Best IT Recipes

Authentication in Elasticsearch

How to determine security access in Elasticsearch? I have an elasksearch-head plugin, but your access does not require any security.

+69
security authentication elasticsearch
Mar 31 '12 at 12:59
source share
10 answers

The plugin mentioned in this answer is no longer supported.



There is no built-in access control in elasticsearch. So, you need to configure the reverse proxy (here is a blog post on how to configure nginx), use one of the third-party elasticsearch plugins, such as https://github.com/Asquera/elasticsearch-http-basic or use the official Shield security plugin.

+60
Mar 31 '12 at 20:30
source share

Elasticsearch now has a security plugin http://www.elasticsearch.org/blog/shield-know-security-coming-soon/

+7
Dec 23 '14 at 14:40
source share

Update . This work is pretty good and (for most features) free and open source: https://github.com/floragunncom/search-guard

NOTE. The plugin mentioned in this article is no longer supported.



Maybe this helps: https://github.com/salyh/elasticsearch-security-plugin

This plugin adds http / rest security functionality to Elasticsearch as separate modules. Instead of Netty, the built-in Tomcat 7 is used to process http / rest requests.

Currently, for user-based authentication and authorization, Kerberos and NTLM are supported through a third-party waffle library (only on Windows servers). For UNIX servers, Kerberos is supported through the third-party tomcatspnegoad library (works with any kerberos implementation. Active Directory and general LDAP are supported for authorization).

You can also use this plugin without Kerberos / NTLM, but then only host-based authentication is available.

+6
Nov 20 '13 at 9:23
source share

<shamelessPlug>

Sorry, but I have serious doubts about all of these plugins and proxies that are only trying to capture requests with sloppy regex at the HTTP level.

Will you repeat all possible ES syntaxes that can record? How do you filter by index? What about index aliases? Multi index queries?

The only clean way to control access - AFTER ElasticSearch analyzed the queries. This is exactly what the Shield does!

I wrote a licensed MIT plugin ( readonly-rest-plugin ) that does just that.

You can match the query:

  • βœ” ️ Hostname, IP and IP with network mask

  • βœ” ️ Indexes (supported wildcards) and index aliases are allowed

  • βœ” HTTP Basic Auth

It also supports top-notch Kibana authentication support :)

</shamelessPlug>

+5
Apr 04 '16 at 21:40
source share

If you want to use basic authentication with Kibana3, here is my solution:

https://github.com/fangli/kibana-authentication-proxy

Support not only the basic server BasicAuth ES, but also GoogleOAuth and BasicAuth for the client. Please give the star if it works for you, thanks.

+3
Dec 20 '13 at 6:01
source share

Try Shield . It has authentication and authorization. At the moment he needs a license. It won’t be too long until people create similar open source plugins.

+3
Feb 12 '15 at 12:34
source share

As for a specific solution to this problem, I came across the following: this is a simple implementation of the reverse proxy approach mentioned in other answers:

https://gist.github.com/jpluscplusm/9227777

As a warning, at least some of them in Elasticsearch do not consider the nginx solution optimal, but I think it depends on the specifics of your authentication requirements (RBAC, number of users, number of indexes, frequency of access list changes). For some users (including myself) the first example is enough.

http://www.elasticsearch.org/blog/restricting-users-kibana-filtered-aliases/

If you find that the nginx requirements specification isnt met, maybe something like this: https://github.com/lukas-vlcek/node.es

+1
Jul 23 '14 at 20:57
source share

Since ElasticSearch is a kind of database service, you probably won’t want to publish it publicly.

I do not trust plugins to do this for me, so I did with the nginx proxy.

This tutorial is very useful:

http://www.minvolai.com/blog/2014/08/Setting-up-a-Secure-Single-Node-Elasticsearch-server-behind-Nginx/Setting-up-a-Secure-Single-Node-Elasticsearch- server-behind-nginx /

+1
Apr 30 '15 at 12:04
source share

I am very new to ElasticSearch, but I feel that the X-Pack plugin should appear here as an answer: https://www.elastic.co/guide/en/x-pack/current/index.html

I understand that the X-Pack is now the de facto standard for protecting ElasticSearch (and much more), including authentication.

+1
Apr 18 '17 at 18:15
source share

Yes, now the only preferred way to enable protection in elasticsearch is through the X-Pack plugin.

https://www.elastic.co/guide/en/x-pack/current/xpack-introduction.html

This is a multi-purpose plugin and is well suited for security purposes, as you can also use monitoring and configure alerts and notifications to suit your needs.

As you already know, I'm sure elasticsearch will continue this for entry.

0
Sep 12 '17 at 11:55 on
source share


More articles:


All Articles