es6.6.1匹配Search Guard

最近企业多次发生es数据泄露事件,因为es数据库本身并没有防范机制。目前常见的安全防范方式有

  1. X-Pack Elasticsearch Security,收费License
  2. Search Guard,免费开源
    下面就Search Guard,将其最小化安装到es集群。
版本
  1. elasticsearch-6.6.1.rpm
  2. search-guard-6-6.6.1-24.1.zip
    针对不同版本的elasticsearch ,可以下载对应版本的search-guardsearch Guard Version
安装
  1. 切换到Elasticsearch安装目录并键入
bin/elasticsearch-plugin install -b file:///path/to/search-guard-6-<version>.zip

上图红色箭头表示安装完成
安装完成

  1. 初始化
[root@gs-server-6012 tools]# pwd
/usr/share/elasticsearch/plugins/search-guard-6/tools
[root@gs-server-6012 tools]# sh install_demo_configuration.sh 
Search Guard 6 Demo Installer
 ** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:
  - Virtual memory (vm.max_map_count)
    See https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for 'sudo' privileges
Elasticsearch install type: rpm/deb on CentOS Linux release 7.3.1611 (Core) 
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.6.1
Detected Search Guard Version: 6.6.1-24.1

### Success
### Execute this script now on all your nodes and then start all nodes
### Search Guard will be automatically initialized.
### If you like to change the runtime configuration 
### change the files in ../sgconfig and execute: 
sudo "/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh" -cd "/usr/share/elasticsearch/plugins/search-guard-6/sgconfig" -icl -key "/etc/elasticsearch/kirk-key.pem" -cert "/etc/elasticsearch/kirk.pem" -cacert "/etc/elasticsearch/root-ca.pem" -nhnv
### or run ./sgadmin_demo.sh
### To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui
### To access your Search Guard secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.
### (Ignore the SSL certificate warning because we installed self-signed demo certificates)

运行中遇到【y/N】输入y
运行install_demo_configuration.sh,该脚本会将秘钥文件生成,并cp到/config下,同时append sg配置内容到/config/elasticsearch.yml

cat /etc/elasticsearch/elasticsearch.yml

在这里插入图片描述

  1. 重启es
systemctl restart elasticsearch

重启成功后es head插件访问http://ip:9200
在这里插入图片描述
无法打开
访问https://ip:9200/_searchguard/authinfo
在这里插入图片描述在这里插入图片描述用户名:admin
passwd:admin
在这里插入图片描述
head插件
在这里插入图片描述

已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 技术黑板 设计师:CSDN官方博客 返回首页