Search Guard Kibana plugin

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

I am using SearchGuard Enterprise License 6.1.1 version , Will this license include “Search Guard Kibana plugin”

or need additional cost?

The Kibana Plugin is licensed under Apache2, so you are free to use and modify it without any cost.

···

On Thursday, August 9, 2018 at 7:20:33 PM UTC+2, rud wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I am using SearchGuard Enterprise License 6.1.1 version , Will this license include “Search Guard Kibana plugin”

or need additional cost?

Thank You , I have kibana is already installed in my environment.(Please find the screenshot)but there is no searchguard configuration GUI.

Now I am trying to install the download plugin to get the SG UI with below.


  • Stop Kibana
  • cd into your Kibana installation directory.
  • Execute:bin/kibana-plugin install search-guard-kibana-plugin-6.1.1-12.zip

My current configuration is below

–elasticsearch.yml-----

#: SG - Https for client nodes only
searchguard.ssl.http.enabled: false

searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false

—sg_config.yml----

  searchguard:
dynamic:
kibana:
 multitenancy_enabled: true
      server_username: "bdm156"
index: ".kibana"
      do_not_fail_on_forbidden: false
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: "192\\.168\\.0\\.10|192\\.168\        \.0\\.11"
remoteIpHeader: "X-Forwarded-For"
proxiesHeader: "X-Forwarded-By"
  authc:

ldap:
enabled: true
order: 1
http_authenticator:
type: “basic”
challenge: tru e
authentication_backend:
type: “ldap”

clientcert_auth_domain:
        enabled: true
        order: 0
 http_authenticator:
type: "clientcert"
          challenge: false
config:
username_attribute: "cn"
authentication_backend:
type: "noop"
  authz:

roles_from_myldap:
enabled: true
authorization_backend:
type: “ldap”
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false

----kibana.yml—

searchguard.basicauth.enabled: true
#: https must be enabled for below
searchguard.cookie.secure: true

Multitenancy

···

searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true


elasticsearch.requestHeadersWhitelist: [ “sg_tenant”, “X-Authenticated-User”, “Authorization”, “X-Forwarded-For”, “X-Forwarded-Server”, "X-Forwarded-By
, “X-Proxy-User”, “X-Proxy-Roles”, “X-Client-Cert” ]

- 1)will it automatically update the kibana (for searchguard gui)as soon as i install with out cluster restart?
- 2)Do i need to add any other configurations before installing the plugin?

3)which access i need to install? anything to do with below.

If you have [restricted certain endpoints](https://docs.search-guard.com/latest/rest-api-access-control) for the currently logged in user, the plugin will automatically disable these features.

For everything to work, the logged in user should have:

- Access to the `ACTIONGROUPS` endpoint with `GET` method
- Otherwise, autocompletion of action groups will not work
- the permission `indices:admin/validate/query` on all indices
- Otherwise, the syntax check for DLS queries will not work

- 

On Thursday, August 9, 2018 at 3:38:28 PM UTC-5, Jochen Kressin wrote:
> The Kibana Plugin is licensed under Apache2, so you are free to use and modify it without any cost.
> 
> On Thursday, August 9, 2018 at 7:20:33 PM UTC+2, rud wrote:
> > When asking questions, please provide the following information:
> > 

> > * Search Guard and Elasticsearch version

> > * Installed and used enterprise modules, if any

> > * JVM version and operating system version

> > * Search Guard configuration files

> > * Elasticsearch log messages on debug level

> > * Other installed Elasticsearch or Kibana plugins, if any

> > 

> > I am using SearchGuard Enterprise License 6.1.1 version , Will this license include  "Search Guard Kibana plugin"

> > 

> > or need additional cost?

</details>

you need to configure the roles that should have access to the GUI in elasticsearch:

searchguard.restapi.roles_enabled: [“sg_all_access”, …]

``

(https://docs.search-guard.com/latest/configuration-gui)

Also, in sg_config.yml you configured:

server_username: "bdm156"

What is this user? Have you configured it in kibana.yml?

<details class='elided'>
<summary title='Show trimmed content'>&#183;&#183;&#183;</summary>

On Thursday, August 9, 2018 at 11:47:20 PM UTC+2, rud wrote:
> Thank You , I have kibana  is already installed in my environment.(Please find the screenshot)but there is no searchguard configuration GUI.
> 

> Now I am trying to install the download plugin to get the SG UI with below.

> 

> ```
> 
> ```
> - Stop Kibana
> - cd into your Kibana installation directory.
> - Execute:bin/kibana-plugin install search-guard-kibana-plugin-6.1.1-12.zip
> 

> My current configuration is below

> 

> --elasticsearch.yml-----

> 

> ```
> #: SG - Https for client nodes only
> searchguard.ssl.http.enabled: false
> ```
> ```
> 
> 
> ```
> ```
> ```
> searchguard.ssl.transport.enforce_hostname_verification: false
> searchguard.ssl.transport.resolve_hostname: false
> ```
> ```
> ---sg_config.yml----
> 
> ```
> ```
> 
> 
> ```
> ```
> ```
>   searchguard:
> dynamic:
> kibana:
>  multitenancy_enabled: true
>       server_username: "bdm156"
> index: ".kibana"
>       do_not_fail_on_forbidden: false
> http:
> anonymous_auth_enabled: false
> xff:
> enabled: false
> internalProxies: "192\\.168\\.0\\.10|192\\.168\        \.0\\.11"
> remoteIpHeader: "X-Forwarded-For"
> proxiesHeader: "X-Forwarded-By"
> ```
> ```
> ```
>       authc:
> ldap:
> enabled: true
> order: 1
>        http_authenticator:
> type: "basic"
> challenge: tru        e
> authentication_backend:
> type: "ldap"
> ```
> ```
> ```
> clientcert_auth_domain:
>         enabled: true
>         order: 0
>  http_authenticator:
> type: "clientcert"
>           challenge: false
> config:
> username_attribute: "cn"
> authentication_backend:
> type: "noop"
> ```
> ```
> ```
>       authz:
> roles_from_myldap:
> enabled: true
> authorization_backend:
> type: "ldap"
> config:
> enable_ssl: false
> enable_start_tls: false
> enable_ssl_client_auth: false
> verify_hostnames: false
> ```
> ```
> 
> 
> ```
> ```
> ----kibana.yml---
> ```
> ```
> 
> 
> ```
> ```
> searchguard.basicauth.enabled: true
> #: https must be enabled for below
> searchguard.cookie.secure: true
> 
> ```
> ```
> # Multitenancy
> #
> searchguard.multitenancy.enabled: true
> searchguard.multitenancy.tenants.enable_global: true
> searchguard.multitenancy.tenants.enable_private: true
> 
> ```
> 

> ```
> 
> 
> ```
> ```
> elasticsearch.requestHeadersWhitelist: [ "sg_tenant", "X-Authenticated-User", "Authorization", "X-Forwarded-For", "X-Forwarded-Server", "X-Forwarded-By
> , "X-Proxy-User", "X-Proxy-Roles", "X-Client-Cert" ]
> ```
> ```
> 
> ```
> - 1)will it automatically update the kibana (for searchguard gui)as soon as i install with out cluster restart?
> - 2)Do i need to add any other configurations before installing the plugin?
> 

> 3)which access i need to install? anything to do with below.

> If you have [restricted certain endpoints](https://docs.search-guard.com/latest/rest-api-access-control) for the currently logged in user, the plugin will automatically disable these features.

> For everything to work, the logged in user should have:

> - Access to the `ACTIONGROUPS` endpoint with `GET` method
> - Otherwise, autocompletion of action groups will not work
> - the permission `indices:admin/validate/query` on all indices
> - Otherwise, the syntax check for DLS queries will not work

> - 

> On Thursday, August 9, 2018 at 3:38:28 PM UTC-5, Jochen Kressin wrote:
> > The Kibana Plugin is licensed under Apache2, so you are free to use and modify it without any cost.
> > 
> > On Thursday, August 9, 2018 at 7:20:33 PM UTC+2, rud wrote:
> > > When asking questions, please provide the following information:
> > > 

> > > * Search Guard and Elasticsearch version

> > > * Installed and used enterprise modules, if any

> > > * JVM version and operating system version

> > > * Search Guard configuration files

> > > * Elasticsearch log messages on debug level

> > > * Other installed Elasticsearch or Kibana plugins, if any

> > > 

> > > I am using SearchGuard Enterprise License 6.1.1 version , Will this license include  "Search Guard Kibana plugin"

> > > 

> > > or need additional cost?

</details>

bdm156 is Kibana Server User (for authenticating to ES) in sg_cpnfig.yml but It’s not in kibana.yml.

···

On Fri, Aug 10, 2018 at 4:02 AM, Jochen Kressin jkressin@floragunn.com wrote:

you need to configure the roles that should have access to the GUI in elasticsearch:

searchguard.restapi.roles_enabled: [“sg_all_access”, …]

``

(https://docs.search-guard.com/latest/configuration-gui)

Also, in sg_config.yml you configured:

server_username: "bdm156"

What is this user? Have you configured it in kibana.yml?

On Thursday, August 9, 2018 at 11:47:20 PM UTC+2, rud wrote:

Thank You , I have kibana is already installed in my environment.(Please find the screenshot)but there is no searchguard configuration GUI.

Now I am trying to install the download plugin to get the SG UI with below.


  • Stop Kibana
  • cd into your Kibana installation directory.
  • Execute:bin/kibana-plugin install search-guard-kibana-plugin-6.1.1-12.zip

My current configuration is below

–elasticsearch.yml-----

#: SG - Https for client nodes only
searchguard.ssl.http.enabled: false


searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false

—sg_config.yml----

  searchguard:
dynamic:
kibana:
 multitenancy_enabled: true
      server_username: "bdm156"
index: ".kibana"
      do_not_fail_on_forbidden: false
http:
anonymous_auth_enabled: false
xff:
enabled: false
internalProxies: "192\\.168\\.0\\.10|192\\.168\        \.0\\.11"
remoteIpHeader: "X-Forwarded-For"
proxiesHeader: "X-Forwarded-By"
  authc:

ldap:
enabled: true
order: 1
http_authenticator:
type: “basic”
challenge: tru e
authentication_backend:
type: “ldap”

clientcert_auth_domain:
        enabled: true
        order: 0
 http_authenticator:
type: "clientcert"
          challenge: false
config:
username_attribute: "cn"
authentication_backend:
type: "noop"
  authz:

roles_from_myldap:
enabled: true
authorization_backend:
type: “ldap”
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false

----kibana.yml—

searchguard.basicauth.enabled: true
#: https must be enabled for below
searchguard.cookie.secure: true

# Multitenancy
#
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true



elasticsearch.requestHeadersWhitelist: [ "sg_tenant", "X-Authenticated-User", "Authorization", "X-Forwarded-For", "X-Forwarded-Server", "X-Forwarded-By
, "X-Proxy-User", "X-Proxy-Roles", "X-Client-Cert" ]

  • 1)will it automatically update the kibana (for searchguard gui)as soon as i install with out cluster restart?
  • 2)Do i need to add any other configurations before installing the plugin?

3)which access i need to install? anything to do with below.

If you have restricted certain endpoints for the currently logged in user, the plugin will automatically disable these features.

For everything to work, the logged in user should have:

  • Access to the ACTIONGROUPS endpoint with GET method
  • Otherwise, autocompletion of action groups will not work
  • the permission indices:admin/validate/query on all indices
  • Otherwise, the syntax check for DLS queries will not work

On Thursday, August 9, 2018 at 3:38:28 PM UTC-5, Jochen Kressin wrote:

The Kibana Plugin is licensed under Apache2, so you are free to use and modify it without any cost.

On Thursday, August 9, 2018 at 7:20:33 PM UTC+2, rud wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

I am using SearchGuard Enterprise License 6.1.1 version , Will this license include “Search Guard Kibana plugin”

or need additional cost?

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/g3SDu6-bID4/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/3e5a67aa-83f2-4f36-8a6d-91ed82d484d6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.