2017-04-06 21:29:29 -04:00
|
|
|
[[xpack-security]]
|
2018-04-16 13:37:45 -04:00
|
|
|
= Securing the Elastic Stack
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
[partintro]
|
|
|
|
--
|
2018-04-16 13:37:45 -04:00
|
|
|
{security} enables you to easily secure a cluster. With {security},
|
2017-04-06 21:29:29 -04:00
|
|
|
you can password-protect your data as well as implement more advanced security
|
|
|
|
measures such as encrypting communications, role-based access control,
|
|
|
|
IP filtering, and auditing. This guide describes how to configure the security
|
|
|
|
features you need, and interact with your secured cluster.
|
|
|
|
|
|
|
|
Security protects Elasticsearch clusters by:
|
|
|
|
|
|
|
|
* <<preventing-unauthorized-access, Preventing unauthorized access>>
|
|
|
|
with password protection, role-based access control, and IP filtering.
|
|
|
|
* <<preserving-data-integrity, Preserving the integrity of your data>>
|
|
|
|
with message authentication and SSL/TLS encryption.
|
|
|
|
* <<maintaining-audit-trail, Maintaining an audit trail>>
|
|
|
|
so you know who's doing what to your cluster and the data it stores.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
[[preventing-unauthorized-access]]
|
|
|
|
=== Preventing Unauthorized Access
|
|
|
|
|
|
|
|
To prevent unauthorized access to your Elasticsearch cluster, you must have a
|
|
|
|
way to _authenticate_ users. This simply means that you need a way to validate
|
|
|
|
that a user is who they claim to be. For example, you have to make sure only
|
|
|
|
the person named _Kelsey Andorra_ can sign in as the user `kandorra`. X-Pack
|
|
|
|
Security provides a standalone authentication mechanism that enables you to
|
|
|
|
quickly password-protect your cluster. If you're already using <<ldap-realm, LDAP>>,
|
|
|
|
<<active-directory-realm, Active Directory>>, or <<pki-realm, PKI>> to manage
|
|
|
|
users in your organization, {security} is able to integrate with those
|
|
|
|
systems to perform user authentication.
|
|
|
|
|
|
|
|
In many cases, simply authenticating users isn't enough. You also need a way to
|
|
|
|
control what data users have access to and what tasks they can perform. {security}
|
|
|
|
enables you to _authorize_ users by assigning access _privileges_ to _roles_,
|
|
|
|
and assigning those roles to users. For example, this
|
|
|
|
<<authorization,role-based access control>> mechanism (a.k.a RBAC) enables
|
|
|
|
you to specify that the user `kandorra` can only perform read operations on the
|
|
|
|
`events` index and can't do anything at all with other indices.
|
|
|
|
|
|
|
|
{security} also supports <<ip-filtering, IP-based authorization>>. You can
|
|
|
|
whitelist and blacklist specific IP addresses or subnets to control network-level
|
|
|
|
access to a server.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
[[preserving-data-integrity]]
|
|
|
|
=== Preserving Data Integrity
|
|
|
|
|
|
|
|
A critical part of security is keeping confidential data confidential.
|
|
|
|
Elasticsearch has built-in protections against accidental data loss and
|
|
|
|
corruption. However, there's nothing to stop deliberate tampering or data
|
|
|
|
interception. {security} preserves the integrity of your data by
|
2017-06-29 16:58:35 -04:00
|
|
|
<<ssl-tls, encrypting communications>> to and from nodes.
|
|
|
|
For even greater protection, you can increase the <<ciphers, encryption strength>> and
|
2017-04-06 21:29:29 -04:00
|
|
|
<<separating-node-client-traffic, separate client traffic from node-to-node communications>>.
|
|
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
[[maintaining-audit-trail]]
|
|
|
|
=== Maintaining an Audit Trail
|
|
|
|
|
|
|
|
Keeping a system secure takes vigilance. By using {security} to maintain
|
|
|
|
an audit trail, you can easily see who is accessing your cluster and what they're
|
|
|
|
doing. By analyzing access patterns and failed attempts to access your cluster,
|
|
|
|
you can gain insights into attempted attacks and data breaches. Keeping an
|
|
|
|
auditable log of the activity in your cluster can also help diagnose operational
|
|
|
|
issues.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
=== Where to Go Next
|
|
|
|
|
|
|
|
* <<security-getting-started, Getting Started>>
|
|
|
|
steps through how to install and start using Security for basic authentication.
|
|
|
|
|
|
|
|
* <<how-security-works, How Security Works>>
|
|
|
|
provides more information about how Security supports user authentication,
|
|
|
|
authorization, and encryption.
|
|
|
|
|
2018-04-19 21:02:09 -04:00
|
|
|
* <<ccs-clients-integrations>>
|
2017-04-06 21:29:29 -04:00
|
|
|
shows you how to interact with an Elasticsearch cluster protected by
|
|
|
|
X-Pack Security.
|
|
|
|
|
|
|
|
* <<security-reference, Reference>>
|
|
|
|
provides detailed information about the access privileges you can grant to
|
|
|
|
users, the settings you can configure for Security in `elasticsearch.yml`,
|
|
|
|
and the files where Security configuration information is stored.
|
|
|
|
|
|
|
|
[float]
|
|
|
|
=== Have Comments, Questions, or Feedback?
|
|
|
|
|
|
|
|
Head over to our {security-forum}[Security Discussion Forum]
|
|
|
|
to share your experience, questions, and suggestions.
|
|
|
|
--
|
|
|
|
|
|
|
|
include::getting-started.asciidoc[]
|
|
|
|
|
|
|
|
include::how-security-works.asciidoc[]
|
|
|
|
|
|
|
|
include::authentication.asciidoc[]
|
|
|
|
|
|
|
|
include::authorization.asciidoc[]
|
|
|
|
|
|
|
|
include::auditing.asciidoc[]
|
|
|
|
|
|
|
|
include::securing-communications.asciidoc[]
|
|
|
|
|
|
|
|
include::using-ip-filtering.asciidoc[]
|
|
|
|
|
2018-04-19 21:40:32 -04:00
|
|
|
include::ccs-clients-integrations.asciidoc[]
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-04-19 21:40:32 -04:00
|
|
|
include::reference.asciidoc[]
|