【ELK】为elastic stack设置基础安全

【ELK】为elastic stack设置基础安全

本文中Elasticsearch安装在/data/elasticsearch/目录下，另外需要在/data/elasticsearch/config/目录下新建certs目录。

# 生成CA证书
/data/elasticsearch/bin/elasticsearch-certutil ca -out /data/elasticsearch/config/certs/elastic-stack-ca.p12
 
# 生成证书密钥
/data/elasticsearch/bin/elasticsearch-certutil cert --ca /data/elasticsearch/config/certs/elastic-stack-ca.p12 -out /data/elasticsearch/config/certs/elastic-certificates.p12

# 增加xpack配置
vi /data/elasticsearch/config/elasticsearch.yml
-------每一行前面都要保留一个空格，否则会启动报错失败------------
 xpack.security.enabled: true
 xpack.license.self_generated.type: basic
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: certificate
 xpack.security.transport.ssl.client_authentication: required
 xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

# 重新启动Elastic
/data/elasticsearch/bin/elasticsearch -d

# 创建用户密码（elastic、apm_system、kibana_system、logstash_system、beats_system、remote_monitoring_user）
# /data/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana_system]: 
Reenter password for [kibana_system]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

这时再访问 http://192.168.223.101:9200/，会d出登录框，输入刚才为elastic用户设置的用户密码即可完成登录。

另外，在Kibana和filebeat的配置文件中，需要将配置指定用户的密码。

参考：

Set up basic security for the Elastic Stack | Elasticsearch Guide [7.16] | Elastic