...
Anchor xpack xpack
8. Configuring ELK Stack Security (X-Pack)
| xpack | |
| xpack |
We In the sequel, we will secure the ELK stack using a self-signed certificate. First, you have to create the file “/usr/share/elasticsearch/instances.yml” should be created with the following contents:
instances:
- name: elasticsearch
dns: WAS_FQDN
ip: WAS_IP
Important Note: In case you also configure Logstash, of correlation with RADIUS and DHCP Logs, Logstash is also required. In this case, instances.yml requires additional information. Please, see More information is available in the following WiFiMon guide "RADIUS Logs Streaming to Elasticsearch - Simulation". You should combine the information provided in these two guides to fully configure the WiFiMon Analysis ServerThe WAS guide mainly focuses on the integration of the previous guide with the WiFiMon code setup.
Then, you will generate the certificate of the Certificate Authority (CA) and its corresponding key . Use should be generated using the following command:
/usr/share/elasticsearch/bin/elasticsearch-certutil ca --ca-dn CN=’WiFiMon CA’ --days 3650 --keysize 4096 --out wifimon-ca.zip --pass --pem
This command will create the file “wifimon-ca.zip” in /usr/share/elasticsearch directory. Unzip this file The file contents should be unzipped using the following command:
unzip /usr/share/elasticsearch/wifimon-ca.zip
Then, you will generate the self-signed certificate and the corresponding key . Use should be generated using the following command:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /usr/share/elasticsearch/ca/ca.crt --ca-key /usr/share/elasticsearch/ca/ca.key --days 1234 --in /usr/share/elasticsearch/instances.yml --keysize 4096 --out wifimon-certs.zip --pass --pem
This command will create wifimon-certs.zip file in /usr/share/elasticsearch directory. Unzip The contents of this file should be unzipped using the following command:
unzip /usr/share/elasticsearch/wifimon-certs.zip
Create directories Directories /etc/elasticsearch/certs and /etc/kibana/certs. Copy files certs should then be created. Files ca.crt, elasticsearch.key and elasticsearch.crt should be copied in the aforementioned directories and in /usr/lib/wifimon/keystore.keystore using the following commands:
mkdir /etc/elasticsearch/certs
mkdir /etc/kibana/certs
cp /usr/share/elasticsearch/ca/* /etc/elasticsearch/certs/
cp /usr/share/elasticsearch/ca/* /etc/kibana/certs/
cp /usr/share/elasticsearch/elasticsearch/* /etc/elasticsearch/certs/
cp /usr/share/elasticsearch/elasticsearch/* /etc/kibana/certs/
cp /usr/share/elasticsearch/ca/* /usr/lib/wifimon/keystore/
cp /usr/share/elasticsearch/elasticsearch/* /usr/lib/wifimon/keystore/
Then, you will configure the elasticsearch keystore . Use should be configured using the following command:
/usr/share/elasticsearch/bin/elasticsearch-keystore create
Add Adding certificate key passphrase for HTTP communication protocol . Use requires using the following command and enter entering the certificate key passphrase when prompted:
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase
Add Adding certificate key for transport communication protocol and enter entering the certificate key passphrase when prompted is possible via the following command:
/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase
Execute the The following command is required for setup verification:
/usr/share/elasticsearch/bin/elasticsearch-keystore list
and verify that you have the followingThe following information should be present:
keystore.seed
xpack.security.http.ssl.secure_key_passphrase
xpack.security.transport.ssl.secure_key_passphrase
In /etc/elasticsearch/elasticsearch.yml add the following and restart the following information should be added and the Εlasticsearch cluster should be then restarted:
| xpack.security.enabled: true (you have previously set this value to false) xpack.security.http.ssl.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: full xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt |
Generate Next, passwords for the built-in users should be generated. Note the These passwords as they are not provided again and should be noted. Inside directory /usr/share/elasticsearch/bin/, use the following command should be used:
./elasticsearch-setup-passwords auto -u "https://WAS_FQDN:9200"
Configure Kibana keystore is configured using the following command:
sudo -u kibana /usr/share/kibana/bin/kibana-keystore create
Use the The following command should be used and provide “kibana” should be provided as the username:
sudo -u kibana /usr/share/kibana/bin/kibana-keystore add elasticsearch.username
Use the The following command and provide should be used the password of the “kibana” built-in user should be provided:
sudo -u kibana /usr/share/kibana/bin/kibana-keystore add elasticsearch.password
Use the The following command should be, then, used and provide the elasticsearch.key passphrase should be provided:
sudo -u kibana /usr/share/kibana/bin/kibana-keystore add server.ssl.keyPassphrase
Execute the The following command is required for setup verification:
sudo -u kibana /usr/share/kibana/bin/kibana-keystore list
and verify that you have the followingThe following information should be present:
elasticsearch.username
elasticsearch.password
server.ssl.keyPassphrase
In /etc/kibana/kibana.yml, add the following and restart Kibanadetails should be added and Kibana should be restarted:
| elasticsearch.hosts: [“https://WAS_FQDN:9200”] elasticsearch.ssl.certificateAuthorities: [ “/etc/kibana/certs/ca.crt” ] elasticsearch.ssl.verificationMode: full |
Note: Make sure that certificates and keys in /etc/elasticsearch/certs/, /etc/kibana/certs/ and /usr/lib/wifimon/keystore/ are accessible by both Εlasticsearch and Kibana.
Next, you will configure the WiFiMon Agent properties should be configured. Create the The truststore for X-PackPack will be created using the following command:
keytool -import -trustcacerts -alias root -file /usr/lib/wifimon/keystore/ca.crt -keystore /usr/lib/wifimon/keystore/truststore.jks
Create the The keystore for X-PackPack will be created using the following commands:
cat /usr/lib/wifimon/keystore/elasticsearch.crt /usr/lib/wifimon/keystore/elasticsearch.key > /usr/lib/wifimon/keystore/combined.crt
keytool -import -trustcacerts -alias yourdomain -file /usr/lib/wifimon/keystore/combined.crt -keystore /usr/lib/wifimon/keystore/keystore.jks
Edit File /usr/lib/wifimon/config/secure-processor.propertiesshould be edited and add the following lines should be added:
| xpack.security.enabled=true ssl.certificate.type=keystore ssl.http.user.username=elastic ssl.http.user.password=[elastic built-in user password] ssl.http.keystore.filepath=/usr/lib/wifimon/keystore/keystore.jks ssl.http.keystore.password=[keystore.jks password] ssl.http.truststore.filepath=/usr/lib/wifimon/keystore/truststore.jks ssl.http.truststore.password=[truststore password] ssl.http.key.password=[elasticsearch.key password] |
...