Using search-guard-5:5.0.2-8 with Kibana 5.0.2

Hello,

I installed search-guard-5:5.0.2-8 on ES 5.0.2.

ES Config:

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_filepath: node-0-keystore.jks

searchguard.ssl.http.keystore_password: changeit

searchguard.ssl.http.truststore_filepath: truststore.jks

searchguard.ssl.http.truststore_password: changeit

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

It seems to work well using CURL:

curl -k -u admin:admin ‘https://localhost:9200/_cat/indices?v

health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

yellow open filebeat-2016.11.23 B8qrcb95Sy-n6x1uTOWKww 1 1 73208 0 28.6mb 28.6mb

yellow open filebeat-2016.11.24 tHb7l03aSQq3UbVMzM39Qw 1 1 3190 0 1.5mb 1.5mb

yellow open filebeat-2016.11.26 WWh_LvxUSdCaxsiAOSspqg 1 1 3118 0 1.5mb 1.5mb

yellow open filebeat-2016.11.28 X06EzIKPRCGKHHpYaJ1yCQ 1 1 3167 0 1.5mb 1.5mb

yellow open filebeat-2016.12.03 _J_twU57TzWuKhCQtAPiMA 1 1 39468 0 50.9mb 50.9mb

yellow open .kibana wAEVdbkkRiW1fGAEG1h0UQ 1 1 17 1 26.9kb 26.9kb

yellow open filebeat-2016.11.20 ghouHZEfSjahfkhaOHRoCw 5 1 24 0 65kb 65kb

yellow open filebeat-2016.12.05 1eNYGokVR26hl7wYZS3Bdg 1 1 142504 0 116.1mb 116.1mb

yellow open filebeat-2016.11.18 9l-M_XpuQ2SYZSX4R4MA5w 5 1 23 0 40kb 40kb

yellow open filebeat-2016.11.04 E6KNXFUBQ7Gpc7lLloUYug 5 1 1 0 7.2kb 7.2kb

yellow open filebeat-2016.11.19 gTad6GjOQ56-5-qTnOSmCQ 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.14 K8noeL_eRz6o96ZTyGF7Bw 5 1 2 0 13.7kb 13.7kb

yellow open filebeat-2016.11.27 mN-CBa8TQxep_zUqcSNfog 1 1 3136 0 1.4mb 1.4mb

yellow open filebeat-2016.11.29 99_ZX0jGQuC1j-MJ7dHcWQ 1 1 7160 0 3.4mb 3.4mb

yellow open filebeat-2016.11.11 LZCt3sP9THaZ2zBkYB1bIg 5 1 2 0 7.6kb 7.6kb

yellow open filebeat-2016.11.17 W2bhd2ohTYSeZWCeph64Pw 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.30 TQXY1b5DS5epw3EWJMDjyg 1 1 5360 0 2mb 2mb

green open searchguard -vbtm7USTZSLEmg76bdgCA 1 0 5 0 42.8kb 42.8kb

yellow open filebeat-2016.11.16 P6h7W6GJRnu5fePytz6zyQ 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.25 5GC5X9lZT96D9a6-0aQAUQ 1 1 3208 0 1.5mb 1.5mb

yellow open filebeat-2016.12.01 iKPP3MS5T4eG6pTbkN-pxA 1 1 206582 0 135.9mb 135.9mb

yellow open filebeat-2016.11.22 DaiEEK8KQnyncl-9SNGxIQ 5 1 5092 0 4.5mb 4.5mb

yellow open filebeat-2016.12.02 oxI9D9mjQdqYRmnzY0IFiQ 1 1 332681 0 281.5mb 281.5mb

yellow open filebeat-2016.11.09 280hW0WITx2Wb-ShRmp75g 5 1 2 0 13.7kb 13.7kb

yellow open filebeat-2016.11.21 CzSjWVPeTwaqXVQ_havfTg 5 1 25 0 40.8kb 40.8kb

yellow open filebeat-2016.11.15 0uzsP7SuQEq382db6Xt5hQ 5 1 5 0 21kb 21kb

yellow open filebeat-2016.12.04 7vgJK41CRaWLl_f40n0AXg 1 1 35039 0 24.6mb 24.6mb

With no credentials, we have the expected 401 error:

curl -i -k ‘https://localhost:9200/_cat/indices?v

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Basic realm=“Search Guard”

content-type: text/plain; charset=UTF-8

content-length: 12

Unauthorized

Kibana config:

elasticsearch.username: “admin”

elasticsearch.password: “admin”

server.ssl.cert: /etc/elasticsearch/server.crt // for Kibana https

server.ssl.key: /etc/elasticsearch/server.key // for Kibana https

elasticsearch.ssl.verify: false

console.proxyConfig:

  • match:

    protocol: “https”

    ssl:

    verify: false

Looking at Kibana 5.0.2 log everything starts well:

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“status_page”,“version”:“kibana”},“message”:“Initializing plugin status_page@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“status”,“plugin:elasticsearch@5.0.2”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from yellow to green - Kibana index ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“table_vis”,“version”:“kibana”},“message”:“Initializing plugin table_vis@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“tests_bundle”,“version”:“kibana”},“message”:“Initializing plugin tests_bundle@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“author”:“Rashid Khan rashid@elastic.co”,“name”:“timelion”,“version”:“kibana”},“message”:“Initializing plugin timelion@kibana”}

{“type”:“ops”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:,“pid”:27540,“os”:{“load”:[0.15625,0.03857421875,0.0107421875],“mem”:{“total”:17109417984,“free”:10931273728},“uptime”:1227651},“proc”:{“uptime”:10.094,“mem”:{“rss”:230359040,“heapTotal”:208535552,“heapUsed”:100101344},“delay”:1.5704848766326904},“load”:{“requests”:{},“concurrents”:{“5601”:0},“responseTimes”:{},“sockets”:{“http”:{“total”:0},“https”:{“total”:0}}},“message”:“memory: 95.5MB uptime: 0:00:10 load: [0.16 0.04 0.01] delay: 1.570”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“status”,“plugin:timelion@5.0.2”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“listening”,“info”],“pid”:27540,“message”:“Server running at https://localhost:5601”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“status”,“ui settings”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

when I try to access https://localhost:5601 on my browser I get:

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

In Kibana, there is an authentication exception:

{“type”:“error”,"@timestamp":“2016-12-06T21:17:56Z”,“tags”:,“pid”:27540,“level”:“error”,“message”:“Authentication Exception”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Error: Authentication Exception\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:289:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:248:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:164:7)\n at IncomingMessage.wrapper (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4994:19)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickDomainCallback (internal/process/next_tick.js:122:9)”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:"",“query”:{},“pathname”:"/app/kibana",“path”:"/app/kibana",“href”:"/app/kibana"}}

{“type”:“response”,"@timestamp":“2016-12-06T21:17:56Z”,“tags”:,“pid”:27540,“method”:“get”,“statusCode”:500,“req”:{“url”:"/app/kibana",“method”:“get”,“headers”:{“host”:“localhost:5601”,“user-agent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Firefox/45.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate”,“connection”:“keep-alive”},“remoteAddress”:“x.xx.xxx.xxx”,“userAgent”:“x.xx.xxx.xxx”},“res”:{“statusCode”:500,“responseTime”:65,“contentLength”:9},“message”:“GET /app/kibana 500 65ms - 9.0B”}

Nothing is logged in elasticsearch.log.

Any idea on what could cause this problem?

Kind regards,

Nicolas

Please see this post regarding the same topic:

https://groups.google.com/forum/#!topic/search-guard/Pta_cZLzW_k

···

Am Dienstag, 6. Dezember 2016 22:22:39 UTC+1 schrieb Nicolas Castet:

Hello,

I installed search-guard-5:5.0.2-8 on ES 5.0.2.

ES Config:

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_filepath: node-0-keystore.jks

searchguard.ssl.http.keystore_password: changeit

searchguard.ssl.http.truststore_filepath: truststore.jks

searchguard.ssl.http.truststore_password: changeit

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

It seems to work well using CURL:

curl -k -u admin:admin ‘https://localhost:9200/_cat/indices?v

health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

yellow open filebeat-2016.11.23 B8qrcb95Sy-n6x1uTOWKww 1 1 73208 0 28.6mb 28.6mb

yellow open filebeat-2016.11.24 tHb7l03aSQq3UbVMzM39Qw 1 1 3190 0 1.5mb 1.5mb

yellow open filebeat-2016.11.26 WWh_LvxUSdCaxsiAOSspqg 1 1 3118 0 1.5mb 1.5mb

yellow open filebeat-2016.11.28 X06EzIKPRCGKHHpYaJ1yCQ 1 1 3167 0 1.5mb 1.5mb

yellow open filebeat-2016.12.03 _J_twU57TzWuKhCQtAPiMA 1 1 39468 0 50.9mb 50.9mb

yellow open .kibana wAEVdbkkRiW1fGAEG1h0UQ 1 1 17 1 26.9kb 26.9kb

yellow open filebeat-2016.11.20 ghouHZEfSjahfkhaOHRoCw 5 1 24 0 65kb 65kb

yellow open filebeat-2016.12.05 1eNYGokVR26hl7wYZS3Bdg 1 1 142504 0 116.1mb 116.1mb

yellow open filebeat-2016.11.18 9l-M_XpuQ2SYZSX4R4MA5w 5 1 23 0 40kb 40kb

yellow open filebeat-2016.11.04 E6KNXFUBQ7Gpc7lLloUYug 5 1 1 0 7.2kb 7.2kb

yellow open filebeat-2016.11.19 gTad6GjOQ56-5-qTnOSmCQ 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.14 K8noeL_eRz6o96ZTyGF7Bw 5 1 2 0 13.7kb 13.7kb

yellow open filebeat-2016.11.27 mN-CBa8TQxep_zUqcSNfog 1 1 3136 0 1.4mb 1.4mb

yellow open filebeat-2016.11.29 99_ZX0jGQuC1j-MJ7dHcWQ 1 1 7160 0 3.4mb 3.4mb

yellow open filebeat-2016.11.11 LZCt3sP9THaZ2zBkYB1bIg 5 1 2 0 7.6kb 7.6kb

yellow open filebeat-2016.11.17 W2bhd2ohTYSeZWCeph64Pw 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.30 TQXY1b5DS5epw3EWJMDjyg 1 1 5360 0 2mb 2mb

green open searchguard -vbtm7USTZSLEmg76bdgCA 1 0 5 0 42.8kb 42.8kb

yellow open filebeat-2016.11.16 P6h7W6GJRnu5fePytz6zyQ 5 1 24 0 40.4kb 40.4kb

yellow open filebeat-2016.11.25 5GC5X9lZT96D9a6-0aQAUQ 1 1 3208 0 1.5mb 1.5mb

yellow open filebeat-2016.12.01 iKPP3MS5T4eG6pTbkN-pxA 1 1 206582 0 135.9mb 135.9mb

yellow open filebeat-2016.11.22 DaiEEK8KQnyncl-9SNGxIQ 5 1 5092 0 4.5mb 4.5mb

yellow open filebeat-2016.12.02 oxI9D9mjQdqYRmnzY0IFiQ 1 1 332681 0 281.5mb 281.5mb

yellow open filebeat-2016.11.09 280hW0WITx2Wb-ShRmp75g 5 1 2 0 13.7kb 13.7kb

yellow open filebeat-2016.11.21 CzSjWVPeTwaqXVQ_havfTg 5 1 25 0 40.8kb 40.8kb

yellow open filebeat-2016.11.15 0uzsP7SuQEq382db6Xt5hQ 5 1 5 0 21kb 21kb

yellow open filebeat-2016.12.04 7vgJK41CRaWLl_f40n0AXg 1 1 35039 0 24.6mb 24.6mb

With no credentials, we have the expected 401 error:

curl -i -k ‘https://localhost:9200/_cat/indices?v

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Basic realm=“Search Guard”

content-type: text/plain; charset=UTF-8

content-length: 12

Unauthorized

Kibana config:

elasticsearch.username: “admin”

elasticsearch.password: “admin”

server.ssl.cert: /etc/elasticsearch/server.crt // for Kibana https

server.ssl.key: /etc/elasticsearch/server.key // for Kibana https

elasticsearch.ssl.verify: false

console.proxyConfig:

  • match:
  protocol: "https"
ssl:
  verify: false

Looking at Kibana 5.0.2 log everything starts well:

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“status_page”,“version”:“kibana”},“message”:“Initializing plugin status_page@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“status”,“plugin:elasticsearch@5.0.2”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from yellow to green - Kibana index ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“table_vis”,“version”:“kibana”},“message”:“Initializing plugin table_vis@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“name”:“tests_bundle”,“version”:“kibana”},“message”:“Initializing plugin tests_bundle@kibana”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:48Z”,“tags”:[“plugins”,“debug”],“pid”:27540,“plugin”:{“author”:“Rashid Khan ras...@elastic.co”,“name”:“timelion”,“version”:“kibana”},“message”:“Initializing plugin timelion@kibana”}

{“type”:“ops”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:,“pid”:27540,“os”:{“load”:[0.15625,0.03857421875,0.0107421875],“mem”:{“total”:17109417984,“free”:10931273728},“uptime”:1227651},“proc”:{“uptime”:10.094,“mem”:{“rss”:230359040,“heapTotal”:208535552,“heapUsed”:100101344},“delay”:1.5704848766326904},“load”:{“requests”:{},“concurrents”:{“5601”:0},“responseTimes”:{},“sockets”:{“http”:{“total”:0},“https”:{“total”:0}}},“message”:“memory: 95.5MB uptime: 0:00:10 load: [0.16 0.04 0.01] delay: 1.570”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“status”,“plugin:timelion@5.0.2”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“listening”,“info”],“pid”:27540,“message”:“Server running at https://localhost:5601”}

{“type”:“log”,"@timestamp":“2016-12-06T21:14:51Z”,“tags”:[“status”,“ui settings”,“info”],“pid”:27540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}

when I try to access https://localhost:5601 on my browser I get:

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

In Kibana, there is an authentication exception:

{“type”:“error”,"@timestamp":“2016-12-06T21:17:56Z”,“tags”:,“pid”:27540,“level”:“error”,“message”:“Authentication Exception”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Error: Authentication Exception\n at respond (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:289:15)\n at checkRespForFailure (/opt/kibana/node_modules/elasticsearch/src/lib/transport.js:248:7)\n at HttpConnector. (/opt/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:164:7)\n at IncomingMessage.wrapper (/opt/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4994:19)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickDomainCallback (internal/process/next_tick.js:122:9)”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:"",“query”:{},“pathname”:"/app/kibana",“path”:"/app/kibana",“href”:"/app/kibana"}}

{“type”:“response”,"@timestamp":“2016-12-06T21:17:56Z”,“tags”:,“pid”:27540,“method”:“get”,“statusCode”:500,“req”:{“url”:"/app/kibana",“method”:“get”,“headers”:{“host”:“localhost:5601”,“user-agent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Firefox/45.0”,“accept”:“text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8”,“accept-language”:“en-US,en;q=0.5”,“accept-encoding”:“gzip, deflate”,“connection”:“keep-alive”},“remoteAddress”:“x.xx.xxx.xxx”,“userAgent”:“x.xx.xxx.xxx”},“res”:{“statusCode”:500,“responseTime”:65,“contentLength”:9},“message”:“GET /app/kibana 500 65ms - 9.0B”}

Nothing is logged in elasticsearch.log.

Any idea on what could cause this problem?

Kind regards,

Nicolas