Elastic Stack / ELK X-Pack Basic Authentication
Table of Contents
Enable Elastic Stack / ELK X-Pack Basic Authentication in Ubuntu.
Instructions/paths here assume Elastic Stack is installed with official 7.x repository. See previous post.
Stop Filebeat / Kibana
Once authentication is enable, all services will need to authenticate with elasticsearch. Stop them until all configurations are done.
systemctl stop elasticsearch filebeat kibana
Add following to end of
xpack.security.enabled: true xpack.security.authc.accept_default_password: false
Start elasticsearch to enable X-Pack authentication:
systemctl start elasticsearch
You may have to wait a minute or two for elasticsearch to be fully up.
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords with option
cd /usr/share/elasticsearch/bin ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
Configure Filebeat / Kibana
Add following at end of file:
xpack.security.encryptionKey: "<32 random characters here>" # sessionTimeout in msec. xpack.security.sessionTimeout: 900000
elasticsearch.username and uncomment:
elasticsearch.username: "kibana" elasticsearch.password: "<your password>"
protocol, add or uncomment as follow:
# Optional protocol and basic auth credentials. #protocol: "http" username: "elastic" password: "<your password>"
Start FileBeat / Kibana
systemctl start filebeat kibana
Kibana site should show login page. Login using
elastic and password. You can create more users in the Management -> Security.