0

im very new in the world of ELK,

I have installed a new and clean ubuntu 18.0 server, I have downloaded and installed elasticsearch version 7.6.0 and kibana 7.6.0, after basically configuring it:

elasticsearch.yml

path.data: /var/lib/elasticsearch

path.logs: /var/lib/elasticsearch

network.host: 123.45.657.89

http.port: 9200

discovery.seed_hosts: ["123.45.657.89", "host2"]

kibana.yml

server.host: "123.45.657.89"

elasticsearch.hosts: ["http://123.45.657.89:9200"]

After that, I have configured the automatic startup of the services

sudo systemctl enable elasticsearch sudo systemctl enable kibana

sudo systemctl start elasticsearch sudo systemctl start kybana

At this point it worked fine, I could get through the browser to the kibana configuration panel without any problem.

The shit starts when I wanted to install searchguard plogin to put a security kit [Just some credentials for kibana and elasticsearch]

I have installed it as follows:

I downloaded from the official repository the pluggin of elasticsearch, specifically this one:

search-guard-kibana-plugin-7-7.6.0-40.1.0.zip

I have passed it to my vm and installed it as follows:

cd /usr/share/kibana

bin/kibana-plugin install file:usr/share/kibana/search-guard-kibana-plugin-7-7.6.0-40.1.0.zip --allow-root

and installed it correctly.

The installation of the plugin I have done with the service of elasticsearch and kibana stopped

Then I restarted them and the services were active

BUT.... my problem is that now kibana doesn't work, I try to enter through the browser and the screen stays like this:

Kibana server is not ready yet

Have I missed any settings? How did you finish setting the password?

Any help is welcome, all the information I find is diffused.

srgbnd
  • 5,404
  • 9
  • 44
  • 80
r.jara
  • 11
  • 1

1 Answers1

0

Which distribution of Elasticsearch are you using, the default download or the oss-download? In case you are using the default download, is there any reason why you don't want to use the built-in security features (which do support basic authentication and authorization)? You could simply enable it and get started by defining your own roles and users (see Elasticsearch Reference: Configuring Security)

Unfortunately, I cannot comment on Searchguard as I never used it by myself.

Update:

  1. Setup the passwords by using the executing bin/elasticsearch-setup-passwords interactive.
  2. Add elasticsearch.username: "kibana" and elasticsearch.password: "<your password> to your Kibana.yml-file
Daniel Schneiter
  • 1,843
  • 1
  • 13
  • 19
  • i already use the basic license. following your instructions, i have uninstalled the plugin, and i have access again to the kibana portal, but in the configuration file of elasticsearch.yml i have not found any of the security options, i only find the sections: cluster, node, path, memory, network, discovery, gateway and various – r.jara Feb 26 '20 at 15:18
  • i already add the lines in the elasticsearch.yml : xpack.security.enabled: true and discovery.type: single-node but again stay in "Kibana server is not ready yet" – r.jara Feb 26 '20 at 15:32
  • Check the updated response. If this does not the trick, you may have a network configuration issue, not necessarily related to security. – Daniel Schneiter Feb 26 '20 at 15:41
  • Hi! Firts, thx for the comment, It was very helpful, applying the last steps, I established login, but now I have another doubt: When I successfully log in with the Kibana user I get this message {"statusCode":403, "error": "Forbidden", "message": "Forbidden"} However, if I log in with the elastic user I can access the kibana panel without any problem. You know what that might be? In my kibana.yml file I have these 2 lines elasticsearch.username: "kibana" elasticsearch.password: "Pa$w0rd123" Any suggestions? Thank you in advance – r.jara Feb 27 '20 at 07:40
  • The `Kibana` user is a technical user, to be used for Kibana to communicate with Elasticsearch, but not meant to be used as an account for logging into Kibana. By setting up the default passwords, so far you only have one superuser account that can be used to log into Kibana: the 'elastic' user. Now it's your turn to configure roles and users that eventually can log into Kibana. Everything is as expected! – Daniel Schneiter Feb 27 '20 at 07:52