In this blog, we will cover how to enable security after installing Elasticsearch and Kibana. Here I am taking the example of version 7.4.2 of Elasticsearch and Kibana. After installing Elasticsearch and Kibana we can access it without any authentication as by default Elastic Stack does not enable security. We can start applying security, once you have installed Elasticsearch and Kibana. In this blog, I am not covering Logstash and Beats security but that can be done in the same way as Kibana. Now let us start applying the security assuming the installation is done and it is working. We need to do the following for enabling security in Elasticsearch.

• Open the elasticsearch.yml file and add the following setting:
  

  xpack.security.enabled: true
  xpack.security.transport.ssl.enabled: true

• After doing the change restart Elasticsearch. In case of the cluster, we need to do the same for all Elasticsearch nodes.
• As we have enabled the security so now let us set the password for inbuilt elastic users. To set the password we need to run the following command:
  

  bin/elasticsearch-setup-passwords interactive

  Using this we can set up the password for in-built users ie elastic, kibana etc.
  

• Now we can log in using the elastic username and password which was set in the previous step. To confirm the authentication we can try accessing the Elasticsearch URL through CURL:
  

  curl -XGET "http://localhost:9200"

  Above command will give the following output:
  

  {
      "error": {
          "root_cause": [{
              "type": "security_exception",
              "reason": "missing authentication credentials for REST request [/]",
              "header": {
                  "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
              }
          }],
          "type": "security_exception",
          "reason": "missing authentication credentials for REST request [/]",
          "header": {
              "WWW-Authenticate": "Basic realm=\"security\" charset=\"UTF-8\""
          }
      },
      "status": 401
  }
  

• Now try the same command using elastic username and password:
  

  curl -XGET "http://elastic:your_password@localhost:9200"

• This will provide us the following response:
  

  {
    "name" : "ELASTIC0305",
    "cluster_name" : "elasticsearch",
    "cluster_uuid" : "BIP_9t5fR-SxB72hLM8SwA",
    "version" : {
      "number" : "7.4.2",
      "build_flavor" : "default",
      "build_type" : "deb",
      "build_hash" : "2f90bbf7b93631e52bafb59b3b049cb44ec25e96",
      "build_date" : "2019-10-28T20:40:44.881551Z",
      "build_snapshot" : false,
      "lucene_version" : "8.2.0",
      "minimum_wire_compatibility_version" : "6.8.0",
      "minimum_index_compatibility_version" : "6.0.0-beta1"
    },
    "tagline" : "You Know, for Search"
  }
  

• If we are getting the above response then it means that Elasticsearch is now secured. To access Kibana we need to do the following changes in kibana.yml file:
  

  elasticsearch.username: "elastic"
  elasticsearch.password: "your_password"

• After doing the above change we need to restart Kibana. Now a login screen will appear when we try to access Kibana, please refer to the below screenshot:
  
  
  
  
• This way we can enable security with our Elastic Stack. In the same way, we can configure Logstash and Beats to communicate with the secure Elasticsearch cluster.
  

Other Blogs on Elastic Stack:

How to create Elasticsearch Cluster
Bucket Aggregation in Elasticsearch
Metrics Aggregation in Elasticsearch
Configure Logstash to push MySQL data into Elasticsearch 
Wildcard and Boolean Search in Elasticsearch
Elasticsearch Rest API
Basics of Data Search in Elasticsearch
Elasticsearch Rest API
Log analysis with Elastic stack 
Elasticsearch Installation and Configuration on Ubuntu 14.04
Introduction to Elasticsearch

You can also follow me on:

- LinkedIn: https://www.linkedin.com/in/anubioinfo/

- Twitter: https://twitter.com/anu4udilse

- Medium: https://anubioinfo.medium.com