OpenSearch/docs/en/security/getting-started.asciidoc

39 lines
1.7 KiB
Plaintext
Raw Normal View History

[[security-getting-started]]
== Getting Started with Security
To secure a cluster, you must enable {security} on every node in the
cluster. Basic authentication is enabled by default--to communicate
with the cluster, you must specify a username and password.
Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all
requests that don't include a user name and password are rejected.
To get started with {security}:
. {ref}/configuring-security.html[Configure security in {es}]. Encrypt
inter-node communications, set passwords for the
<<built-in-users,built-in users>>, and manage your users and roles.
. {kibana-ref}/using-kibana-with-security.html[Configure security in {kib}].
Set the authentication credentials in {kib} and encrypt communications between
the browser and the {kib} server.
. {logstash-ref}/ls-security.html[Configure security in Logstash]. Set the
authentication credentials for Logstash and encrypt communications between
Logstash and {es}.
. <<beats,Configure security in the Beats>>. Configure authentication
credentials and encrypt connections to {es}.
. Configure the Java transport client to use encrypted communications.
See <<java-clients>>.
. Configure {es} for Apache Hadoop to use secured transport. See
{hadoop-ref}/security.html[{es} for Apache Hadoop Security].
Depending on your security requirements, you might also want to:
* Integrate with {xpack-ref}/ldap-realm.html[LDAP] or {xpack-ref}/active-directory-realm.html[Active Directory],
or {xpack-ref}/pki-realm.html[require certificates] for authentication.
* Use {xpack-ref}/ip-filtering.html[IP Filtering] to allow or deny requests from particular
IP addresses or address ranges.