be available soon as separate and commercial licensed add-ons (but still Open Source).
Elasticsearch 6.4+ supports Kerberos as part of the Elastic stack security features.
Currently, the Kerberos realm requires a platinum license to use.