IMPLEMENTING ELASTICSEARCH

Implementing Security in Elasticsearch OSS Distribution using Open Distro Security Plugin

Arun Kumar Singh
May 1 · 6 min read

What is Open Distro for Elasticsearch?

Why it is in news?

From https://www.elastic.co/

Open Distro for Elasticsearch Security Plugin?

What we are going to do in this post?

Let’s start!

$ cat elasticsearch.yml
network.host: 0.0.0.0
node.data: true
node.master: true
node.ingest: false
discovery.seed_hosts: ["127.0.0.1", "[::1]"]
cluster.name: es_cluster
node.name: elkstack
cluster.initial_master_nodes: ["elkstack"]

$ sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro-security-1.13.1.0.zip
$ ./elasticsearch-plugin list -v
Plugins directory: /home/arun/elasticsearch/elasticsearch-7.10.2/plugins
opendistro_security
- Plugin information:
Name: opendistro_security
Description: Provide access control related features for Elasticsearch 7
Version: 1.13.1.0
Elasticsearch Version: 7.10.2
Java Version: 1.8
Native Controller: false
Extended Plugins: []
* Classname: com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ lsaudit_config_migrater.bat  hash.bat  install_demo_configuration.sh  securityadmin.sh
audit_config_migrater.sh hash.sh securityadmin.bat
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ sudo chmod 775 install_demo_configuration.sh 
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ sudo ./install_demo_configuration.sh
######## Start OpenDistro for Elasticsearch Security Demo Configuration ######### WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: false
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
opendistro_security.system_indices.enabled: true
opendistro_security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
$ bin/kibana-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistroSecurityKibana-1.13.0.1.zip
arun@controller:~/elasticsearch-oss/kibana-7.10.2-linux-x86_64$ bin/kibana-plugin list
opendistroSecurityKibana@1.13.0.1
$ cat kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.ssl.verificationMode: none
elasticsearch.username: admin
elasticsearch.password: admin
Kibana Login using Open Distro Security

What if I don't want to use the default demo configuration?

How can I update the default admin password?

export JAVA_HOME=/usr/share/elasticsearch/jdk
export PATH=$PATH:JAVA_HOME=/usr/share/elasticsearch/jdk/bin
cd /usr/share/elasticsearch/plugins/opendistro_security/tools
chmod 775 hash.sh
./hash.sh -p NewPassword

CodeX

Everything connected with Tech & Code

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store