Reference content： http://kibana.logstash.es/content/elasticsearch/auth/searchguard-2.html https://groups.google.com/forum/#! forum/search-guard https://github.com/floragunncom/search-guard This article is based on the following software versions, different versions may have slightly differences: elasticsearch 2.3.3 search-guard 2.3.3 RC1 0x00 background Elasticsearch is based on Lucene to build the open source,distributed,RESTful search engine, widely used in a variety of scenarios, with the continuous development, will inevitably create security problems, some of the harm is relatively large vulnerabilities such as CVE-2 0 1 5-3 3 3 7, CVE-2 0 1 5-5 5 3 to 1. In the face of these vulnerabilities, including 0day threats, as well as multi-service use using the same es cluster, the use of a set of authentication and authorization system is particularly necessary. After es1 generation to generation 2 products, the excessive, the current mainstream solution is the only official shield and open-source search-guard, however, I plant the comparison of the buckle. 0x01 search-guard search-guard updated to 2. x followed by the shield configuration is very similar, compared to 1. x version logic more loosely. searchguard advantages are: Between the nodes via the SSL/TLS transport Support JDK SSL and Open SSL Supports hot-loaded, No need to restart the service Support kibana4 and logstash configuration You can control different user access with different permissions Simple configuration 0x02 installation Install search-guard-ssl
sudo bin/plugin install-b com. floragunn/search-guard-ssl/126.96.36.199 Install search-guard-2
sudo bin/plugin install-b com. floragunn/search-guard-2/2. 3. 3. 0-rc1 0x03 certificate According to their own circumstances to modify the official script to generate the admin certificate, and node certificates, the root certificate, the node certificate and the root certificate placed in the elasticsearch configuration file directory, and the admin certificate and the root certificate into the search-guard configuration file directory tips: the certificate of need for a unified generation 0x04 configure elasticsearch to support ssl elasticsearch. yml add the following configuration:
security. manager. enabled: false searchguard. authcz. admin_dn: - "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard. audit. type: internal_elasticsearch