本文档详细介绍了如何在Elasticsearch 6.5.1版本中设置用户名和密码,以保护集群免受非法访问。首先在无验证模式下启动ES,然后生成license,接着启用安全配置并重启服务。通过`elasticsearch-setup-passwords`命令随机生成并设置默认用户的密码,包括elastic用户。之后,使用curl命令修改elastic用户密码,并在Kibana的配置文件中添加用户名和密码。最后,验证登录Kibana时,使用新设置的凭证能成功访问。
需求
设置ElasticSearch的用户名和密码,禁止非法用户访问。
程序版本
elasticsearch-6.5.1
kibana-6.5.1-linux-x86_64
流程
1. 无验证模式下启动es
2. 生成license
curl -H “Content-Type:application/json” -XPOST http://${ip}:9200/_xpack/license/start_trial?acknowledge=true
3. 修改elasticsearch.yml配置文件
xpack.security.enabled: true
http.cors.enabled: true
http.cors.allow-origin: “*”
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
4. 重启ES
5. 设置初始密码
执行./elasticsearch-setup-passwords auto,出现以下内容:
Your cluster health is currently RED.
This means that some cluster data is unavailable and your cluster is not fully functional.
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]y
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
Changed password for user apm_system
PASSWORD apm_system = sBDDWGcsyU0TBAU06XfC
Changed password for user kibana
PASSWORD kibana = oR9c9ukI4PxEU96G3wAL
Changed password for user logstash_system
PASSWORD logstash_system = yEWme53Vus5161arv2IU
Changed password for user beats_system
PASSWORD beats_system = f9tz8kr1wUWdxkTV3JlA
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = AuImHAVfsqnqptCv7L7x
Changed password for user elastic
PASSWORD elastic = hE2ZIl3DP8T5ZBU9o4u7
6. 修改密码
执行 curl -XPOST http://${ip}:9200/_xpack/security/user/elastic/_password?pretty -H “Content-Type:application/json” -d ‘{ “password” : “your password”}’ -u elastic
输入上边生成的密码:hE2ZIl3DP8T5ZBU9o4u7
执行完后出现以下结果代表修改成功
Enter host password for user ‘elastic’:
{ }
7. 修改kibana的kibana.yml配置,添加es用户名和密码
elasticsearch.username: “elastic”
elasticsearch.password: “your password”
结果验证
登录kibana,输入es的用户名和密码,可以查看当前用户和添加/修改用户信息。
附件
stop.sh脚本
#!/bin/bash
ps -ef |grep Elasticsearch |grep -v grep
pid=`ps -ef |grep Elasticsearch |grep -v grep |awk '{print $2}'`
if [ -z $pid ]; then
echo no program...
else
kill -9 $pid
fi
start.sh脚本
#!/bin/bash
su elk -l -c "cd /{dir}/elasticsearch-6.5.1/bin && ./elasticsearch -d"
其他
es的验证信息是保存到本地文件的,和数据目录一样。所以,如果需要重新部署环境,把数据目录删除,然后按照上述步骤重新设置验证信息即可。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
