Activating the Minimal Security of SEAL Elastick Stack¶
If you whish to activate the minimal security level of SEAL Elastic Stack, follow the instructions below.
Stopping All Services of SEAL Elastic Stack¶
-
On the PLOSSYS 5 server, stop Filebeat:
sudo systemctl stop seal-filebeat
-
On the PLOSSYS 4 server, stop Filebeat:
sudo systemctl stop seal-p4-accounting-filebeat
-
On the management server, stop Elasticsearch and Kibana:
sudo systemctl stop seal-elasticsearch
sudo systemctl stop seal-kibana
Configuring Elasticsearch¶
-
In an editor, open the following configuration file:
sudo vi /opt/seal/etc/seal-elasticsearch/elasticsearch.yml
-
Add or adjust the following lines:
xpack.security.enabled: true discovery.type: single-node
-
Restart Elasticsearch:
sudo systemctl start seal-elasticsearch
-
Interactively set the passwords:
sudo ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-setup-passwords interactive
Caution - identical passwords
Use identical password for the following systems: - apm_system - kibana_system - logstash_system - beats_system - remote_monitoring_user
You will need the
kibana_system
password in the next step.Caution - execution only once
You can execute the above command to set the passwords only once. If you need to execute it again, you have to specify the
bootstrap.password
key asseal
user in the Elasticsearch keystore:sudo -u seal ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-keystore add bootstrap.password
Here you have to enter the current password for the
elastic
user.Take care, you can have the current bootstrap password displayed with the following command:
sudo -u seal ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-keystore show bootstrap.password
Therefore, if you use the bootstrap password, we strongly recommend you either protect the Elasticsearch keystore with a password or delete the bootstrap password afterwards:
sudo -u seal ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-keystore remove bootstrap.password
Configuring Kibana¶
-
In an editor, open the following configuration file:
sudo vi /opt/seal/etc/kibana.yml
-
Add or adjust the following lines:
elasticsearch.username: "kibana_system" elasticsearch.password: "Pa$$w0rd"
Replace
Pa$$w0rd
by your real password. -
Restart Kibana:
sudo systemctl start seal-kibana
Hint - separate Kibana users
If you log on to the Kibana user interface, the elastic
user is used by default.
You may define a separate user for the Kibana user interface. For details on this, refer to the original documentation of the software producer:
Alternative: Using Kibana Keystore to Manage Passwords for Kibana¶
-
Create the Kibana keystore, if necessary:
sudo -u seal KBN_PATH_CONF=/opt/seal/etc /opt/seal/seal-kibana/bin/kibana-keystore create
-
As
seal
user add the corresponding password under the keyelasticsearch.password
to the kibana keystore:sudo -u seal KBN_PATH_CONF=/opt/seal/etc /opt/seal/seal-kibana/bin/kibana-keystore add elasticsearch.password
According to the above example, you would specify
Pa$$w0rd
here in the command line.You can have the current keys without their current values listed with the following command:
sudo -u seal KBN_PATH_CONF=/opt/seal/etc /opt/seal/seal-kibana/bin/kibana-keystore list elasticsearch.password
Configuring Filebeat¶
-
In an editor, open the following configuration file:
sudo vi /opt/seal/etc/filebeat.yml
-
Add or adjust the following lines:
output.elasticsearch.username: elastic output.elasticsearch.password: Pa$$w0rt
-
Restart Filebeat:
sudo systemctl start seal-filebeat
Hint - separate Filebeat user
In the Kibana user interface, you may define a special filebeat_writer
user, who needs a Setup
and a Publishing
roll. For details on this, refer to the original documentation of the software producer:
Alternative: Using Filebeat Keystore to Manage Passwords¶
-
As
seal
user add the corresponding password, e.g. under the keyES_PWD
, to the filebeat keystore:sudo -u seal /opt/seal/seal-filebeat/filebeat -c /opt/seal/etc/filebeat.yml keystore add ES_PWD
-
Check the stored keys:
sudo -u seal /opt/seal/seal-filebeat/filebeat -c /opt/seal/etc/filebeat.yml keystore list
-
In an editor, open the following configuration file:
sudo vi /opt/seal/etc/filebeat.yml
-
Add or adjust the following lines and use the key instead of the password:
output.elasticsearch.password: "${ES_PWD}"
-
Restart Filebeat:
sudo systemctl start seal-filebeat
Adjusting Environment Variables in Consul¶
Add user and password to the SEAL REST service URL:
ELASTICSEARCH_REST_URL = http://elastic:<password>@<management-server>:9200
Hint - PLOSSYS Administrator Configuration
Leave the KIBANA_LINK
item unchanged. User and password are requested interactively in the browser.
You can configure the validation period of the password in Kibana.