Use of Shield 2.0+ with Elasticsearch and Kibana

Both the ELK and Shield 2.0+ are installed on 10.100.100.60 server 1, Elasticsearch installed on Shieldbin/plugin installation licensebin/plugin install SHIELD2, run E Lasticsearchbin/elasticsearch3, add an Admin user bin/shield/esusers useradd es_admin-r admin Enter password 123456 login es_admin 123456, You can see all the INDICES4, test whether users write to the page login http://10.100.100.60:9200/need to enter the user name and password es_admin 1234565, to Kibana Write shield Reference official web page https:// Www.elastic.co/guide/en/shield/current/kibana.htmlcurl-u Es_admin-xpost ' http://10.100.100.60:9200/_shield/user/ Kibana-server '-d ' {"Password": "123456", "Roles": ["Kibana4_server"]}} ' return {"user": {"created": true}} Modify the Kibana configuration file:/ Config/kibana.yml.elasticsearch.username: "Kibana4-server" Elasticsearch.password: "123456" modified roles.yml/data/ Elasticsearch/config/shield/roles.yml join Kibana_redis role, only give Logstash-redis-input Read permission,. Kibana Read and write administrative rights Kibana_redis: Cluster:-Monitor indices:-Names: ' logstash-redis-input-* ' privileges:-view_index_metadata-read-names: '. kibana* ' Privileges:-Manage-read-index 6, add a user Es_kibana to the role KiBAna_redisbin/shield/esusers useradd es_kibana-r kibana_redis Enter password 123456 browser run Http://10.100.100.60:9200/_plugin/head /Enter Es_kibana 123456 Login For example, only the indices of logstash-redis-input-* and. Kibana can see the data, and none of the others have  7, Kibana roles given to login Info curl-u es_kibana-xpost ' http://10.100.100.60:9200/_shield/user/kibana-server '-d ' {"Password": "123456", "Roles": [ "Kibana_redis"}} ' failed error: {"error": {"Root_cause": [{"Type": "Security_exception", "Reason": "Unable to authenticate user [Es_kibana] for REST request [/_shield/user/kibana-server] "," header ": {" www-authenticate ":" Basic realm=\ "shield\" "}} ], "type": "Security_exception", "Reason": "Unable to authenticate user [Es_kibana] for REST request [/_shield/user/ Kibana-server] "," header ": {" www-authenticate ":" Basic realm=\ "shield\" "}}," Status ":401}  modify user again after users are Es_ Kibanacurl-u es_kibana-xpost ' Http://10.100.100.60:9200/_shield/user/es_kibana '-d ' {"Password": "123456", "Roles": [ "Kibana_redis"}} '   returned {"User": {"created": true}} successfully   &nbSp;8, login Kibana browser run http://10.100.100.60:5601/login Es_kibana 123456 For example, only click Logstash-redis-input-*, there will be data (Figure 8-1), the other (Figure 8-2) , the error figure 8-1 Figure 8-2 is attached to the official website explanation: with Shield installed, if you load a Kibana dashboard that accesses the data in an index that is not Authorized to view, you get a error that indicates the index does not exist. Kibana and Shield do not currently provide a-to control which users can load which dashboards. Install Shield If you load a Kibana instrument Dial, you are not authorized to access the data index, view, you get an error that indicates that the indices does not exist. Kibana and shield currently do not provide a way to control which dashboards the user can load.  

Shield 2.0+ for use with Elasticsearch and Kibana