HOW TO SETUP A SECURE ELASTICSEACH 5.5.1 SEVER WITH X-PACK- Amazon EC2

ELASTICSEACH 5.5.1 SEVER WITH X-PACK

From last article and another one, we can understand what is Elasticseach  and how to install, how to make Dockerfile and Elasticsearch configuration. In this post we will go through to setup Elasticsearch 5.5.1 server, with X-PACK to secure your Elasticsearch Server.

Assume that you have AWS EC2 Instance with Ubuntu 16.04 LTS or on your Local Environment.

Elasticsearch Installation

With Aws EC2 instance that have an Ubuntu 16.04 base image.  We need to set up the JAVA environment (JAVA SDK): OpenJDK and OpenJRE.  Next, let’s add Elastic APT repository with Ubuntu ans install elasticsearch itself.

#Install OpenJDK and JRE

$ sudo apt-get install default-jdk -y

$ sudo apt-get install openjdk-8-jre -y

$ sudo apt-get update

#Add the Elasticsearch APT repo in your package source list

$ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

#signing_key and update repository

$ sudo apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv D88E42B4

$ sudo apt-get install apt-transport-https -y


#install elasticsearch

$ sudo apt-get update -y
$ sudo apt-get install elasticsearch -y

AUTHENTICATION AND AUTHORIZATION

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, and graph capabilities into one easy-to-install package. While the X-Pack components are designed to work together seamlessly, you can easily enable or disable the features you want to use.

Prior to Elasticsearch 5.5.1, you had to install separate Shield, Watcher, and Marvel plugins to get the features that are bundled together in X-Pack. With X-Pack, you no longer have to worry about whether or not you have the right version of each plugin, just install the X-Pack for the Elasticsearch version you’re running, and you’re good to go!

Reference to know more about X-Pack

INSTALLING X-PACK

X-Pack is packages as Elasticsearch  plugins. You have to use the bundled plugin tool to install it.

#Install x-pack for Elasticsearch

$ cd /usr/share/elasticsearch

$ sudo bin/elasticsearch-plugin install x-pack

# X-Pack requires permissions to enable Elasticsearch to 
#launch the machine learning analytical engine. Press   y 

CONFIGURING

Now configure Elasticsearch from elasticsearch.yml  You have to uncomment or if not here add these lines.

$ sudo vim /etc/elasticsearch/elasticsearch.yml

# Use a descriptive name for your cluster:
 cluster.name: linux-point-development

# -------------------- Node -----------------
# Use a descriptive name for the node:
 node.name: Tech-Blog
# -------------- Memory -------------------------
# Lock the memory on startup:
 bootstrap.memory_lock: true
# -------------- Network -------------------
# Set the bind address to a specific IP (IPv4 or IPv6):
#
 network.host: 127.0.0.1
 network.publish_host: localhost
 #network.bind_host: 0.0.0.0

# network.bind_host: 0.0.0.0
# Set a custom port for HTTP:
 http.port: 9200-9300

#action.destructive_requires_name: true 
 action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml* 
#


:wq (save & exit)

Restart the Elasticsearch server

$ sudo  service    elasticsearch   restart

Setting Up User Authentication

X-Pack security provides built-in user credentials to help you get up and running. These users have a fixed set of privileges and the default password. You must reset the default passwords for all built-in users.

Reset Password API:   Run on command terminal:

# curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '
{  
 "password": "linuxPoint123"
}

Restart the Elasticsearch server

$ sudo   service   elasticsearch    restart

To test the elasticseacrh server, First open port 9200 to all in Security Group which is attache with this EC2 Instance from browser by http://<public-IP>:9200

It will ask for username and password.  Enter the credentials and Enjoy with your Elasticsearch Server, it will look like this.

{
  "name" : "Tech-Blog",
 "cluster_name" : "linux-point- development",
  "cluster_uuid" : "huIY_z9fQnWhdUiQrqfyLA",
   "version" : {
     "number" : "5.5.1",
     "build_hash" : "19c13d0",
     "build_date" : "2017-07-18T20:44:24.823Z",
     "build_snapshot" : false,
     "lucene_version" : "6.6.0"
 },
  "tagline" : "You Know, for Search"
}

Hope it is useful for you.
Like, Comment  and Share @Thank You !

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s