{"id":11257,"date":"2022-01-20T22:39:13","date_gmt":"2022-01-20T19:39:13","guid":{"rendered":"https:\/\/kifarunix.com\/?p=11257"},"modified":"2024-03-14T19:10:27","modified_gmt":"2024-03-14T16:10:27","slug":"how-to-enable-basic-authentication-on-elk-stack","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-enable-basic-authentication-on-elk-stack\/","title":{"rendered":"How to Enable Basic Authentication on ELK Stack"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic\/ELK stack supports user authentication. This enables it to restrict access to various resources within the cluster. To access these resources when authentication is enabled, a user has to prove their identity using username\/passwords or other forms of identity depending on the authentication <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/realms.html\" target=\"_blank\" rel=\"noreferrer noopener\">realm<\/a> enabled.<\/p>\n\n\n\n<p>Note that this guide is tested only on a single node cluster.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#enabling-authentication-on-elk-stack\">Enabling Authentication on ELK Stack<\/a><ul><li><a href=\"#stop-both-kibana-and-elasticsearch\">Stop both Kibana and Elasticsearch<\/a><\/li><li><a href=\"#enable-elasticsearch-security-features\">Enable Elasticsearch Security Features<\/a><\/li><li><a href=\"#start-elasticsearch\">Start Elasticsearch<\/a><\/li><li><a href=\"#create-passwords-for-in-built-elastic-users\">Create Passwords for In-built Elastic Users<\/a><ul><li><a href=\"#generate-passwords-interactively\">Generate passwords interactively<\/a><\/li><li><a href=\"#generate-passwords-automatically\">Generate passwords automatically<\/a><\/li><\/ul><\/li><li><a href=\"#enable-kibana-elasticsearch-authenticated-connection\">Enable Kibana-Elasticsearch Authenticated connection<\/a><ul><li><a href=\"#set-the-authentication-username\">Set the authentication username<\/a><\/li><\/ul><\/li><li><a href=\"#start-kibana-service\">Start Kibana Service<\/a><\/li><li><a href=\"#kibana-login-page\">Kibana Login Page<\/a><\/li><li><a href=\"#reference\">Reference<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enabling-authentication-on-elk-stack\">Enabling Authentication on ELK Stack<\/h2>\n\n\n\n<p>Apart from the usual basic username and password authentication, Elastic stack supports other authentication services such as LDAP, Active Directory etc.<\/p>\n\n\n\n<p>Before you can proceed, ensure you have a running Elastic stack;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elk-stack-on-debian-11\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install ELK Stack on Debian 11<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elk-stack-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install ELK Stack on Rocky Linux 8<\/a><\/p>\n\n\n\n<p>Thus, to enable basic authentication on ELK stack;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"stop-both-kibana-and-elasticsearch\">Stop both Kibana and Elasticsearch<\/h3>\n\n\n\n<p>To stop Kibana service, run the command below. Note that we assume that you are using a system that uses SystemD to control service unit.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl stop kibana<\/code><\/pre>\n\n\n\n<p>Depending on whether you are running a single node or a cluster of Elasticsearch nodes, run the command below to stop the service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl stop elasticsearch<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-elasticsearch-security-features\">Enable Elasticsearch Security Features<\/h3>\n\n\n\n<p>If you are running ELK stack with a basic or trial License, the basic security is disabled by default. Thus, to enable basic security feature in Elasticsearch, set the value of <strong><code>xpack.security.enabled<\/code><\/strong> to <strong><code>true<\/code><\/strong> in Elasticsearch configuration file, <code><strong>ES_PATH_CONF\/elasticsearch.yml<\/strong><\/code>. Where ES_PATH_CONF can be <strong><code>\/etc\/elasticsearch<\/code><\/strong> as for my setup.<\/p>\n\n\n\n<p>Thus, this can be done by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak '$ a xpack.security.enabled: true' \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<p>The command will create a back up file for the configuration file and appends the line, <code><strong>xpack.security.enabled: true<\/strong><\/code> at the end of the file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"start-elasticsearch\">Start Elasticsearch<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start elasticsearch<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-passwords-for-in-built-elastic-users\">Create Passwords for In-built Elastic Users<\/h3>\n\n\n\n<p>When basic security features are enabled, basic authentication is automatically enabled. Hence, as such, without valid username\/password for authentication, you wont access Elastic stack.<\/p>\n\n\n\n<p>Elastic ships with some in-built users such as <strong><code>elastic<\/code><\/strong>, which is a superuser, <strong><code>kibana_system<\/code><\/strong> which is used to connect Kibana and Elasticsearch e.t.c. Read more on Elastic <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/built-in-users.html\" target=\"_blank\" rel=\"noreferrer noopener\">Built-in users page<\/a>.<\/p>\n\n\n\n<p>Elasticsearch user password can be generates using the command <code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-setup-passwords<\/code>.<\/p>\n\n\n\n<p>There are two ways in which you can create passwords for Inbuilt Elastic users;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Generate passwords interactively<\/li>\n\n\n\n<li>Generate passwords automatically<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-passwords-interactively\">Generate passwords interactively<\/h4>\n\n\n\n<p>This method allows you to set the passwords you want for various Elastic built-in users.<\/p>\n\n\n\n<p>To generate the passwords interactively, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-setup-passwords interactive<\/code><\/pre>\n\n\n\n<p>You will then be prompted to enter the passwords for various users, elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-passwords-automatically\">Generate passwords automatically<\/h4>\n\n\n\n<p>You can generate the password automatically using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"y\" | \/usr\/share\/elasticsearch\/bin\/elasticsearch-setup-passwords auto<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.\nThe passwords will be randomly generated and printed to the console.\n\n\nChanged password for user apm_system\nPASSWORD apm_system = OWBOmkrSKjejSIEVRCz4\n\nChanged password for user kibana_system\nPASSWORD kibana_system = zX4p4dRZMSLuJvGAU8JM\n\nChanged password for user kibana\nPASSWORD kibana = zX4p4dRZMSLuJvGAU8JM\n\nChanged password for user logstash_system\nPASSWORD logstash_system = ttObhClVaUkY738GA9CH\n\nChanged password for user beats_system\nPASSWORD beats_system = II5dlBzMw3q5fH7FqM47\n\nChanged password for user remote_monitoring_user\nPASSWORD remote_monitoring_user = JSUaYVewkHrzucK7tUfK\n\nChanged password for user elastic\nPASSWORD elastic = MxT3fuPCbxhwdQ3sQKNZ\n<\/code><\/pre>\n\n\n\n<p><strong>Note, Be sure to save all these passwords as they are needed to be used later.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-kibana-elasticsearch-authenticated-connection\">Enable Kibana-Elasticsearch Authenticated connection<\/h3>\n\n\n\n<p>When Elastic security features are enabled, Kibana has to connect to Elasticsearch using valid credentials.<\/p>\n\n\n\n<p>The credentials we gonna use in our setup are:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Changed password for user <strong>kibana_system<\/strong>\nPASSWORD kibana_system = <strong>zX4p4dRZMSLuJvGAU8JM<\/strong><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"set-the-authentication-username\">Set the authentication username<\/h4>\n\n\n\n<p>By default, the username to use is <strong><code>kibana_system<\/code><\/strong>. Thus, you need to define the username by uncommenting the line,&nbsp;<strong><code>#elasticsearch.username: \"kibana_system\"<\/code><\/strong> by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak '\/\\.username\/s\/^#\/\/' \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<p>Define the username password. Ensure you use the password generated above. You can securely store the password in Kibana instead of setting it in plain text in the kibana.yml configuration file using the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/kibana\/bin\/kibana-keystore create<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/kibana\/bin\/kibana-keystore add elasticsearch.password<\/code><\/pre>\n\n\n\n<p>When prompted, enter the password for&nbsp;<strong><code>kibana_system<\/code><\/strong>&nbsp;user, which is <strong>zX4p4dRZMSLuJvGAU8JM<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Enter value for elasticsearch.password: <strong>********************<\/strong><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"start-kibana-service\">Start Kibana Service<\/h3>\n\n\n\n<p>You can now start Kibana service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl start kibana<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"kibana-login-page\">Kibana Login Page<\/h3>\n\n\n\n<p>When you now access your Kibana web interface, you will be prompted to enter the login credentials to access the web UI.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1426\" height=\"795\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/01\/kibana-login-page.png\" alt=\"Enabling Authentication on ELK Stack\" class=\"wp-image-11325\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/01\/kibana-login-page.png?v=1642706800 1426w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/01\/kibana-login-page-768x428.png?v=1642706800 768w\" sizes=\"(max-width: 1426px) 100vw, 1426px\" \/><\/figure>\n\n\n\n<p>For now, you can login using the superuser account, <strong>elastic<\/strong> and its password generated above.<\/p>\n\n\n\n<p>Note that you can also add other file based users using the <strong><code>elasticsearch-users<\/code><\/strong> command.<\/p>\n\n\n\n<p>For example, to add another admin user, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-users useradd kifarunix -r superuser<\/code><\/pre>\n\n\n\n<p>Some of the known roles include;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kibana_dashboard_only_user, apm_system, watcher_admin, viewer, logstash_system, rollup_user, kibana_user, beats_admin, remote_monitoring_agent, rollup_admin, data_frame_transforms_admin, snapshot_user, monitoring_user, enrich_user, kibana_admin, logstash_admin, editor, machine_learning_user, data_frame_transforms_user, machine_learning_admin, watcher_user, apm_user, beats_system, reporting_user, transform_user, kibana_system, transform_admin, transport_client, remote_monitoring_collector, superuser, ingest_admin<\/code><\/pre>\n\n\n\n<p>Read more about <strong><code>elasticsearch-users<\/code><\/strong> command on <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/users-command.html\" target=\"_blank\" rel=\"noopener\">Elastic page<\/a>.<\/p>\n\n\n\n<p>You can also add other users and their roles on Kibana <strong>Management &gt; Stack Management &gt; Security &gt; [Users, Roles]<\/strong>.<\/p>\n\n\n\n<p>And that is how you can enable basic authentication on ELK Stack. In our next tutorial, you will learn how to enable Filebeat &#8211; Elasticsearch authentication so as to be able to write events to the Elasticsearch indices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reference\">Reference<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/setting-up-authentication.html\" target=\"_blank\" rel=\"noreferrer noopener\">User authentication<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/enable-https-connection-between-elasticsearch-nodes\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enable HTTPS Connection Between Elasticsearch Nodes<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/integrate-wazuh-manager-with-elk-stack\/\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate Wazuh Manager with ELK Stack<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/logstash-write-specific-events-to-specific-index\/\" target=\"_blank\" rel=\"noreferrer noopener\">Logstash: Write Specific Events to Specific Index<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to enable basic authentication on ELK stack. Elastic\/ELK stack supports user authentication. This enables it to restrict access<\/p>\n","protected":false},"author":3,"featured_media":11325,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,910,121],"tags":[1853,4459,4457,4454,4460,4458,4453],"class_list":["post-11257","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-elastic-stack","category-howtos","tag-elastic","tag-elasticsearch-authentication","tag-elasticsearch-setup-passwords","tag-elasticsearch-users","tag-elk-authentication","tag-enable-basic-authentication-on-elk-stack","tag-kibana-authentication","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11257"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=11257"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11257\/revisions"}],"predecessor-version":[{"id":21310,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11257\/revisions\/21310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11325"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=11257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=11257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=11257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}