John Siu Blog

Tech - Business Tool, Personal Toys

Elastic Stack / ELK X-Pack Basic Authentication

☰ Table of Content

Enable Elastic Stack / ELK X-Pack Basic Authentication in Ubuntu.

Instructions/paths here assume Elastic Stack is installed with official 7.x repository. See previous post.


Stop Filebeat / Kibana

Once authentication is enable, all services will need to authenticate with elasticsearch. Stop them until all configurations are done.

1
systemctl stop elasticsearch filebeat kibana

Configure Elasticsearch

Add following to end of /etc/elasticsearch/elasticsearch.yml:

1
2
xpack.security.enabled: true
xpack.security.authc.accept_default_password: false

Start Elasticsearch

Start elasticsearch to enable X-Pack authentication:

1
systemctl start elasticsearch

Setup Password

You may have to wait a minute or two for elasticsearch to be fully up.

Run /usr/share/elasticsearch/bin/elasticsearch-setup-passwords with option interactive:

1
2
cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords interactive

Output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Configure Filebeat / Kibana

/etc/kibana/kibana.yml

Add following at end of file:

1
2
3
xpack.security.encryptionKey: "<32 random characters here>"
# sessionTimeout in msec.
xpack.security.sessionTimeout: 900000

Search elasticsearch.username and uncomment:

1
2
elasticsearch.username: "kibana"
elasticsearch.password: "<your password>"

/etc/filebeat/filebeat.yml

Search output.elasticsearch, below protocol, add or uncomment as follow:

1
2
3
4
  # Optional protocol and basic auth credentials.
  #protocol: "http"
  username: "elastic"
  password: "<your password>"

Start FileBeat / Kibana

1
systemctl start filebeat kibana

Login Kibana

Kibana site should show login page. Login using elastic and password. You can create more users in the Management -> Security.

John Siu
Update: 2019-09-01
comments powered by Disqus