X-pack detailed

Enable and disable
Enabling and disabling the X-pack feature
By default, all X-pack features are enabled. You can enable or disable specific X-pack features elasticsearch.yml,kibana.yml and logstash.yml configuration files.
Setting description
Xpack.graph.enabled set to False disables the X-pack graphics feature.
Xpack.ml.enabled set to False disables the X-pack machine learning feature.
Xpack.monitoring.enabled set to False disables the X-pack monitoring feature.
Xpack.reporting.enabled set to False disables the X-pack reporting feature.
Xpack.security.enabled set to False disables the X-pack security feature.
Xpack.watcher.enabled set FALSE to disable the observer.

Run Bin/kibana-plugin in your Kibana installation directory.
Bin/kibana-plugin Install X-pack
The plugin install scripts require direct Internet access to download and install X-pack. If your server doesn ' t has Internet access, specify the location of the X-pack zip file so you downloaded to a Temporar Y directory.
Bin/kibana-plugin Install File:///path/to/file/x-pack-6.2.4.zip
The Kibana server needs to is able to write to files in the optimize directory. If you ' re using sudo or su, run the plugin installation as the built-in Kibana user. For example:
Sudo-u Kibana bin/kibana-plugin Install X-pack
For more information, see Installing Plugins.

Password
That is
Bin/x-pack/setup-passwords Auto
1
If you want to specify the password yourself, execute:
Bin/x-pack/setup-passwords Interactive

You can also use the shell terminal to manage:
To modify the password for the elastic user:
Curl-xput-u elastic ' localhost:9200/_xpack/security/user/elastic/_password '-d ' {
"Password": "123456"
}‘
To modify the password for the Kibana user:
Curl-xput-u elastic ' localhost:9200/_xpack/security/user/kibana/_password '-d ' {
"Password": "123456"
}‘
Create user groups and roles, create the owning user
Eg: Create a beats_admin user group that has all permissions on filebeat* and Manage,read,index permissions on. kibana*
Curl-xpost-u elastic ' localhost:9200/_xpack/security/role/beats_admin '-d ' {
"Indices": [
{
"Names": ["filebeat*"],
"Privileges": ["All"]
},
{
"Names": [". kibana*"],
"Privileges": ["Manage", "read", "index"]
}
]
}‘
Create Jockbeat user, password is jockbeat
Curl-xpost-u elastic ' localhost:9200/_xpack/security/user/jockbeat '-d ' {
"Password": "Jockbeat",
"Full_name": "Jock Beat",
"Email": "[email protected]",
"Roles": ["Beats_admin"]
}‘

1. Unzip the x-pack-6.2.3.zip into the Elasticsearch directory and find the X-pack-core-6.2.3.jar if the X-pack plugin can be installed in elasticsearch-6.2.3/plugins/ Found in the X-pack/x-pack-core/directory
2. Unzip the jar package and find the following two class files, using Luyten to Decompile
Org/elasticsearch/license/licenseverifier.class
Org/elasticsearch/xpack/core/xpackbuild.class
3. Copy the anti-compiled Java code into your IDE and create a pack with the same package name (you can create the following two files directly, omitting the second part)
(1) There are two static methods in Licenseverifier, this is the method to verify that the authorization file is valid, we modify it to return true.
# Cat Licenseverifier.java
Package org.elasticsearch.license;

Import java.nio.*;
Import java.util.*;
Import java.security.*;
Import org.elasticsearch.common.xcontent.*;
Import org.apache.lucene.util.*;
Import org.elasticsearch.common.io.*;
Import java.io.*;

public class Licenseverifier
{
public static Boolean Verifylicense (Final License License, final byte[] encryptedpublickeydata) {
return true;
}
public static Boolean Verifylicense (final License License) {
return true;
}
}
(2) The part of the try in the last static code block in Xpackbuild is removed, which verifies that the jar package has been modified
# Cat Xpackbuild.java
Package Org.elasticsearch.xpack.core;
Import org.elasticsearch.common.io.*;
Import java.net.*;
Import org.elasticsearch.common.*;
Import java.nio.file.*;
Import java.io.*;
Import java.util.jar.*;
public class Xpackbuild
{
public static final Xpackbuild current;
Private String Shorthash;
Private String date;
@SuppressForbidden (reason = "looks up path of Xpack.jar directly")
Static Path Getelasticsearchcodebase () {
Final URL url = XPackBuild.class.getProtectionDomain (). Getcodesource (). GetLocation ();
try {
Return Pathutils.get (Url.touri ());
}
catch (urisyntaxexception bogus) {
throw new runtimeexception (bogus);
}
}
Xpackbuild (Final string shorthash, final string date) {
This.shorthash = Shorthash;
This.date = date;
}
Public String Shorthash () {
return this.shorthash;
}
Public String Date () {
return this.date;
}
static {
Final path Path = Getelasticsearchcodebase ();
String shorthash = null;
String date = null;
label_0157: {
Shorthash = "Unknown";
Date = "Unknown";
}
Current = new Xpackbuild (shorthash, date);
}
}4. Compiling these two files
We do not need to compile the entire project, only need to compile these two files, so to add dependencies to Classpath, the dependency also changes with the previous, only need to x-pack the package itself, now need to introduce Elasticsearch 6.2.3 in the Lib directory under the jar package and X-pack-core-6.2.3.jar itself
JAVAC-CP "/usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-6.2.3.jar:/usr/local/elk/elasticsearch-6.2.3/lib /lucene-core-7.2.1.jar:/usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/x-pack-core-6.2.3.jar " Licenseverifier.java
JAVAC-CP "/usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-6.2.3.jar:/usr/local/elk/elasticsearch-6.2.3/lib /lucene-core-7.2.1.jar:/usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/x-pack-core-6.2.3.jar:/ Usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-core-6.2.3.jar "Xpackbuild.java
1
2
5. Replace the original class file with the two re-compiled class file and then re-hit the jar package
JAR-CVF X-pack-core-6.2.3.jar./*
1
6. Replace the cracked X-pack-core-6.2.3.jar with the original jar package in the Elasticsearch-6.2.3/plugins/x-pack/x-pack-core/directory.
7. Update License:
Go to the official website to apply for free license, will send an email to you to download;
Rename the downloaded file to License.json and make the following modifications:
' Type ': ' Platinum ' #白金版
"Expiry_date_in_millis": 2524579200999 #截止日期 2050
or upload the license file to the server via the command import:
Curl-xput-u elastic ' http://192.168.20.101:9200/_xpack/license '-h ' content-type:application/json '-D @license. JSON
Or
Curl-xput-u elastic ' http://192.168.20.60:9200/_xpack/license?acknowledge=true '-h ' content-type:application/json ' -D @license. JSON
Attention:
Security authentication is turned on by default in Elasticsearch 6.2.4, we temporarily modify the configuration file to facilitate the import of our own files
Add the configuration in Elasticsearch.yml
Xpack.security.enabled:false

X-pack detailed