ELK 7.4.2 配置x-pack开启用户认证

X-Pack是一个Elastic Stack的扩展,将安全,警报,监视,报告和图形功能包含在一个易于安装的软件包中。ELK 6.8 以上版本已经全面集成x-pack不需要单独安装,其中最关键的一点是ES和Kibana的安全认证功能可以直接使用了,下面是开启配置步骤

Elasticsearch开启安全认证

编辑elasticsearch.yml配置文件增加如下配置即可

xpack.security.enabled: true
xpack.license.self_generated.type: basic

设置密码

# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Logstash增加elasticsearch的账号密码

# vim /etc/logstash/conf.d/logstash.conf
input {
  beats {
    port => 514
  }
}
 
output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
    hosts => ["192.168.1.2:9200","192.168.1.3:9200","192.168.1.4:9200"]
    user => "elastic"
    password => "123456"
  }
}

Kibana增加elasticsearch的账号密码

# vim /etc/kibana/kibana.yml
elasticsearch.username: "elastic"
elasticsearch.password: "123456"

依次启动Elastic、Logstash、Kiban服务即可。