Question about basic setup

I’ve used the sample config from the readme,

···

#####################################################

Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)

searchguard.authentication.authorization.settingsdb.roles.spock: [“kolinahr”,“starfleet”,“command”]

searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]

searchguard.authentication.authorization.settingsdb.roles.michaeljackson: [“kingofpop”,“superstar”]

#####################################################

#############################################################################################

#Below here you configure what authenticated and authorized users are allowed to do (or not)#

#This maps to the acl defined in the searchguard configuration index #

#############################################################################################

Configure the actionrequestfilter to allow or forbid action

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:", "indices:admin”]

``

and I’ve added the user roles in the sample acl under the searchguard index

curl -XPUT ‘http://localhost:9200/searchguard/ac/ac?pretty’ -d ’

{“acl”: [
{
Comment”: “Default is to execute all filters”,
“filters_bypass”: ,
“filters_execute”: [""]
},
{
Comment”: “Any authenticated user do anything on the ‘public’ index - no filter will be executed”,
“indices”: [“public”],
“filters_bypass”: ["
"],
“filters_execute”:
},
{
Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,
“roles” : [“starfleet”, “command”],
“indices”: [“starfleetinfos”],
“filters_bypass”: [""],
“filters_execute”: []
},
{
Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,
“roles”: [
“root”
],
“filters_bypass”: ["
"],
“filters_execute”:
},
{
Comment”: “This means that the user michaeljackson can do anything on index popstuff.”,
“users”: [“michaeljackson”],
“indices”: [“popstuff”],
“filters_bypass”: ["*"],
“filters_execute”:
},
{
Comment”: “This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other”,
“users”: [“spock”],
“indices”: [“popstuff”],
“filters_bypass”: ,
“filters_execute”: [“actionrequestfilter.readonly”]
}
]}’

``

I’ve also had to add
searchguard.check_for_root: false

``

since I’m running on a Windows machine as an admin user. Now when I start up my nodes, it doesn’t seem like there’s any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with

[com.floragunn.searchguard.service.SearchGuardConfigService] Security configuration reloaded

``

Does anyone know what the problem might be? Thanks!

It seems like there is an error here:

[2015-06-23 17:18:00,530][ERROR][com.floragunn.searchguard.service.SearchGuardCo

nfigService] [Optimize Node] Try to refresh security configuration but it failed

due to org.elasticsearch.action.NoShardAvailableActionException: [searchguard][

4] null

``

The NoShardAvailableException appears whenever I run the .bat file - even for the first time.

···

On Tuesday, June 23, 2015 at 5:07:39 PM UTC-4, Nathan Miranda wrote:

I’ve used the sample config from the readme,

#####################################################

Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)

searchguard.authentication.authorization.settingsdb.roles.spock: [“kolinahr”,“starfleet”,“command”]

searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]

searchguard.authentication.authorization.settingsdb.roles.michaeljackson: [“kingofpop”,“superstar”]

#####################################################

#############################################################################################

#Below here you configure what authenticated and authorized users are allowed to do (or not)#

#This maps to the acl defined in the searchguard configuration index #

#############################################################################################

Configure the actionrequestfilter to allow or forbid action

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:", "indices:admin”]

``

and I’ve added the user roles in the sample acl under the searchguard index

curl -XPUT ‘http://localhost:9200/searchguard/ac/ac?pretty’ -d ’

{“acl”: [
{
Comment”: “Default is to execute all filters”,
“filters_bypass”: ,
“filters_execute”: [""]
},
{
Comment”: “Any authenticated user do anything on the ‘public’ index - no filter will be executed”,
“indices”: [“public”],
“filters_bypass”: ["
"],
“filters_execute”:
},
{
Comment”: “This means any user with the role starfleet or command can do anything with the starfleetinfos index”,
“roles” : [“starfleet”, “command”],
“indices”: [“starfleetinfos”],
“filters_bypass”: [""],
“filters_execute”: []
},
{
Comment”: “This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything”,
“roles”: [
“root”
],
“filters_bypass”: ["
"],
“filters_execute”:
},
{
Comment”: “This means that the user michaeljackson can do anything on index popstuff.”,
“users”: [“michaeljackson”],
“indices”: [“popstuff”],
“filters_bypass”: ["*"],
“filters_execute”:
},
{
Comment”: “This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other”,
“users”: [“spock”],
“indices”: [“popstuff”],
“filters_bypass”: ,
“filters_execute”: [“actionrequestfilter.readonly”]
}
]}’

``

I’ve also had to add
searchguard.check_for_root: false

``

since I’m running on a Windows machine as an admin user. Now when I start up my nodes, it doesn’t seem like there’s any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with

[com.floragunn.searchguard.service.SearchGuardConfigService] Security configuration reloaded

``

Does anyone know what the problem might be? Thanks!

does this problem still occur? cause in you other post it seems you SG up and running.

···

Am 23.06.2015 um 23:19 schrieb Nathan Miranda <nate845@gmail.com>:

It seems like there is an error here:

[2015-06-23 17:18:00,530][ERROR][com.floragunn.searchguard.service.SearchGuardCo
nfigService] [Optimize Node] Try to refresh security configuration but it failed
due to org.elasticsearch.action.NoShardAvailableActionException: [searchguard][
4] null

The NoShardAvailableException appears whenever I run the .bat file - even for the first time.

On Tuesday, June 23, 2015 at 5:07:39 PM UTC-4, Nathan Miranda wrote:
I've used the sample config from the readme,

#####################################################
# Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)
searchguard.authentication.authorization.settingsdb.roles.spock: ["kolinahr","starfleet","command"]
searchguard.authentication.authorization.settingsdb.roles.admin: ["root"]
searchguard.authentication.authorization.settingsdb.roles.michaeljackson: ["kingofpop","superstar"]
#####################################################

#############################################################################################
#Below here you configure what authenticated and authorized users are allowed to do (or not)#
#This maps to the acl defined in the searchguard configuration index #
#############################################################################################

# Configure the actionrequestfilter to allow or forbid action
searchguard.actionrequestfilter.names: ["readonly"]
searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:*", "indices:admin*"]

and I've added the user roles in the sample acl under the searchguard index

curl -XPUT 'http://localhost:9200/searchguard/ac/ac?pretty' -d '

{"acl": [
    {
      "__Comment__": "Default is to execute all filters",
      "filters_bypass": ,
      "filters_execute": ["*"]
    },
    {
      "__Comment__": "Any authenticated user do anything on the 'public' index - no filter will be executed",
      "indices": ["public"],
      "filters_bypass": ["*"],
      "filters_execute":
    },
    {
      "__Comment__": "This means any user with the role starfleet or command can do anything with the starfleetinfos index",
      "roles" : ["starfleet", "command"],
      "indices": ["starfleetinfos"],
      "filters_bypass": ["*"],
      "filters_execute":
    },
    {
      "__Comment__": "This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything",
      "roles": [
        "root"
      ],
      "filters_bypass": ["*"],
      "filters_execute":
    },
    {
      "__Comment__": "This means that the user michaeljackson can do anything on index popstuff.",
      "users": ["michaeljackson"],
      "indices": ["popstuff"],
      "filters_bypass": ["*"],
      "filters_execute":
    },
    {
      "__Comment__": "This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other",
      "users": ["spock"],
      "indices": ["popstuff"],
      "filters_bypass": ,
      "filters_execute": ["actionrequestfilter.readonly"]
    }
    
  ]}'

I've also had to add
searchguard.check_for_root: false

since I'm running on a Windows machine as an admin user. Now when I start up my nodes, it doesn't seem like there's any security in place - I can curl anything and update docs/indexes without any prompts for authentication, which is probably related to the fact that my elasticsearch.bat files keep reloading their status every second with

[com.floragunn.searchguard.service.SearchGuardConfigService] Security configuration reloaded

Does anyone know what the problem might be? Thanks!

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dc2dc8ee-8f33-4a10-a530-fe2a2926b452%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.