SlideShare a Scribd company logo

Search Guard Installation Quickstart | Security for Elasticsearch

Jochen Kressin
Jochen Kressin

How to install Search Guard on an Elasticsearch cluster for adding security features. How to use the demo installer and add users and roles.

Software
1 of 24
Download to read offline
© 2018 floragunn GmbH - All Rights Reserved SEARCH GUARD QUICKSTART AND FIRST STEPS DOCUMENTS
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 01. PLUGIN INSTALLATION Find the matching Search Guard version for your Elasticsearch version https://docs.search-guard.com/latest/search-guard-versions Use the Elasticsearch plugin command to install ./bin/elasticsearch-plugin install com.floragunn:search-guard-6:6.4.0-23.0 Confirm when being asked for plugin permissions Alternative: Offline installation Download the plugin zip file Use the offline install command . /bin/elasticsearch-plugin install -b file:///path/to/search-guard-6-<version>.zip
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 02. DEMO INSTALLER Search Guard ships with a demo installer Set up a PoC in minutes The installer will: add demo TLS certificates for data encryption add the TLS configuration to the elasticsearch.yml file. initialize Search Guard with demo users and roles generate an sgadmin_demo.sh script that you can use for configuration changes
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 03. EXECUTING THE DEMO INSTALLER Change to the tools directory of Search Guard cd ./plugins/search-guard-6/tools Grant execution permissions to the installer and execute chmod 755 ./install_demo_configuration.sh ./install_demo_configuration.sh When prompted by the installer, answer as follows Install demo certificates? [y/N] y Initialize Search Guard? [y/N] y Enable cluster mode? [y/N] n
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 04. TESTING THE INSTALLATION Start Elasticsearch ./bin/elasticsearch Test HTTPS encryption Use a browser and open https://localhost:9200/_searchguard/authinfo?pretty Accept the warning message regarding self-signed demo certificates Test admin log in When prompted, log in with admin/admin Search Guard displays information about the logged in admin user
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 05. ADDING KIBANA Copy the download link for the Search Guard Kibana plugin https://docs.search-guard.com/latest/search-guard-versions Install the plugin bin/kibana-plugin install https://url/to/search-guard-kibana-plugin-<version>.zip Alternative: Offline installation Download the Search Guard Kibana plugin bin/kibana-plugin install file:///path/to/search-guard-kibana-plugin-<version>.zip. Wait for Kibana optimizer to finish This step is required by Kibana and cannot be skipped
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 06. KIBANA MINIMAL CONFIGURATION Add the following configuration to kibana.yml xpack.security.enabled: false searchguard.auth.type: "basicauth" elasticsearch.url: "https://localhost:9200" elasticsearch.ssl.verificationMode: none elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" Start Kibana Use a browser and visit http://localhost:5601/ The Search Guard login page is displayed Use admin/admin to log in
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps SEARCH GUARD LOGIN PAGE
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps Search Guard can be configured in three ways Using the sgadmin command line tool Using the REST API Using the Kibana Configuration GUI GUI can be used to configure Users Roles Permissions 07. SEARCH GUARD CONFIGURATION GUI
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps SEARCH GUARD CONFIGURATION GUI
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 08. ADDING A NEW KIBANA USER To use Kibana, a user needs to have the sg_kibanauser role Defines minimal permissions to access Kibana Installed by the demo installer In addition, a user needs permissions to access one or more indices We will add a new role for that We will give this role READ access to one index
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 09. CONFIGURING A SEARCH GUARD ROLE Navigate to “Search Guard Roles” Click on the plus sign and give the role a telling name e.g. “sg_mykibanarole” Navigate to “Cluster Permissions” add the CLUSTER_COMPOSITE_OPS cluster permissions Navigate to “Index Permissions” add a new index and use “*” as document type add the SEARCH index permissions
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ADDING A NEW SEARCH GUARD ROLE
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 10. ADDING A NEW USER Navigate to “Internal User Database” Click on the plus sign and choose a username e.g. “my_kibanauser” Choose a password Save the user
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ADDING A NEW USER
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 11. MAPPING THE USER TO ROLES To assign Search Guard roles to a user, we use the role mapping Search Guard roles can be assigned by: username backend roles hostnames We will add the user to the existing kibanauser mapping We will add a new mapping for our new Search Guard role
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 12. ASSIGNING THE KIBANAUSER ROLE Click on “Role Mappings” Click on the “sg_kibana_user” mapping Add the “my_kibanauser” to the mapping
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ASSIGNING THE KIBANAUSER ROLE
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 13. CREATING A NEW MAPPING Click on “Role Mappings” Click on the plus sign From the dropdown, select the “sg_mykibanarole” role Add the “my_kibanauser” to the mapping
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps CREATING A NEW MAPPING
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 14. TESTING THE NEW USER Click on logout and log in with the new users Click on “Management” -> “Index Patterns” The new user should only see the “myindex” index This is the index we used when defining the sg_ mykibanarole Of course, the “myindex” index has to exist …
© 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 15. RESOURCES Search Guard website https://search-guard.com/ Documentation https://docs.search-guard.com Community Forum https://groups.google.com/d/forum/search-guard GitHub https://github.com/floragunncom
© 2018 floragunn GmbH - All Rights Reserved WE LOOK FORWARD TO YOUR MESSAGE CONTACT US: info@search-guard.com
© 2018 floragunn GmbH - All Rights Reserved floragunn GmbH Tempelhofer Ufer 16 D-10963 Berlin, Germany 
 E-Mail: info@search-guard.com Web: search-guard.com Managing Directors: Claudia Kressin, Jochen Kressin
 Registergericht: Amtsgericht Charlottenburg 
 Registernummer: HRB 147010 B E-Mail: info@floragunn.com Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries. Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. floragunn GmbH is not affiliated with Elasticsearch BV. Search Guard is an independent implementation of a security access layer for Elasticsearch. It is completely independent from Elasticsearch own products.

Recommended

Mother to Son by Langston Hughes
Mother to Son by Langston HughesMother to Son by Langston Hughes
Mother to Son by Langston HughesAnalene de Guzman
 
Juzz ul rafa al yadeen by(imam bukhari)
Juzz ul rafa al yadeen by(imam bukhari)Juzz ul rafa al yadeen by(imam bukhari)
Juzz ul rafa al yadeen by(imam bukhari)kaleem khan
 
Teknik pewarnaan 2
Teknik pewarnaan 2Teknik pewarnaan 2
Teknik pewarnaan 2Comander Dzahabi
 
Representation of the naked and the nude
Representation of the naked and the nudeRepresentation of the naked and the nude
Representation of the naked and the nudeBenito Lopulalan
 
Why women swing
Why women swingWhy women swing
Why women swingLeanna Wolfe
 
Expand simple sentences
Expand simple sentencesExpand simple sentences
Expand simple sentencesTimCreighton4
 
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...YSBS
 
Search Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchSearch Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchJochen Kressin
 

Recommended

Mother to Son by Langston Hughes
Mother to Son by Langston HughesMother to Son by Langston Hughes
Mother to Son by Langston HughesAnalene de Guzman
 
Juzz ul rafa al yadeen by(imam bukhari)
Juzz ul rafa al yadeen by(imam bukhari)Juzz ul rafa al yadeen by(imam bukhari)
Juzz ul rafa al yadeen by(imam bukhari)kaleem khan
 
Teknik pewarnaan 2
Teknik pewarnaan 2Teknik pewarnaan 2
Teknik pewarnaan 2Comander Dzahabi
 
Representation of the naked and the nude
Representation of the naked and the nudeRepresentation of the naked and the nude
Representation of the naked and the nudeBenito Lopulalan
 
Why women swing
Why women swingWhy women swing
Why women swingLeanna Wolfe
 
Expand simple sentences
Expand simple sentencesExpand simple sentences
Expand simple sentencesTimCreighton4
 
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...
Narrative report project nr. 416-025-1014 zg reporting period dec. 1st, 2011 ...YSBS
 
Search Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchSearch Guard Configuration | Security for Elasticsearch
Search Guard Configuration | Security for ElasticsearchJochen Kressin
 
Elasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardElasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardJochen Kressin
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Search Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchSearch Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchJochen Kressin
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Amazon Web Services
 
Cloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readinessCloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readinessOleg Posyniak
 
Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...Zeeshan Rahman
 
Urban Airship & Android Application Integration Document
Urban Airship & Android Application Integration DocumentUrban Airship & Android Application Integration Document
Urban Airship & Android Application Integration Documentmobi fly
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
StarForce ProActive for Business
StarForce ProActive for BusinessStarForce ProActive for Business
StarForce ProActive for BusinessStarForce Technologies
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Vincenzo Barone
 
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...lisanl
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprisejenny_splunk
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...Amazon Web Services
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps SecurityDatto
 
RPM Building
RPM BuildingRPM Building
RPM BuildingAnil Kumar Pugalia
 
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...Maarten Eekels
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 

More Related Content

Similar to Search Guard Installation Quickstart | Security for Elasticsearch

Elasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardElasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardJochen Kressin
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Search Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchSearch Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchJochen Kressin
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Amazon Web Services
 
Cloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readinessCloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readinessOleg Posyniak
 
Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...Zeeshan Rahman
 
Urban Airship & Android Application Integration Document
Urban Airship & Android Application Integration DocumentUrban Airship & Android Application Integration Document
Urban Airship & Android Application Integration Documentmobi fly
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Vincenzo Barone
 
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...lisanl
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprisejenny_splunk
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...Amazon Web Services
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps SecurityDatto
 
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...Maarten Eekels
 

Similar to Search Guard Installation Quickstart | Security for Elasticsearch (20)

Elasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search GuardElasticsearch audit logging | Search Guard
Elasticsearch audit logging | Search Guard
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Search Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for ElasticsearchSearch Guard | Meetup Presentation | Security for Elasticsearch
Search Guard | Meetup Presentation | Security for Elasticsearch
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...
 
Cloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readinessCloud Community Engineering - Holiday readiness
Cloud Community Engineering - Holiday readiness
 
Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...Urban Airship and Android Integration for Push Notification and In-App Notifi...
Urban Airship and Android Integration for Push Notification and In-App Notifi...
 
Urban Airship & Android Application Integration Document
Urban Airship & Android Application Integration DocumentUrban Airship & Android Application Integration Document
Urban Airship & Android Application Integration Document
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
 
StarForce ProActive for Business
StarForce ProActive for BusinessStarForce ProActive for Business
StarForce ProActive for Business
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3
 
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security
 
RPM Building
RPM BuildingRPM Building
RPM Building
 
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and C...
 

Recently uploaded

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 

Recently uploaded (20)

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 

Search Guard Installation Quickstart | Security for Elasticsearch

  • 1. © 2018 floragunn GmbH - All Rights Reserved SEARCH GUARD QUICKSTART AND FIRST STEPS DOCUMENTS
  • 2. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 01. PLUGIN INSTALLATION Find the matching Search Guard version for your Elasticsearch version https://docs.search-guard.com/latest/search-guard-versions Use the Elasticsearch plugin command to install ./bin/elasticsearch-plugin install com.floragunn:search-guard-6:6.4.0-23.0 Confirm when being asked for plugin permissions Alternative: Offline installation Download the plugin zip file Use the offline install command . /bin/elasticsearch-plugin install -b file:///path/to/search-guard-6-<version>.zip
  • 3. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 02. DEMO INSTALLER Search Guard ships with a demo installer Set up a PoC in minutes The installer will: add demo TLS certificates for data encryption add the TLS configuration to the elasticsearch.yml file. initialize Search Guard with demo users and roles generate an sgadmin_demo.sh script that you can use for configuration changes
  • 4. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 03. EXECUTING THE DEMO INSTALLER Change to the tools directory of Search Guard cd ./plugins/search-guard-6/tools Grant execution permissions to the installer and execute chmod 755 ./install_demo_configuration.sh ./install_demo_configuration.sh When prompted by the installer, answer as follows Install demo certificates? [y/N] y Initialize Search Guard? [y/N] y Enable cluster mode? [y/N] n
  • 5. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 04. TESTING THE INSTALLATION Start Elasticsearch ./bin/elasticsearch Test HTTPS encryption Use a browser and open https://localhost:9200/_searchguard/authinfo?pretty Accept the warning message regarding self-signed demo certificates Test admin log in When prompted, log in with admin/admin Search Guard displays information about the logged in admin user
  • 6. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 05. ADDING KIBANA Copy the download link for the Search Guard Kibana plugin https://docs.search-guard.com/latest/search-guard-versions Install the plugin bin/kibana-plugin install https://url/to/search-guard-kibana-plugin-<version>.zip Alternative: Offline installation Download the Search Guard Kibana plugin bin/kibana-plugin install file:///path/to/search-guard-kibana-plugin-<version>.zip. Wait for Kibana optimizer to finish This step is required by Kibana and cannot be skipped
  • 7. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 06. KIBANA MINIMAL CONFIGURATION Add the following configuration to kibana.yml xpack.security.enabled: false searchguard.auth.type: "basicauth" elasticsearch.url: "https://localhost:9200" elasticsearch.ssl.verificationMode: none elasticsearch.username: "kibanaserver" elasticsearch.password: "kibanaserver" Start Kibana Use a browser and visit http://localhost:5601/ The Search Guard login page is displayed Use admin/admin to log in
  • 8. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps SEARCH GUARD LOGIN PAGE
  • 9. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps Search Guard can be configured in three ways Using the sgadmin command line tool Using the REST API Using the Kibana Configuration GUI GUI can be used to configure Users Roles Permissions 07. SEARCH GUARD CONFIGURATION GUI
  • 10. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps SEARCH GUARD CONFIGURATION GUI
  • 11. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 08. ADDING A NEW KIBANA USER To use Kibana, a user needs to have the sg_kibanauser role Defines minimal permissions to access Kibana Installed by the demo installer In addition, a user needs permissions to access one or more indices We will add a new role for that We will give this role READ access to one index
  • 12. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 09. CONFIGURING A SEARCH GUARD ROLE Navigate to “Search Guard Roles” Click on the plus sign and give the role a telling name e.g. “sg_mykibanarole” Navigate to “Cluster Permissions” add the CLUSTER_COMPOSITE_OPS cluster permissions Navigate to “Index Permissions” add a new index and use “*” as document type add the SEARCH index permissions
  • 13. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ADDING A NEW SEARCH GUARD ROLE
  • 14. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 10. ADDING A NEW USER Navigate to “Internal User Database” Click on the plus sign and choose a username e.g. “my_kibanauser” Choose a password Save the user
  • 15. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ADDING A NEW USER
  • 16. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 11. MAPPING THE USER TO ROLES To assign Search Guard roles to a user, we use the role mapping Search Guard roles can be assigned by: username backend roles hostnames We will add the user to the existing kibanauser mapping We will add a new mapping for our new Search Guard role
  • 17. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 12. ASSIGNING THE KIBANAUSER ROLE Click on “Role Mappings” Click on the “sg_kibana_user” mapping Add the “my_kibanauser” to the mapping
  • 18. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps ASSIGNING THE KIBANAUSER ROLE
  • 19. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 13. CREATING A NEW MAPPING Click on “Role Mappings” Click on the plus sign From the dropdown, select the “sg_mykibanarole” role Add the “my_kibanauser” to the mapping
  • 20. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps CREATING A NEW MAPPING
  • 21. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 14. TESTING THE NEW USER Click on logout and log in with the new users Click on “Management” -> “Index Patterns” The new user should only see the “myindex” index This is the index we used when defining the sg_ mykibanarole Of course, the “myindex” index has to exist …
  • 22. © 2018 floragunn GmbH - All Rights Reserved Search Guard – Quickstart and first steps 15. RESOURCES Search Guard website https://search-guard.com/ Documentation https://docs.search-guard.com Community Forum https://groups.google.com/d/forum/search-guard GitHub https://github.com/floragunncom
  • 23. © 2018 floragunn GmbH - All Rights Reserved WE LOOK FORWARD TO YOUR MESSAGE CONTACT US: info@search-guard.com
  • 24. © 2018 floragunn GmbH - All Rights Reserved floragunn GmbH Tempelhofer Ufer 16 D-10963 Berlin, Germany 
 E-Mail: info@search-guard.com Web: search-guard.com Managing Directors: Claudia Kressin, Jochen Kressin
 Registergericht: Amtsgericht Charlottenburg 
 Registernummer: HRB 147010 B E-Mail: info@floragunn.com Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries. Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. floragunn GmbH is not affiliated with Elasticsearch BV. Search Guard is an independent implementation of a security access layer for Elasticsearch. It is completely independent from Elasticsearch own products.