WARNING: Version 6.1 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Securing Elasticsearch and Kibana
editSecuring Elasticsearch and Kibana
editX-Pack security enables you to easily secure a cluster. With Security, you can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing. This guide describes how to configure the security features you need, and interact with your secured cluster.
Security protects Elasticsearch clusters by:
- Preventing unauthorized access with password protection, role-based access control, and IP filtering.
- Preserving the integrity of your data with message authentication and SSL/TLS encryption.
- Maintaining an audit trail so you know who’s doing what to your cluster and the data it stores.
Preventing Unauthorized Access
editTo prevent unauthorized access to your Elasticsearch cluster, you must have a
way to authenticate users. This simply means that you need a way to validate
that a user is who they claim to be. For example, you have to make sure only
the person named Kelsey Andorra can sign in as the user kandorra. X-Pack
Security provides a standalone authentication mechanism that enables you to
quickly password-protect your cluster. If you’re already using LDAP,
Active Directory, or PKI to manage
users in your organization, X-Pack security is able to integrate with those
systems to perform user authentication.
In many cases, simply authenticating users isn’t enough. You also need a way to
control what data users have access to and what tasks they can perform. X-Pack security
enables you to authorize users by assigning access privileges to roles,
and assigning those roles to users. For example, this
role-based access control mechanism (a.k.a RBAC) enables
you to specify that the user kandorra can only perform read operations on the
events index and can’t do anything at all with other indices.
X-Pack security also supports IP-based authorization. You can whitelist and blacklist specific IP addresses or subnets to control network-level access to a server.
Preserving Data Integrity
editA critical part of security is keeping confidential data confidential. Elasticsearch has built-in protections against accidental data loss and corruption. However, there’s nothing to stop deliberate tampering or data interception. X-Pack security preserves the integrity of your data by encrypting communications to and from nodes. For even greater protection, you can increase the encryption strength and separate client traffic from node-to-node communications.
Maintaining an Audit Trail
editKeeping a system secure takes vigilance. By using X-Pack security to maintain an audit trail, you can easily see who is accessing your cluster and what they’re doing. By analyzing access patterns and failed attempts to access your cluster, you can gain insights into attempted attacks and data breaches. Keeping an auditable log of the activity in your cluster can also help diagnose operational issues.
Where to Go Next
edit- Getting Started steps through how to install and start using Security for basic authentication.
- How Security Works provides more information about how Security supports user authentication, authorization, and encryption.
- Cross Cluster Search, Tribe, Clients and Integrations shows you how to interact with an Elasticsearch cluster protected by X-Pack Security.
-
Reference
provides detailed information about the access privileges you can grant to
users, the settings you can configure for Security in
elasticsearch.yml, and the files where Security configuration information is stored.
Have Comments, Questions, or Feedback?
editHead over to our Security Discussion Forum to share your experience, questions, and suggestions.