elasticsearch集群未授权访问漏洞，设置用户登录认证

elasticsearch集群未授权访问漏洞，设置用户登录认证

ES安装步骤省略

1.节点上生成认证文件 ca证书

[elasticsearch@pgdb-es1 bin]$

[elasticsearch@pgdb-es1 bin]$ ./elasticsearch-certutil ca

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/opt/elasticsearch-7.2.0/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()

WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

WARNING: All illegal access operations will be denied in a future release

This tool assists you in the generation of X.509 certificates and certificate

signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'

This will create a new X.509 certificate and private key that can be used

to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'

of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:

    * The CA certificate

    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will

be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.p12]:                         ---直接回车

Enter password for elastic-stack-ca.p12 :                                 ---直接回车

[elasticsearch@pgdb-es1 bin]$

2.生产新文件elastic-stack-ca.p12

[elasticsearch@pgdb-es1 bin]$ cd ..

[elasticsearch@pgdb-es1 elasticsearch-7.2.0]$ ll -lrt

total 552

-rw-r--r--.  1 elasticsearch elasticsearch   8478 Jun 20  2019 README.textile

-rw-r--r--.  1 elasticsearch elasticsear