Home > Others

Shield Installation and Configuration

Source: Internet
Author: User
Tags logstash
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Shield Installation and Configuration

Https://www.elastic.co/guide/en/shield/shield-1.3/introduction.html

First, Introduction

Shield is a plugin of elasticsearch, it can easily guarantee the security of your Elasticsearch cluster.

Features of the Shield:

1. User authentication

Cryptographic authentication for 2.SSL/TLS

3. Audit

Second, installation

The version of shield-1.3 I'm using

    1. Installing the Elasticsearch Cluster

    2. Shield need to be licese, we only have to install and use it on the offline machine.

A. Download License Https://download.elastic.co/elasticsearch/license/license-latest.zip

[[email protected] usr]# pwd/usr[[email protected] usr]# wget https://download.elastic.co/elasticsearch/license/license-latest.zip......

B. Download Shield Https://download.elastic.co/elasticsearch/shield/shield-latest.zip

[[email protected] usr]# pwd/usr[[email protected] usr]# wget https://download.elastic.co/elasticsearch/shield/shield-latest.zip......

C. installing license and shield

Note/usr/share/elasticsearch/is the protocol prefix for the local file for the Elasticsearch installation directory [[email protected] usr]#/usr/share/elasticsearch/bin/plugin-i License-u File:///usr/license-latest.zip...... [[email protected] usr]#/usr/share/elasticsearch/bin/plugin-i License-u File:///usr/shield-latest.zip... ... check: [[email protected] usr]# ll/usr/share/elasticsearch/plugins/... ..... Licenseshield... [[email protected] usr] # curl-xget ' = is inaccessible at this time and requires authentication ... First create an admin [[email protected] plugins]#/usr/share/elasticsearch/bin/shield/esusers useradd es_admin-r admin  ... [[email protected] usr] # curl-xget-u es_admin:{passwd} ' http://{ip}:9200/'

Third, message authentication (enable messages authentication)

Https://www.elastic.co/guide/en/shield/shield-1.3/enable-message-authentication.html

Message validation verifies that a message is being tampered with during transmission, etc.

1.生成key[[email protected] shield]# /usr/share/elasticsearch/bin/shield/syskeygen...会生成 ES_HOME/config/shield/system_key然后再elasticsearch.yml 中配置shield.system_key.file=2.复制key到其他各个节点上,各个节点必须相同

Iv. User authentication configuration (setting up user authentication)

In order to obtain restricted resource permissions, the user must provide the identity verification information. such as passwords.

1.esusers

is shield built in a way

Https://www.elastic.co/guide/en/shield/shield-1.3/esusers.html

Https://www.elastic.co/guide/en/shield/shield-1.3/_managing_users_in_an_esusers_realm.html

Add Users (Adding user) [[email protected] plugins]#/usr/share/elasticsearch/bin/shield/esusers Useradd test_1 will prompt you to enter the password, [[email protected] plugins]#/usr/share/elasticsearch/bin/shield/esusers useradd test-1-p test_1 This will create a user test_1 password is test_1[[         Email protected] plugins]# /usr/share/elasticsearch/bin/shield/esusers list# "userid": "Roleid" ... test_1 : -... The default role is-and does not have permissions, and later explains the role and permissions to modify the user password (managing user passwords) [[email protected] plugins]# /usr/share/elasticsearch /bin/shield/esusers passwd test-1-p test_1

2. Role-based access control

Https://www.elastic.co/guide/en/shield/shield-1.3/configuring-rbac.html

Define roles (defining Roles) Roles.yml[[email protected] shield]# pwd/etc/elasticsearch/shield[[email protected] shield]# lltotal 36-Rwxr-xr-x1Elasticsearch Elasticsearch1119Nov905:21stlogging.yml-RW-------1Elasticsearch Elasticsearch1119Nov906:28logging.yml.new-Rwxr-xr-x1Elasticsearch Elasticsearch473Nov905:21strole_mapping.yml-RW-------1Elasticsearch Elasticsearch473Nov906:28role_mapping.yml.new-Rwxr-xr-x1Elasticsearch Elasticsearch2634Nov1209:06Roles.yml = mappings of roles and permissions-RW-------1Elasticsearch Elasticsearch2699Nov906:28roles.yml.new-RW-------1Elasticsearch Elasticsearch128Nov1208:24system_key.new-Rwxr-xr-x1Elasticsearch Elasticsearch410Nov1209:02Users = User Information-RW-------1Elasticsearch Elasticsearch0Nov906:28users.new-Rwxr-xr-x1Elasticsearch Elasticsearch85Nov1209:02Users_roles = user-to-role mapping-rw------- 1 elasticsearch elasticsearch 0 Nov 9 : users_roles.ne W[[email protected] shield]# The default role is: Adminpower_useruser ...          
EG1: We create a user Test_logstash it can only access logstash-* indices1. Creating a role [[Email protected] shield]# vi  /etc/elasticsearch/shield/roles.yml ... ...logstash_user:  cluster: all  indices:      ' logstash-* ':  indices:data/read/search, indices:data/read/get,  indices:admin/get   =>  Read Permissions  ...  ... 2. Create user and execute role [[Email protected] shield]# / Usr/share/elasticsearch/bin/shield/esusers useradd test_logstash -p test_logstash -r  logstash_user ...  ... 3. web ui  or  terminate colonel, whether access to the logstash-* index, access to write, access to other

3. LDAP Authentication

Shield Installation and Configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
installation and configuration firewall installation and configuration web server installation and configuration tortoise svn installation and configuration pbx installation and configuration pdf linux server installation and configuration installation and configuration of php

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More