honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Security disabled by default (elastic/x-pack-elasticsearch#4288) 

Original commit: elastic/x-pack-elasticsearch@110df8a58e
This commit is contained in:
Lisa Cawley 2018-04-05 12:06:43 -07:00 committed by GitHub
parent f682ecc576
commit bbcb33b519
6 changed files with 26 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/en/security/authentication.asciidoc
View File

@ -45,23 +45,16 @@ be disabled individually, using the
[[bootstrap-elastic-passwords]] [[bootstrap-elastic-passwords]]
==== The Elastic Bootstrap Password ==== The Elastic Bootstrap Password
When you install {xpack}, if the `elastic` user does not already have a password, When you install {es}, if the `elastic` user does not already have a password,
it uses a default bootstrap password. The bootstrap password is a transient it uses a default bootstrap password. The bootstrap password is a transient
password that enables you to run the tools that set all the built-in user passwords. password that enables you to run the tools that set all the built-in user passwords.
By default, the bootstrap password is derived from a randomized `keystore.seed` By default, the bootstrap password is derived from a randomized `keystore.seed`
setting, which is added to the keystore when you install {xpack}. You do not need setting, which is added to the keystore during installation. You do not need
to know or change this bootstrap password. If you have defined a to know or change this bootstrap password. If you have defined a
`bootstrap.password` setting in the keystore, however, that value is used instead. `bootstrap.password` setting in the keystore, however, that value is used instead.
For more information about interacting with the keystore, see For more information about interacting with the keystore, see
{ref}/secure-settings.html[Secure Settings]. {ref}/secure-settings.html[Secure Settings].
////
//TBD: Is the following still true?
As the `elastic` user is stored in the native realm, the password will be
synced to all the nodes in a cluster. It is safe to bootstrap the password with
multiple nodes as long as the password is the same. If different passwords are
set with different nodes, it is unpredictable which password will be bootstrapped.
////
NOTE: After you <<set-built-in-user-passwords,set passwords for the built-in users>>, NOTE: After you <<set-built-in-user-passwords,set passwords for the built-in users>>,
in particular for the `elastic` user, there is no further use for the bootstrap in particular for the `elastic` user, there is no further use for the bootstrap

6
docs/en/security/authorization.asciidoc
View File

@ -277,10 +277,8 @@ see <<custom-roles-provider, Custom Roles Provider Extension>>.
[[roles-management-ui]] [[roles-management-ui]]
=== Role Management UI === Role Management UI
If you are a {kib} user, make sure to {security} enables you to easily manage users and roles from within {kib}. To
<<installing-xpack, install {xpack} in {kib}>>. manage roles, log in to {kib} and go to *Management / Elasticsearch / Roles*.
This enables you to easily manage users and roles from within {kib}. To manage roles,
log in to {kib} and go to *Management / Elasticsearch / Roles*.
[float] [float]
[[roles-management-api]] [[roles-management-api]]

5
docs/en/security/getting-started.asciidoc
View File

@ -1,7 +1,7 @@
[[security-getting-started]] [[security-getting-started]]
== Getting Started with Security == Getting Started with Security
To secure a cluster, you must install {xpack} on every node in the To secure a cluster, you must enable {security} on every node in the
cluster. Basic authentication is enabled by default--to communicate cluster. Basic authentication is enabled by default--to communicate
with the cluster, you must specify a username and password. with the cluster, you must specify a username and password.
Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all
@ -14,7 +14,8 @@ does not have a password set by default.
To get started with {security}: To get started with {security}:
. <<installing-xpack, Install X-Pack>>. . Verify that the `xpack.security.enabled` setting is `true`. For more
information, see {ref}/security-settings.html[Security Settings in {es}].
. Start {es} and {kib}. . Start {es} and {kib}.

3
docs/en/security/securing-communications/securing-elasticsearch.asciidoc
View File

@ -11,7 +11,8 @@ including passwords and will not be able to install a license that enables {secu
To enable encryption, you need to perform the following steps on each node in To enable encryption, you need to perform the following steps on each node in
the cluster: the cluster:
. <<installing-xpack-es,Install {xpack} into {es}>>. . Verify that the `xpack.security.enabled` setting is `true`. For more
information, see <<security-settings>>.
. <<node-certificates, Generate a private key and X.509 certificate>>. . <<node-certificates, Generate a private key and X.509 certificate>>.

4
docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc
View File

@ -22,7 +22,9 @@ This feature was added as Beta in {es} `v5.3` with further improvements made in
To use cross cluster search with secured clusters: To use cross cluster search with secured clusters:
* Install {xpack} on every node in each connected cluster. * Enable {security} on every node in each connected cluster. For more
information about the `xpack.security.enabled` setting, see
{ref}/security-settings.html[Security Settings in {es}].
* Enable encryption globally. To encrypt communications, you must enable * Enable encryption globally. To encrypt communications, you must enable
<<ssl-tls,enable SSL/TLS>> on every node. <<ssl-tls,enable SSL/TLS>> on every node.

14
docs/en/settings/security-settings.asciidoc
View File

@ -5,6 +5,9 @@
<titleabbrev>Security Settings</titleabbrev> <titleabbrev>Security Settings</titleabbrev>
++++ ++++
By default, {security} is disabled when you have a basic or trial license. To
enable {security}, use the `xpack.security.enabled` setting.
You configure `xpack.security` settings to You configure `xpack.security` settings to
<<anonymous-access-settings, enable anonymous access>> <<anonymous-access-settings, enable anonymous access>>
and perform message authentication, and perform message authentication,
@ -22,13 +25,12 @@ For more information about creating and updating the {es} keystore, see
[[general-security-settings]] [[general-security-settings]]
==== General Security Settings ==== General Security Settings
`xpack.security.enabled`:: `xpack.security.enabled`::
Set to `true` (default) to enable {security} on the node. + Set to `true` to enable {security} on the node. +
+ +
If set to `false` in `elasticsearch.yml`, {security} is disabled. It also If set to `false`, which is the default value for basic and trial licenses,
affects all {kib} instances that connect to this {es} instance; you do not {security} is disabled. It also affects all {kib} instances that connect to this
need to disable {security} in those `kibana.yml` files. For more information {es} instance; you do not need to disable {security} in those `kibana.yml` files.
about disabling {security} in specific {kib} instances, see For more information about disabling {security} in specific {kib} instances, see {kibana-ref}/security-settings-kb.html[{kib} Security Settings].
{kibana-ref}/security-settings-kb.html[{kib} Security Settings].
`xpack.security.hide_settings`:: `xpack.security.hide_settings`::
A comma-separated list of settings that are omitted from the results of the A comma-separated list of settings that are omitted from the results of the