elasticsearch基本安全

最新推荐文章于 2024-08-14 12:16:30 发布

亚林瓜子

最新推荐文章于 2024-08-14 12:16:30 发布

阅读量628

点赞数

阿弥陀佛欢迎流通功德无量

本文链接：https://blog.csdn.net/fxtxz2/article/details/105707317

版权

目标

为elasticsearch分配用户角色权限。

步骤

elasticsearch设置

打开安全检查

bin/elasticsearch -E node.name=node0 -E cluster.name=mycluster -E path.data=node0_data -E http.port=9200 -E xpack.security.enabled=true

尝试查看集群

打开链接：
http://localhost:9200/_cat/nodes?pretty
效果如下：
es_rbac

设置es默认账户

bin/elasticsearch-setup-passwords interactive

设置完密码之后，下面6个用户的密码就被改变了。

Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

测试设置是否生效

curl -u elastic 'localhost:9200/_cat/nodes?pretty'
Enter host password for user 'elastic':
127.0.0.1 33 97 8 1.70   dilm * node0

kibana设置

设置kibana访问es集群账户

# 修改kibana配置文件
vim ~/Downloads/kibana-7.6.1-darwin-x86_64/config/kibana.yml

找到如下文件,进行修改：

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
# elasticsearch.username: "kibana"
# elasticsearch.password: "pass"

打开elasticsearch.username和elasticsearch.password设置kibana访问es集群密码，即可。

启动kibana

~/Downloads/kibana-7.6.1-darwin-x86_64/bin/kibana

使用es账户登录kibana

打开链接：
http://localhost:5601
效果如下图：
使用es账户登录kibana
这里是使用的elastic用户是es超级用户。

RBAC设置

写入种子数据

# 写入文档并创建my_index索引
PUT my_index/_doc/1
{
  "full_text":   "Quick Brown Foxes!"
}
# 写入结果
{
  "_index" : "my_index",
  "_type" : "_doc",
  "_id" : "1",
  "_version" : 1,
  "result" : "created",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 0,
  "_primary_term" : 1
}

# 使用下面方式可以进行精确匹配
GET my_index/_search?pretty
{
  "query": {
    "term": {
      "full_text.keyword": "Quick Brown Foxes!"
    }
  }
}
# 查找结果：
{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "my_index",
        "_type" : "_doc",
        "_id" : "1",
        "_score" : 0.2876821,
        "_source" : {
          "full_text" : "Quick Brown Foxes!"
        }
      }
    ]
  }
}

设置角色

准备种子数据之后，设置索引my_index的读取权限和角色，具体如下图：

kibana角色
设置这个角色read_my_index的kibana权限：
kibana角色权限设置

设置用户

创建用户

测试rbac效果

使用用户my_user登录kibana，然后对my_index进行查询和删除操作：

# 使用下面方式可以进行精确匹配
GET my_index/_search?pretty
{
  "query": {
    "term": {
      "full_text.keyword": "Quick Brown Foxes!"
    }
  }
}
# 查询结果：
{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "my_index",
        "_type" : "_doc",
        "_id" : "1",
        "_score" : 0.2876821,
        "_source" : {
          "full_text" : "Quick Brown Foxes!"
        }
      }
    ]
  }
}
# 尝试删除索引
DELETE my_index
# 删除结果：
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:admin/delete] is unauthorized for user [my_user]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:admin/delete] is unauthorized for user [my_user]"
  },
  "status" : 403
}

从这里可以看出es的rbac生效了，这个用户只有查询权限，没有删除权限。