is there any additional function to prevent brute force attack?

  • Elastic search version : 6.5.2 Search guard: equivalent to Elastic search
  • Java 10 with MacOS

I just created log-in page (search-guard) for kibana.

after the creation, I have a question

is there any way(function) to prevent brute force attack in search guard?

(for example, if someone typed at least 5times incorrect password on my kibana log-in page, it should be locked for 30 secs

Moreover, infinite number of incorrection were typed then, the account has to be locked)

Depends on your authentication backend. For example with LDAP/AD this is no problem.
The internal authentication backend in Search Guard does not have such a functionality.

···

Am 21.01.2019 um 10:55 schrieb Jin Park <jpar303@gmail.com>:

  • Elastic search version : 6.5.2 Search guard: equivalent to Elastic search
  • Java 10 with MacOS

I just created log-in page (search-guard) for kibana.
after the creation, I have a question

is there any way(function) to prevent brute force attack in search guard?

(for example, if someone typed at least 5times incorrect password on my kibana log-in page, it should be locked for 30 secs
Moreover, infinite number of incorrection were typed then, the account has to be locked)

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/13596915-299b-4cd1-bcb1-da7b7749aadb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.