Implementing Security in Elasticsearch OSS Distribution using Open Distro Security Plugin

Arun Kumar Singh
May 1 · 6 min read

What is Open Distro for Elasticsearch?

Why it is in news?


Open Distro for Elasticsearch Security Plugin?

What we are going to do in this post?

Let’s start!

$ cat elasticsearch.yml true
node.master: true
node.ingest: false
discovery.seed_hosts: ["", "[::1]"] es_cluster elkstack
cluster.initial_master_nodes: ["elkstack"]

$ sudo bin/elasticsearch-plugin install
$ ./elasticsearch-plugin list -v
Plugins directory: /home/arun/elasticsearch/elasticsearch-7.10.2/plugins
- Plugin information:
Name: opendistro_security
Description: Provide access control related features for Elasticsearch 7
Elasticsearch Version: 7.10.2
Java Version: 1.8
Native Controller: false
Extended Plugins: []
* Classname:
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ lsaudit_config_migrater.bat  hash.bat securityadmin.bat
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ sudo chmod 775 
arun@controller:~/elasticsearch-oss/elasticsearch-7.10.2/plugins/opendistro_security/tools$ sudo ./
######## Start OpenDistro for Elasticsearch Security Demo Configuration ######### WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: false
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
- CN=kirk,OU=client,O=client,L=test, C=de
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
opendistro_security.system_indices.enabled: true
opendistro_security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
$ bin/kibana-plugin install
arun@controller:~/elasticsearch-oss/kibana-7.10.2-linux-x86_64$ bin/kibana-plugin list
$ cat kibana.yml ""
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.ssl.verificationMode: none
elasticsearch.username: admin
elasticsearch.password: admin
Kibana Login using Open Distro Security

What if I don't want to use the default demo configuration?

How can I update the default admin password?

export JAVA_HOME=/usr/share/elasticsearch/jdk
export PATH=$PATH:JAVA_HOME=/usr/share/elasticsearch/jdk/bin
cd /usr/share/elasticsearch/plugins/opendistro_security/tools
chmod 775
./ -p NewPassword


Everything connected with Tech & Code

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store