I need to apply google oauth on kibana for security purpose.
You'll probably need to write a plugin for Kibana, this article goes in some details on how to accomplish that, the catch with this approach is that you'll need x-pack(which is a paid product) to accomplish that as described there, but it's also possible to write a plugin without x-pack anyway, just some extra work.
Other option, where you won't need x-pack would be to have a reverse proxy in front of your kibana where you can implement the oauth and you could configure that kibana only accepts requests from that rev-proxy.
Related
I'm installing ELK stack for my company, my cousin uses it for his company too, he's a programmer so I asked him if he bought the Xpack, he says no since the mysql logs he processes aren't of value. I know that I can buy XPack or use Nginx to add authentication, but let's assume that I won't do any authentication, like many elastic users, I have a couple of questions about that scenario.
So I have filebeat that ships MySQL logs to logstash, which feeds them to Elastic search and analytics is done in Kibana.
How to make sure that no information of value end up in the logs while still having meaningful analytics. My company develops an ERP, and has many companies as customers, so at the very least, you'll have the company ID and the user ID in the logs in order to have any meaningful data, isn't this considered sensitive data?
How to make sure that no unauthorized user send a Post request to elastic search or access Kibana? Do you run them locally, not on the internet?
Do you filter the logs of any sensitive before sending it to Filebeat?
I'm just trying to understand how many users manage to run ELK without authentication, while still being able to get meaningful data.
.
How to make sure that no information of value end up in the logs while still having meaningful analytics. My company develops an ERP, and has many companies as customers, so at the very least, you'll have the company ID and the user ID in the logs in order to have any meaningful data, isn't this considered sensitive data?
If you don't want sensitive data stored in your elasticsearch you need to filter it out or anonymize it, for example, you can use a logstash filter to create a fingerprint combining the company id and user id fields, or you can remove any field with sensitive data from your message.
How to make sure that no unauthorized user send a Post request to elastic search or access Kibana? Do you run them locally, not on the internet?
Without authentication this is almost impossible, you will need full control of who knows about your elasticsearch instance and who can access it, if someone besides you has access, they can send requests to your instance, to avoid that you can use a firewall on your servers and only allow access to specific IPs.
Even if you take some precautions, running a Elasticsearch instance in production without any kind of access control is not recommended and is very risky.
You should use an access control method, it could be X-Pack, NGINX or a plugin like Search Guard.
Please check out Search Guard (https://search-guard.com/). The basic version (which is sufficient for most use cases and definitely better than nothing) is free and open source (Apache 2 License).
Disclaimer: I work for Search Guard/floragunn GmbH
If you need to grant some access / privilege, you can use grafana instead of kibana for free.
For ES access, this is like any DB security. Configure your server to allow only some IPs on 9200 and 9300.
You can also look at: https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin to secure delete query (still free).
Question1: Is there way to achieve free read-only access to Kibana?
Question2: Is there way to achieve free OAuth login to Kibana?
Already everyone who have link to my Kibana have all accesses too. What I need is give some users read-only access.
I use docker ELK stack from: https://github.com/deviantony/docker-elk
I know that X-Pack have those features but it is paid.
Best free tool you can use is probably https://github.com/floragunncom/search-guard but free version offers only basic auth.
I want to create an web app and embed Kibana dashboards. I can export their URLs and embed them in my web application but how can I secure these URLs? Take into account that I don't want to use the x-pack plugin.
I assume you mean dashboards with dashes?
While Kibana is mainly for the internal use, you could create a readonly user for anonymous access for your dashboards, though you will need some security plugin like X-Pack to enforce it.
Generally you should create a custom visualization with D3.js or whatever you want. Exposing Kibana is not really ideal in most cases.
I am currently using the Java Google Cloud Client for Compute Engine. I was able to successfully create a Network. Is it possible to programatically create a new firewall rule (given source, protocol, port, tags, etc)? It seems this is possible using gcloud command line, but I'd like to know how to do this via API. I've looked through all of the documentation but can't seem to find anything related to this. In addition, how can I tie the firewall rule to a specific Network? Thanks!
Sure, see the API reference, at the bottom it has examples for a variety of languages:
https://cloud.google.com/compute/docs/reference/latest/firewalls/insert
Note that if we can do something with gcloud, we can always do it with REST API (and its language bindings), gcloud is just a command line wrapper for the API. If you add --log-http flag in the command, it will show you the HTTP details.
I've setup an ELK (Elasticsearch, Logstash and Kibana) stack and created some Kibana dashboard widgets. So far everything went amazing. Now I want to send daily and weekly email with the generated reports.
What is the best way to do that. Do I need to install any plugin or I can sent it right from Kibana?
You can use ElastAlert. You will be able to mail a link with the Kibana dashboard with only the data of the period you want. The period parameter in the top right corner will be set automatically in Kibana.
There are some workarounds, such as phantomjs but not straightforward to implement. For specific events and Kibana queries there are alerting mechanisms available (Watcher, Logz.io), but I'm guessing you're looking to receive the entire dashboard by email.
There are two out-of-the box options for sending email reports from Kibana dashboard:
Skedler which allows you to schedule and send automated email reports based on your Kibana dashboard or search.
If you have Elasticsearch license/subscription, then you can use the reporting plugin.
Hope it helps.
You can use Sentinl that extends Kibana for Alerting and Reporting functionality to monitor, notify and report on data series changes using standard queries, programmable validators and a variety of configurable actions - Think of it as a free an independent "Watcher" which also has scheduled "Reporting" capabilities (PNG/PDFs snapshots).
The greatest thing about Sentinl is you can easily configure alerts through it's native App interface integrated in Kibana.