Enable Basic Authentication on Elastic Stack

Enable Basic Authentication pada Elastic Stack

  • Secara default basic security untuk ELK stack license basic tidak aktif
  • Stop service kibana dan elasticsearch
systemctl stop kibana elasticsearch
  • Aktifkan basic security pada elasticsearch
  • Start service elasticsearch
sed -i.bak '$ a xpack.security.enabled: true' /etc/elasticsearch/elasticsearch.yml
systemctl start elasticsearch
  • Generate password elastic stack
  • Fokus ke user kibana_system dan elastic
echo "y" | /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
--<output>--
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.

Changed password for user apm_system
PASSWORD apm_system = pz8V0JzyHyY68v3t88d4

Changed password for user kibana_system
PASSWORD kibana_system = 0axu9JZHMRsFQtYpmVWX

Changed password for user kibana
PASSWORD kibana = 0axu9JZHMRsFQtYpmVWX

Changed password for user logstash_system
PASSWORD logstash_system = GCHSNkXf2CydI9LkvgKh

Changed password for user beats_system
PASSWORD beats_system = 19xoEYmQw2ptJwR93w5O

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = YVzIUVv5Qw04l8GRlMsC

Changed password for user elastic
PASSWORD elastic = OIN88NAGZCrTgrAtsDLD
  • Aktifkan username kibana_system pada file konfigurasi kibana.yml
sed -i.bak '/\.username/s/^#//' /etc/kibana/kibana.yml
  • Overwrite kibana-keystore dan masukan password untuk elasticsearch agar dapat terhubung dengan kibana. Cari password untuk user kibana_system
  • Changed password for user kibana_system
  • PASSWORD kibana_system = 0axu9JZHMRsFQtYpmVWX
/usr/share/kibana/bin/kibana-keystore create
--<output>--
A Kibana keystore already exists. Overwrite? [y/N] y
Created Kibana keystore in /etc/kibana/kibana.keystore
----------------------------------------------------------------
/usr/share/kibana/bin/kibana-keystore add elasticsearch.password
--<output>--
Enter value for elasticsearch.password: ********************
  • Start service kibana
systemctl start kibana
  • Akses kembali elastic web interface
  • Changed password for user elastic
  • PASSWORD elastic = OIN88NAGZCrTgrAtsDLD
  • Menambahkan user baru dengan role admin/superuser
/usr/share/elasticsearch/bin/elasticsearch-users useradd sys-ops -r superuser

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.