بسم الله الرحمن الرحیم

Enable Elasticsearch security features
edit

Enabling the Elasticsearch security features provides basic authentication so that you can run a local cluster with username and password authentication.

* On every node in your cluster, stop both Kibana and Elasticsearch if they are running.

* On every node in your cluster, add the xpack.security.enabled setting to the $ES_PATH_CONF/elasticsearch.yml file and set the value to true:
```r
nano /etc/elasticsearch/elasticsearch.yml
```

```r
    xpack.security.enabled: true
```

   The $ES_PATH_CONF variable is the path for the Elasticsearch configuration files. If you installed Elasticsearch using archive distributions (zip or tar.gz), the variable defaults to $ES_HOME/config. If you used package distributions (Debian or RPM), the variable defaults to /etc/elasticsearch.

   If your cluster has a single node, add the discovery.type setting in the $ES_PATH_CONF/elasticsearch.yml file and set the value to single-node. This setting ensures that your node does not inadvertently connect to other clusters that might be running on your network.

```r
    discovery.type: single-node
```

Set passwords for built-in users
edit

To communicate with your cluster, you must configure a password for the elastic and kibana_system built-in users. Unless you enable anonymous access (not recommended), all requests that don’t include credentials are rejected.

You only need to set passwords for the elastic and kibana_system users when enabling minimal or basic security.

   On every node in your cluster, start Elasticsearch. For example, if you installed Elasticsearch with a .tar.gz package, run the following command from the ES_HOME directory:
```r
    cd /usr/share/elasticsearch
```

```r
    ./bin/elasticsearch
```

   On any node in your cluster, open another terminal window and set the password for the elastic built-in user by running the elasticsearch-reset-password utility. This command resets the password to an auto-generated value.

```r
    ./bin/elasticsearch-reset-password -u elastic
```

   If you want to set the password to a specific value, run the command with the interactive (-i) parameter.

```r
    ./bin/elasticsearch-reset-password -i -u elastic
```

   Set the password for the kibana_system built-in user.

```r
    ./bin/elasticsearch-reset-password -u kibana_system
```

   Save the new passwords. In the next step, you’ll add the the password for the kibana_system user to Kibana.

Next: Configure Kibana to connect to Elasticsearch with a password
Configure Kibana to connect to Elasticsearch with a password
edit

When the Elasticsearch security features are enabled, users must log in to Kibana with a valid username and password.

You’ll configure Kibana to use the built-in kibana_system user and the password that you created earlier. Kibana performs some background tasks that require use of the kibana_system user.

This account is not meant for individual users and does not have permission to log in to Kibana from a browser. Instead, you’ll log in to Kibana as the elastic superuser.

Add the elasticsearch.username setting to the KIB_PATH_CONF/kibana.yml file and set the value to the kibana_system user:
```r
nano /etc/kibana/kibana.yml
```

```r
    elasticsearch.username: "kibana_system"
```

   The KIB_PATH_CONF variable is the path for the Kibana configuration files. If you installed Kibana using archive distributions (zip or tar.gz), the variable defaults to KIB_HOME/config. If you used package distributions (Debian or RPM), the variable defaults to /etc/kibana.

   From the directory where you installed Kibana, run the following commands to create the Kibana keystore and add the secure settings:

        Create the Kibana keystore:
```r
    cd /usr/share/kibana
```


```r
    ./bin/kibana-keystore create
```

Add the password for the kibana_system user to the Kibana keystore:
```r
    ./bin/kibana-keystore add elasticsearch.password
```

```r
nano /etc/kibana/kibana.yml
```

```r
    elasticsearch.username: "kibana_system"
    elasticsearch.password: "************"
```    

When prompted, enter the password for the kibana_system user.

   Restart Kibana. For example, if you installed Kibana with a .tar.gz package, run the following command from the Kibana directory:

```r
    ./bin/kibana
```
   Log in to Kibana as the elastic user. Use this superuser account to manage spaces, create new users, and assign roles. If you’re running Kibana locally, go to http://localhost:5601 to view the login page.

صلوات