2017-04-06 21:29:29 -04:00
|
|
|
[[security-getting-started]]
|
|
|
|
== Getting Started with Security
|
|
|
|
|
2018-04-05 15:06:43 -04:00
|
|
|
To secure a cluster, you must enable {security} on every node in the
|
2017-04-06 21:29:29 -04:00
|
|
|
cluster. Basic authentication is enabled by default--to communicate
|
|
|
|
with the cluster, you must specify a username and password.
|
2017-07-19 16:52:34 -04:00
|
|
|
Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all
|
2017-04-06 21:29:29 -04:00
|
|
|
requests that don't include a user name and password are rejected.
|
|
|
|
|
|
|
|
To get started with {security}:
|
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. {ref}/configuring-security.html[Configure security in {es}]. Encrypt
|
|
|
|
inter-node communications, set passwords for the
|
|
|
|
<<built-in-users,built-in users>>, and manage your users and roles.
|
2017-04-12 16:30:01 -04:00
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. {kibana-ref}/using-kibana-with-security.html[Configure security in {kib}].
|
|
|
|
Set the authentication credentials in {kib} and encrypt communications between
|
|
|
|
the browser and the {kib} server.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. {logstash-ref}/ls-security.html[Configure security in Logstash]. Set the
|
|
|
|
authentication credentials for Logstash and encrypt communications between
|
|
|
|
Logstash and {es}.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. <<beats,Configure security in the Beats>>. Configure authentication
|
|
|
|
credentials and encrypt connections to {es}.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. Configure the Java transport client to use encrypted communications.
|
|
|
|
See <<java-clients>>.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-04-16 13:37:45 -04:00
|
|
|
. Configure {es} for Apache Hadoop to use secured transport. See
|
|
|
|
{hadoop-ref}/security.html[{es} for Apache Hadoop Security].
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
Depending on your security requirements, you might also want to:
|
|
|
|
|
2017-07-19 16:52:34 -04:00
|
|
|
* Integrate with {xpack-ref}/ldap-realm.html[LDAP] or {xpack-ref}/active-directory-realm.html[Active Directory],
|
|
|
|
or {xpack-ref}/pki-realm.html[require certificates] for authentication.
|
|
|
|
* Use {xpack-ref}/ip-filtering.html[IP Filtering] to allow or deny requests from particular
|
2017-04-06 21:29:29 -04:00
|
|
|
IP addresses or address ranges.
|