Instructions required for Installing Search Guard on Kibana 6.6.1

I’m new to Kibana and trying to install search guard on Kibana 6.6.1, to enable role based access control.
Please help me understand the following.

  1. Do I need to install the search guard for Elastic Search first and then install the plugin for Kibana?
  2. Currently, Elastic Search and Kibana are containerized. Can you point me to the documentation that provides instructions on how to install search guard on the current docker.

Docs Referred:

  • Thanks.

Hi,

  1. yes, the Kibana plugin will not work when Search Guard is not installed on all Elasticsearch nodes.
  2. there is a nice and active GitHub repo which has Dockerfiles for ELK including Search Guard. You can use this as a template / blueprint:

https://github.com/deviantony/docker-elk/tree/searchguard

Hi,

Thanks for your response. I could test and it’s working.
Can you provide me some pointers on enabling TLS on that. (Currently, it’s using http and not https).

  • Thanks

What exactly do you mean? TLS on the Elasticsearch REST API or TLS for accessing Kibana?

It’s for accessing Kibana and Elastic Search. If we try running the docker-compose and access the URL on the local host, it uses http protocol. I’m trying to understand the steps that need to be performed to make it https.
i.e. Access using https://localhost:5601 instead of http://localhost:5601.

For Kibana, you can refer to the official docs regarding TLS:

https://www.elastic.co/guide/en/kibana/6.7/configuring-tls.html

The TLS config needs to be added to the kibana.yml:

In order to get the needed certificates, you can either use a certificate from a well known CA like Thawte. Or you can generate your own.

In the first case, your browser will happily accept the certificates because they are signed by a known and trusted CA. The downside is you need to pay for them.

You can also generate your own, for example by using our TLS certificate generator:


In that case, you will see a browser warning about the self-signed certificate that you will need to accept.

Hi,

I tried following the document and generate certificates using the offline TLS Tool. After generating the certificates, I have copied all those certs to the kibana/config folder and tried starting the services.
(Updated the kibana.yml with ssl related parameters). But, receiving the following error.

“FATAL Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt”.

I tried various combinations of the .pem and .key files, but nothing worked.
(In the following lines, I have provided root key entries, but I have tried with node1, spoc, kirk and other options too)

– Sample kibana.yml new lines –
server.ssl.enabled: true

server.ssl.key: /usr/share/kibana/config/root.key

server.ssl.certificate: /usr/share/kibana/config/root.pem

can you please guide on how to fix this and also what needs to be done for making https call to elastic search as well.

Hi,

The issue is fixed after I regenerated the certificates using openssl.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout kibana-access.key -out kibana-access.pem

Currently, when I login to kibana as the users kibanaserver or kibanaro or readall, I’m able to create/delete indices created by other users as well. I’m trying to restrict these by allowing index creation privilege to be provided only to kibanaserver user.

Please let me know if you are aware of any documentation that can be referred for changing the privileges for each of the users.

-Thanks.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.