honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Fixes title capitalization in security content

This commit is contained in:
lcawl 2018-05-14 15:35:02 -07:00
parent 69481b4059
commit 7f47ff9fcd
30 changed files with 102 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
x-pack/docs/en/security/auditing.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[auditing]] [[auditing]]
== Auditing Security Events == Auditing security events
You can enable auditing to keep track of security-related events such as You can enable auditing to keep track of security-related events such as
authentication failures and refused connections. Logging these events enables you authentication failures and refused connections. Logging these events enables you
@ -40,7 +41,7 @@ events are pushed to the index by setting
[float] [float]
[[audit-event-types]] [[audit-event-types]]
=== Audit Event Types === Audit event types
Each request may generate multiple audit events. Each request may generate multiple audit events.
The following is a list of the events that can be generated: The following is a list of the events that can be generated:
@ -81,11 +82,11 @@ The following is a list of the events that can be generated:
[float] [float]
[[audit-event-attributes]] [[audit-event-attributes]]
=== Audit Event Attributes === Audit event attributes
The following table shows the common attributes that can be associated with every event. The following table shows the common attributes that can be associated with every event.
.Common Attributes .Common attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -103,7 +104,7 @@ The following table shows the common attributes that can be associated with ever
The following tables show the attributes that can be associated with each type of event. The following tables show the attributes that can be associated with each type of event.
The log level determines which attributes are included in a log entry. The log level determines which attributes are included in a log entry.
.REST anonymous_access_denied Attributes .REST anonymous_access_denied attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -112,7 +113,7 @@ The log level determines which attributes are included in a log entry.
| `request_body` | The body of the request, if enabled. | `request_body` | The body of the request, if enabled.
|====== |======
.REST authentication_success Attributes .REST authentication_success attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -123,7 +124,7 @@ The log level determines which attributes are included in a log entry.
| `request_body` | The body of the request, if enabled. | `request_body` | The body of the request, if enabled.
|====== |======
.REST authentication_failed Attributes .REST authentication_failed attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -133,7 +134,7 @@ The log level determines which attributes are included in a log entry.
| `request_body` | The body of the request, if enabled. | `request_body` | The body of the request, if enabled.
|====== |======
.REST realm_authentication_failed Attributes .REST realm_authentication_failed attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -146,7 +147,7 @@ The log level determines which attributes are included in a log entry.
consulted realm. consulted realm.
|====== |======
.Transport anonymous_access_denied Attributes .Transport anonymous_access_denied attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -161,7 +162,7 @@ The log level determines which attributes are included in a log entry.
pertains to (when applicable). pertains to (when applicable).
|====== |======
.Transport authentication_success Attributes .Transport authentication_success attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -176,7 +177,7 @@ The log level determines which attributes are included in a log entry.
| `request` | The type of request that was executed. | `request` | The type of request that was executed.
|====== |======
.Transport authentication_failed Attributes .Transport authentication_failed attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -192,7 +193,7 @@ The log level determines which attributes are included in a log entry.
pertains to (when applicable). pertains to (when applicable).
|====== |======
.Transport realm_authentication_failed Attributes .Transport realm_authentication_failed attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -211,7 +212,7 @@ The log level determines which attributes are included in a log entry.
consulted realm. consulted realm.
|====== |======
.Transport access_granted Attributes .Transport access_granted attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -228,7 +229,7 @@ The log level determines which attributes are included in a log entry.
pertains to (when applicable). pertains to (when applicable).
|====== |======
.Transport access_denied Attributes .Transport access_denied attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -245,7 +246,7 @@ The log level determines which attributes are included in a log entry.
relates to (when applicable). relates to (when applicable).
|====== |======
.Transport tampered_request Attributes .Transport tampered_request attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -261,7 +262,7 @@ The log level determines which attributes are included in a log entry.
pertains to (when applicable). pertains to (when applicable).
|====== |======
.IP Filter connection_granted Attributes .IP filter connection_granted attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -271,7 +272,7 @@ The log level determines which attributes are included in a log entry.
the request. the request.
|====== |======
.IP Filter connection_denied Attributes .IP filter connection_denied attributes
[cols="2,7",options="header"] [cols="2,7",options="header"]
|====== |======
| Attribute | Description | Attribute | Description
@ -283,14 +284,14 @@ The log level determines which attributes are included in a log entry.
[float] [float]
[[audit-log-output]] [[audit-log-output]]
=== Logfile Audit Output === Logfile audit output
The `logfile` audit output is the default output for auditing. It writes data to The `logfile` audit output is the default output for auditing. It writes data to
the `<clustername>_access.log` file in the logs directory. the `<clustername>_access.log` file in the logs directory.
[float] [float]
[[audit-log-entry-format]] [[audit-log-entry-format]]
=== Log Entry Format === Log entry format
The format of a log entry is: The format of a log entry is:
@ -318,7 +319,7 @@ The format of a log entry is:
[float] [float]
[[audit-log-settings]] [[audit-log-settings]]
=== Logfile Output Settings === Logfile output settings
The events and some other information about what gets logged can be The events and some other information about what gets logged can be
controlled using settings in the `elasticsearch.yml` file. See controlled using settings in the `elasticsearch.yml` file. See
@ -336,7 +337,7 @@ file located in `CONFIG_DIR`. By default, audit information is appended to the
[float] [float]
[[audit-log-ignore-policy]] [[audit-log-ignore-policy]]
=== Logfile Audit Events Ignore Policies === Logfile audit events ignore policies
The comprehensive audit trail is necessary to ensure accountability. It offers tremendous The comprehensive audit trail is necessary to ensure accountability. It offers tremendous
value during incident response and can even be required for demonstrating compliance. value during incident response and can even be required for demonstrating compliance.
@ -414,7 +415,7 @@ xpack.security.audit.logfile.events.ignore_filters:
[float] [float]
[[audit-index]] [[audit-index]]
=== Index Audit Output === Index audit output
In addition to logging to a file, you can store audit logs in Elasticsearch In addition to logging to a file, you can store audit logs in Elasticsearch
rolling indices. These indices can be either on the same cluster, or on a rolling indices. These indices can be either on the same cluster, or on a
@ -429,13 +430,13 @@ xpack.security.audit.outputs: [ index, logfile ]
---------------------------- ----------------------------
For more configuration options, see For more configuration options, see
{ref}/auditing-settings.html#index-audit-settings[Audit Log Indexing Configuration Settings]. {ref}/auditing-settings.html#index-audit-settings[Audit log indexing configuration settings].
IMPORTANT: No filtering is performed when auditing, so sensitive data may be IMPORTANT: No filtering is performed when auditing, so sensitive data may be
audited in plain text when including the request body in audit events. audited in plain text when including the request body in audit events.
[float] [float]
==== Audit Index Settings ==== Audit index settings
You can also configure settings for the indices that the events are stored in. You can also configure settings for the indices that the events are stored in.
These settings are configured in the `xpack.security.audit.index.settings` namespace These settings are configured in the `xpack.security.audit.index.settings` namespace
@ -451,7 +452,7 @@ xpack.security.audit.index.settings:
---------------------------- ----------------------------
[float] [float]
==== Forwarding Audit Logs to a Remote Cluster ==== Forwarding audit logs to a remote cluster
To index audit events to a remote Elasticsearch cluster, you configure To index audit events to a remote Elasticsearch cluster, you configure
the following `xpack.security.audit.index.client` settings: the following `xpack.security.audit.index.client` settings:

1
x-pack/docs/en/security/authentication/active-directory-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[active-directory-realm]] [[active-directory-realm]]
=== Active Directory user authentication === Active Directory user authentication

3
x-pack/docs/en/security/authentication/anonymous-access.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[anonymous-access]] [[anonymous-access]]
=== Enabling Anonymous Access === Enabling anonymous access
Incoming requests are considered to be _anonymous_ if no authentication token Incoming requests are considered to be _anonymous_ if no authentication token
can be extracted from the incoming request. By default, anonymous requests are rejected and an authentication error is returned (status code `401`). can be extracted from the incoming request. By default, anonymous requests are rejected and an authentication error is returned (status code `401`).

1
x-pack/docs/en/security/authentication/built-in-users.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[built-in-users]] [[built-in-users]]
=== Built-in users === Built-in users

7
x-pack/docs/en/security/authentication/custom-realm.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[custom-realms]] [[custom-realms]]
=== Integrating with Other Authentication Systems === Integrating with other authentication systems
If you are using an authentication system that is not supported out-of-the-box If you are using an authentication system that is not supported out-of-the-box
by {security}, you can create a custom realm to interact with it to authenticate by {security}, you can create a custom realm to interact with it to authenticate
@ -7,7 +8,7 @@ users. You implement a custom realm as an SPI loaded security extension
as part of an ordinary elasticsearch plugin. as part of an ordinary elasticsearch plugin.
[[implementing-custom-realm]] [[implementing-custom-realm]]
==== Implementing a Custom Realm ==== Implementing a custom realm
Sample code that illustrates the structure and implementation of a custom realm Sample code that illustrates the structure and implementation of a custom realm
is provided in the https://github.com/elastic/shield-custom-realm-example[custom-realm-example] is provided in the https://github.com/elastic/shield-custom-realm-example[custom-realm-example]
@ -70,7 +71,7 @@ part of the `SecurityExtension` interface, it's available as part of the elastic
. Bundle all in a single zip file. . Bundle all in a single zip file.
[[using-custom-realm]] [[using-custom-realm]]
==== Using a Custom Realm to Authenticate Users ==== Using a custom realm to authenticate users
To use a custom realm: To use a custom realm:

1
x-pack/docs/en/security/authentication/file-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[file-realm]] [[file-realm]]
=== File-based user authentication === File-based user authentication

1
x-pack/docs/en/security/authentication/internal-users.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[internal-users]] [[internal-users]]
=== Internal users === Internal users

1
x-pack/docs/en/security/authentication/ldap-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[ldap-realm]] [[ldap-realm]]
=== LDAP user authentication === LDAP user authentication

1
x-pack/docs/en/security/authentication/native-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[native-realm]] [[native-realm]]
=== Native user authentication === Native user authentication

1
x-pack/docs/en/security/authentication/overview.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[setting-up-authentication]] [[setting-up-authentication]]
== User authentication == User authentication

1
x-pack/docs/en/security/authentication/pki-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[pki-realm]] [[pki-realm]]
=== PKI user authentication === PKI user authentication

1
x-pack/docs/en/security/authentication/realms.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[realms]] [[realms]]
=== Realms === Realms

3
x-pack/docs/en/security/authentication/saml-guide.asciidoc
View File

@ -1,6 +1,7 @@
[role="xpack"]
[[saml-guide]] [[saml-guide]]
== Configuring SAML single-sign-on on the Elastic Stack == Configuring SAML single-sign-on on the {stack}
The Elastic Stack supports SAML single-sign-on (SSO) into {kib}, using {es} as The Elastic Stack supports SAML single-sign-on (SSO) into {kib}, using {es} as
a backend service. In SAML terminology, the Elastic Stack is operating as a a backend service. In SAML terminology, the Elastic Stack is operating as a

1
x-pack/docs/en/security/authentication/saml-realm.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[saml-realm]] [[saml-realm]]
=== SAML authentication === SAML authentication
{security} supports user authentication using SAML Single Sign On. {security} supports user authentication using SAML Single Sign On.

5
x-pack/docs/en/security/authentication/user-cache.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[controlling-user-cache]] [[controlling-user-cache]]
=== Controlling the User Cache === Controlling the user cache
User credentials are cached in memory on each node to avoid connecting to a User credentials are cached in memory on each node to avoid connecting to a
remote authentication service or hitting the disk for every incoming request. remote authentication service or hitting the disk for every incoming request.
@ -34,7 +35,7 @@ setting the `cache_hash_algo` setting to any of the following:
|======================= |=======================
[[cache-eviction-api]] [[cache-eviction-api]]
==== Evicting Users from the Cache ==== Evicting users from the cache
{security} exposes a {security} exposes a
{ref}/security-api-clear-cache.html[Clear Cache API] you can use {ref}/security-api-clear-cache.html[Clear Cache API] you can use

3
x-pack/docs/en/security/authorization/alias-privileges.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[securing-aliases]] [[securing-aliases]]
=== Granting Privileges for Indices & Aliases === Granting privileges for indices and aliases
Elasticsearch allows to execute operations against {ref}/indices-aliases.html[index aliases], Elasticsearch allows to execute operations against {ref}/indices-aliases.html[index aliases],
which are effectively virtual indices. An alias points to one or more indices, which are effectively virtual indices. An alias points to one or more indices,

7
x-pack/docs/en/security/authorization/custom-roles-provider.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[custom-roles-provider]] [[custom-roles-provider]]
=== Custom Roles Provider Extension === Custom roles provider extension
If you need to retrieve user roles from a system not supported out-of-the-box If you need to retrieve user roles from a system not supported out-of-the-box
by {security}, you can create a custom roles provider to retrieve and resolve by {security}, you can create a custom roles provider to retrieve and resolve
@ -7,7 +8,7 @@ roles. You implement a custom roles provider as an SPI loaded security extension
as part of an ordinary elasticsearch plugin. as part of an ordinary elasticsearch plugin.
[[implementing-custom-roles-provider]] [[implementing-custom-roles-provider]]
==== Implementing a Custom Roles Provider ==== Implementing a custom roles provider
To create a custom roles provider: To create a custom roles provider:
@ -62,7 +63,7 @@ part of the `SecurityExtension` interface, it's available as part of the elastic
. Bundle all in a single zip file. . Bundle all in a single zip file.
[[using-custom-roles-provider]] [[using-custom-roles-provider]]
==== Using a Custom Roles Provider to Resolve Roles ==== Using a custom roles provider to resolve roles
To use a custom roles provider: To use a custom roles provider:

13
x-pack/docs/en/security/authorization/field-and-document-access-control.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[field-and-document-access-control]] [[field-and-document-access-control]]
=== Setting Up Field and Document Level Security === Setting up field and document level security
You can control access to data within an index by adding field and document level You can control access to data within an index by adding field and document level
security permissions to a role. Field level security permissions restrict access security permissions to a role. Field level security permissions restrict access
@ -23,7 +24,7 @@ document level permissions per index. See <<multiple-roles-dls-fls>>.
===================================================================== =====================================================================
[[field-level-security]] [[field-level-security]]
==== Field Level Security ==== Field level security
To enable field level security, specify the fields that each role can access To enable field level security, specify the fields that each role can access
as part of the indices permissions in a role definition. Field level security is as part of the indices permissions in a role definition. Field level security is
@ -235,7 +236,7 @@ The resulting permission is equal to:
[[document-level-security]] [[document-level-security]]
==== Document Level Security ==== Document level security
Document level security restricts the documents that users have read access to. Document level security restricts the documents that users have read access to.
To enable document level security, specify a query that matches all the To enable document level security, specify a query that matches all the
@ -292,7 +293,7 @@ For example, the following role grants read access only to the documents whose
NOTE: `query` also accepts queries written as string values. NOTE: `query` also accepts queries written as string values.
[[templating-role-query]] [[templating-role-query]]
===== Templating a Role Query ===== Templating a role query
You can use Mustache templates in a role query to insert the username of the You can use Mustache templates in a role query to insert the username of the
current authenticated user into the role. Like other places in {es} that support current authenticated user into the role. Like other places in {es} that support
@ -358,7 +359,7 @@ based on the `group.id` field in your documents:
-------------------------------------------------- --------------------------------------------------
[[set-security-user-processor]] [[set-security-user-processor]]
===== Set Security User Ingest Processor ===== Set security user ingest processor
If an index is shared by many small users it makes sense to put all these users If an index is shared by many small users it makes sense to put all these users
into the same index. Having a dedicated index or shard per user is wasteful. into the same index. Having a dedicated index or shard per user is wasteful.
@ -416,7 +417,7 @@ to the `user` field for all documents that are processed by this pipeline:
-------------------------------------------------- --------------------------------------------------
[[multiple-roles-dls-fls]] [[multiple-roles-dls-fls]]
==== Multiple Roles with Document and Field Level Security ==== Multiple roles with document and field level security
A user can have many roles and each role can define different permissions on the A user can have many roles and each role can define different permissions on the
same index. It is important to understand the behavior of document and field same index. It is important to understand the behavior of document and field

13
x-pack/docs/en/security/authorization/mapping-roles.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[mapping-roles]] [[mapping-roles]]
=== Mapping Users and Groups to Roles === Mapping users and groups to roles
If you authenticate users with the `native` or `file` realms, you can manage If you authenticate users with the `native` or `file` realms, you can manage
role assignment by using the <<managing-native-users, User Management APIs>> or role assignment by using the <<managing-native-users, User Management APIs>> or
@ -24,13 +25,13 @@ you are able to map users to both API-managed roles and file-managed roles
(and likewise for file-based role-mappings). (and likewise for file-based role-mappings).
[[mapping-roles-api]] [[mapping-roles-api]]
==== Using the Role Mapping API ==== Using the role mapping API
You can define role-mappings through the You can define role-mappings through the
{ref}/security-api-role-mapping.html[role mapping API]. {ref}/security-api-role-mapping.html[role mapping API].
[[mapping-roles-file]] [[mapping-roles-file]]
==== Using Role Mapping Files ==== Using role mapping files
To use file based role-mappings, you must configure the mappings in a YAML file To use file based role-mappings, you must configure the mappings in a YAML file
and copy it to each node in the cluster. Tools like Puppet or Chef can help with and copy it to each node in the cluster. Tools like Puppet or Chef can help with
@ -56,10 +57,10 @@ You can change this default behavior by changing the
this is a common setting in Elasticsearch, changing its value might effect other this is a common setting in Elasticsearch, changing its value might effect other
schedules in the system. schedules in the system.
==== Realm Specific Details ==== Realm specific details
[float] [float]
[[ldap-role-mapping]] [[ldap-role-mapping]]
===== Active Directory and LDAP Realms ===== Active Directory and LDAP realms
To specify users and groups in the role mappings, you use their To specify users and groups in the role mappings, you use their
_Distinguished Names_ (DNs). A DN is a string that uniquely identifies the user _Distinguished Names_ (DNs). A DN is a string that uniquely identifies the user
@ -113,7 +114,7 @@ PUT _xpack/security/role_mapping/basic_users
[float] [float]
[[pki-role-mapping]] [[pki-role-mapping]]
===== PKI Realms ===== PKI realms
PKI realms support mapping users to roles, but you cannot map groups as PKI realms support mapping users to roles, but you cannot map groups as
the PKI realm has no notion of a group. the PKI realm has no notion of a group.

25
x-pack/docs/en/security/authorization.asciidoc → x-pack/docs/en/security/authorization/overview.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[authorization]] [[authorization]]
== Configuring Role-based Access Control == Configuring role-based access control
{security} introduces the concept of _authorization_ to {es}. {security} introduces the concept of _authorization_ to {es}.
Authorization is the process of determining whether the user behind an incoming Authorization is the process of determining whether the user behind an incoming
@ -8,7 +9,7 @@ successfully authenticated and the user behind the request is identified.
[[roles]] [[roles]]
[float] [float]
=== Roles, Permissions and Privileges === Roles, permissions, and privileges
The authorization process revolves around the following 5 constructs: The authorization process revolves around the following 5 constructs:
@ -49,7 +50,7 @@ then assign users to the roles. These can be assigned to users in a number of
ways depending on the realms by which the users are authenticated. ways depending on the realms by which the users are authenticated.
[[built-in-roles]] [[built-in-roles]]
=== Built-in Roles === Built-in roles
{security} applies a default role to all users, including {security} applies a default role to all users, including
<<anonymous-access, anonymous users>>. The default role enables users to access <<anonymous-access, anonymous users>>. The default role enables users to access
@ -164,7 +165,7 @@ stats.
[[defining-roles]] [[defining-roles]]
=== Defining Roles === Defining roles
A role is defined by the following JSON structure: A role is defined by the following JSON structure:
@ -276,14 +277,14 @@ see <<custom-roles-provider, Custom Roles Provider Extension>>.
[float] [float]
[[roles-management-ui]] [[roles-management-ui]]
=== Role Management UI === Role management UI
{security} enables you to easily manage users and roles from within {kib}. To {security} enables you to easily manage users and roles from within {kib}. To
manage roles, log in to {kib} and go to *Management / Elasticsearch / Roles*. manage roles, log in to {kib} and go to *Management / Elasticsearch / Roles*.
[float] [float]
[[roles-management-api]] [[roles-management-api]]
=== Role Management API === Role management API
The _Role Management APIs_ enable you to add, update, remove and retrieve roles The _Role Management APIs_ enable you to add, update, remove and retrieve roles
dynamically. When you use the APIs to manage roles in the `native` realm, the dynamically. When you use the APIs to manage roles in the `native` realm, the
@ -292,7 +293,7 @@ see {ref}/security-api-roles.html[Role Management APIs].
[float] [float]
[[roles-management-file]] [[roles-management-file]]
=== File-based Role Management === File-based role management
Apart from the _Role Management APIs_, roles can also be defined in local Apart from the _Role Management APIs_, roles can also be defined in local
`roles.yml` file located in `CONFIG_DIR`. This is a YAML file where each `roles.yml` file located in `CONFIG_DIR`. This is a YAML file where each
@ -338,12 +339,12 @@ click_admins:
{security} continuously monitors the `roles.yml` file and automatically picks {security} continuously monitors the `roles.yml` file and automatically picks
up and applies any changes to it. up and applies any changes to it.
include::authorization/alias-privileges.asciidoc[] include::alias-privileges.asciidoc[]
include::authorization/mapping-roles.asciidoc[] include::mapping-roles.asciidoc[]
include::authorization/field-and-document-access-control.asciidoc[] include::field-and-document-access-control.asciidoc[]
include::authorization/run-as-privilege.asciidoc[] include::run-as-privilege.asciidoc[]
include::authorization/custom-roles-provider.asciidoc[] include::custom-roles-provider.asciidoc[]

3
x-pack/docs/en/security/authorization/run-as-privilege.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[run-as-privilege]] [[run-as-privilege]]
=== Submitting Requests on Behalf of Other Users === Submitting requests on behalf of other users
{security} supports a permission that enables an authenticated user to submit {security} supports a permission that enables an authenticated user to submit
requests on behalf of other users. If your application already authenticates requests on behalf of other users. If your application already authenticates

3
x-pack/docs/en/security/ccs-clients-integrations.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[ccs-clients-integrations]] [[ccs-clients-integrations]]
== Cross Cluster Search, Clients and Integrations == Cross cluster search, clients, and integrations
When using {ref}/modules-cross-cluster-search.html[Cross Cluster Search] When using {ref}/modules-cross-cluster-search.html[Cross Cluster Search]
you need to take extra steps to secure communications with the connected you need to take extra steps to secure communications with the connected

3
x-pack/docs/en/security/getting-started.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[security-getting-started]] [[security-getting-started]]
== Getting Started with Security == Getting started with security
To secure a cluster, you must enable {security} on every node in the To secure a cluster, you must enable {security} on every node in the
cluster. Basic authentication is enabled by default--to communicate cluster. Basic authentication is enabled by default--to communicate

5
x-pack/docs/en/security/how-security-works.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[how-security-works]] [[how-security-works]]
== How Security Works == How security works
An Elasticsearch cluster is typically made out of many moving parts. There are An Elasticsearch cluster is typically made out of many moving parts. There are
the Elasticsearch nodes that form the cluster, and often Logstash instances, the Elasticsearch nodes that form the cluster, and often Logstash instances,
@ -64,7 +65,7 @@ For more information on user authentication see <<authorization>>
[float] [float]
=== Node/Client Authentication and Channel Encryption === Node/client authentication and channel encryption
{security} supports configuring SSL/TLS for securing the communication channels {security} supports configuring SSL/TLS for securing the communication channels
to, from and within the cluster. This support accounts for: to, from and within the cluster. This support accounts for:

5
x-pack/docs/en/security/index.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[xpack-security]] [[xpack-security]]
= Securing the Elastic Stack = Securing the {stack}
[partintro] [partintro]
-- --
@ -100,7 +101,7 @@ include::how-security-works.asciidoc[]
include::authentication/overview.asciidoc[] include::authentication/overview.asciidoc[]
include::authorization.asciidoc[] include::authorization/overview.asciidoc[]
include::auditing.asciidoc[] include::auditing.asciidoc[]

1
x-pack/docs/en/security/limitations.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[security-limitations]] [[security-limitations]]
== Security Limitations == Security Limitations

1
x-pack/docs/en/security/reference.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[security-reference]] [[security-reference]]
== Reference == Reference
* <<security-privileges, Security Privileges>> * <<security-privileges, Security Privileges>>

5
x-pack/docs/en/security/securing-communications.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[encrypting-communications]] [[encrypting-communications]]
== Encrypting Communications == Encrypting communications
Elasticsearch nodes store data that may be confidential. Attacks on the data may Elasticsearch nodes store data that may be confidential. Attacks on the data may
come from the network. These attacks could include sniffing of the data, come from the network. These attacks could include sniffing of the data,
@ -21,7 +22,7 @@ include::securing-communications/setting-up-ssl.asciidoc[]
//TO-DO: These sections can be removed when all links to them are removed. //TO-DO: These sections can be removed when all links to them are removed.
[[ciphers]] [[ciphers]]
=== Enabling Cipher Suites for Stronger Encryption === Enabling cipher suites for stronger encryption
See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption]. See {ref}/ciphers.html[Enabling Cipher Suites for Stronger Encryption].

1
x-pack/docs/en/security/troubleshooting.asciidoc
View File

@ -1,3 +1,4 @@
[role="xpack"]
[[security-troubleshooting]] [[security-troubleshooting]]
== {security} Troubleshooting == {security} Troubleshooting
++++ ++++

7
x-pack/docs/en/security/using-ip-filtering.asciidoc
View File

@ -1,5 +1,6 @@
[role="xpack"]
[[ip-filtering]] [[ip-filtering]]
== Restricting Connections with IP Filtering == Restricting connections with IP filtering
You can apply IP filtering to application clients, node clients, or transport You can apply IP filtering to application clients, node clients, or transport
clients, in addition to other nodes that are attempting to join the cluster. clients, in addition to other nodes that are attempting to join the cluster.
@ -92,7 +93,7 @@ transport.profiles.client.xpack.security.filter.deny: _all
NOTE: When you do not specify a profile, `default` is used automatically. NOTE: When you do not specify a profile, `default` is used automatically.
[float] [float]
=== HTTP Filtering === HTTP filtering
You may want to have different IP filtering for the transport and HTTP protocols. You may want to have different IP filtering for the transport and HTTP protocols.
@ -106,7 +107,7 @@ xpack.security.http.filter.deny: _all
[float] [float]
[[dynamic-ip-filtering]] [[dynamic-ip-filtering]]
==== Dynamically updating ip filter settings ==== Dynamically updating IP filter settings
In case of running in an environment with highly dynamic IP addresses like cloud In case of running in an environment with highly dynamic IP addresses like cloud
based hosting, it is very hard to know the IP addresses upfront when provisioning based hosting, it is very hard to know the IP addresses upfront when provisioning