0% found this document useful (0 votes)
16 views3 pages

What Is Elasticsearch

Uploaded by

demy2014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
16 views3 pages

What Is Elasticsearch

Uploaded by

demy2014
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Step 1: Install Elasticsearch (/etc/elasticsearch/jvm.

option # TLS/SSL settings for HTTP


and Basic Configuration s), typically to 50% of the layer
server's memory:
1.1 Download and Install xpack.security.http.ssl.enable
Elasticsearch -Xms4g d: true

 Download and install -Xmx4g xpack.security.http.ssl.key:


Elasticsearch on your /path/to/http.key
server (use the latest
version): xpack.security.http.ssl.certific
Step 2: Set up Security ate: /path/to/http.crt
# Download and install (TLS/SSL, RBAC)
Elasticsearch (assuming you xpack.security.http.ssl.certific
2.1 Enable TLS/SSL for ate_authorities: /path/to/ca.crt
use Ubuntu/Debian)
Transport and HTTP Layer
wget (Open-Source and X-Pack)
https://artifacts.elastic.co/dow
 First, generate
nloads/elasticsearch/elasticse
certificates using the
arch-8.10.0-amd64.deb
Elasticsearch-certutil
sudo dpkg -i elasticsearch- tool:
8.10.0-amd64.deb
cd 2.2 Set Up User
 Start and enable /usr/share/elasticsearch/bin/ Authentication and Role-
Elasticsearch Based Access Control
./elasticsearch-certutil ca
service: (RBAC) (X-Pack)
./elasticsearch-certutil cert --
sudo systemctl enable  Enable security and
ca elastic-stack-ca.p12
elasticsearch user authentication in
 Move the generated elasticsearch.yml:
sudo systemctl start
certificates to a
elasticsearch xpack.security.enabled: true
secure directory and
1.2 Basic Configuration modify  Restart Elasticsearch
elasticsearch.yml to to enable security.
 Update the enable TLS
elasticsearch.yml encryption:  Add users and roles
configuration file using the
located in # TLS/SSL settings for Elasticsearch API:
/etc/elasticsearch/ela transport layer
# Create a role with restricted
sticsearch.yml.
xpack.security.transport.ssl.e access to logs index
Key settings: nabled: true
PUT
cluster.name: my-secure- xpack.security.transport.ssl.v /_security/role/log_reader
cluster erification_mode: certificate
{
node.name: node-1 xpack.security.transport.ssl.k
ey: /path/to/your.key "cluster": ["monitor"],
network.host: 0.0.0.0 #
xpack.security.transport.ssl.c "indices": [
Adjust this based on your
network settings ertificate: /path/to/your.crt
{
http.port: 9200 xpack.security.transport.ssl.c
"names": ["logs-*"],
ertificate_authorities:
You should also increase /path/to/ca.crt "privileges": ["read"]
JVM heap size
}
]  Navigate to the
"Monitoring" section
} Step 3: Set up Monitoring in Kibana.
with Elasticsearch and
Kibana  You can see cluster
# Create a user and assign metrics, node usage,
3.1 Install and Configure index statistics, etc.
the role
Kibana
POST /_security/user/analyst
 Download and install
{ Kibana on your
server:
"password": "password123",
wget
"roles": ["log_reader"], https://artifacts.elastic.co/dow
nloads/kibana/kibana-8.10.0-
"full_name": "Log Analyst"
amd64.deb
}
sudo dpkg -i kibana-8.10.0-
2.3 Enable API Key amd64.deb
Authentication (Optional, X-
 Start Kibana and Step 4: Enable Application
Pack)
modify kibana.yml Performance Monitoring
 Create API keys to configuration to (APM) (X-Pack)
allow services or connect to your
4.1 Install APM Server
users to interact with Elasticsearch
the cluster: instance:  Install the APM
server:
POST /_security/api_key server.port: 5601
wget
{ elasticsearch.hosts:
https://artifacts.elastic.co/dow
["https://localhost:9200"]
"name": "monitoring-key", nloads/apm-server/apm-
elasticsearch.username: server-8.10.0-amd64.deb
"expiration": "1d", "kibana_system"
sudo dpkg -i apm-server-
"role_descriptors": { elasticsearch.password: 8.10.0-amd64.deb
"monitoring": { "your-password"
 Configure the APM
"cluster": ["monitor"], server.ssl.enabled: true server to connect
with Elasticsearch:
"index": [ server.ssl.certificate:
/path/to/your.crt apm-server:
{ host: "0.0.0.0:8200"
server.ssl.key:
"names": ["metrics-*"], /path/to/your.key output.elasticsearch:
hosts:
"privileges": ["read"]  Enable monitoring of ["https://localhost:9200"]
Elasticsearch nodes username: "elastic"
} and indices: password: "your-password"
] ssl.certificate_authorities:
xpack.monitoring.collection.e ["/path/to/ca.crt"]
} nabled: true  Start the APM server:

} 3.2 Enable Monitoring and sudo systemctl start apm-


Visualize Metrics server
}
4.2 Instrument Your "actions": {  Enable audit logging
Applications "delete": {} to track all user
actions and access
 Add the APM agent } logs:
to your application
}
(e.g., Python, Java, xpack.security.audit.enabled:
Node.js) and send } true
performance data to }
the APM server. xpack.security.audit.logfile.ev
} ents.include:
# Example for Node.js [ "access_denied",
 Assign this policy to
"authentication_failed" ]
npm install elastic-apm-node indices:
--save 6.2 Field and Document
PUT /logs-*/_settings
Level Security (X-Pack)
 View performance {
data in Kibana under  Restrict access to
the APM section. "index.lifecycle.name": specific fields and
"log_policy" documents for users:
} PUT
Step 5: Data Management /_security/role/restricted_logs
5.2 Snapshot and Backup
and Index Lifecycle {
Data (X-Pack)
Management (ILM) "indices": [
 Set up snapshots to {
5.1 Set up Index Lifecycle "names": ["logs-*"],
periodically back up
Policies (Open-Source and "privileges": ["read"],
data:
X-Pack) "field_security": {
# Register a snapshot "grant": ["timestamp",
 Define policies that repository "message"]
automatically PUT /_snapshot/my_backup }
manage index { }
retention, rollover, "type": "fs", ]
and deletion: "settings": { }
"location": 6.3 IP Filtering
PUT _ilm/policy/log_policy "/mount/backups"
}  Limit access to
{
} Elasticsearch based
"policy": { on IP addresses:
"phases": { # Take a snapshot
PUT xpack.security.transport.filter.
"hot": { /_snapshot/my_backup/snaps allow: "192.168.0.0/24"
"actions": { hot_1 xpack.security.transport.filter.
{
"rollover": { deny: "0.0.0.0/0"
"indices": "logs-*",
"max_size": "50gb", "ignore_unavailable": true,
"include_global_state": false
"max_age": "30d" }
}
}
},
Step 6: Implement Security
"delete": { Best Practices
"min_age": "90d", 6.1 Audit Logging (X-Pack)

You might also like