honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docs: Fix bad ID in Shield intro 

Original commit: elastic/x-pack-elasticsearch@61b72d57ae
This commit is contained in:
Clinton Gormley 2015-07-16 10:46:52 +02:00
parent aaf4cb5288
commit d6d13661e8
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
shield/docs/public/introduction.asciidoc
View File

@ -2,8 +2,8 @@
== Introduction == Introduction
_Shield_ is a plugin for Elasticsearch that enables you to easily secure a cluster. With Shield, _Shield_ is a plugin for Elasticsearch that enables you to easily secure a cluster. With Shield,
you can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing. This guide you can password-protect your data as well as implement more advanced security measures such as encrypting communications, role-based access control, IP filtering, and auditing. This guide
describes how to install Shield, configure the security features you need, and interact with your secured cluster. describes how to install Shield, configure the security features you need, and interact with your secured cluster.
[float] [float]
=== Security for Elasticsearch === Security for Elasticsearch
@ -12,17 +12,17 @@ Shield protects Elasticsearch clusters by:
* <<preventing-unauthorized-access, Preventing unauthorized access>> with password protection, role-based access control, and IP filtering. * <<preventing-unauthorized-access, Preventing unauthorized access>> with password protection, role-based access control, and IP filtering.
* <<preserving-data-integrity, Preserving the integrity of your data>> with message authentication and SSL/TLS encryption. * <<preserving-data-integrity, Preserving the integrity of your data>> with message authentication and SSL/TLS encryption.
* <<maintaining-audit-trail, Maintaining an audit trail>> so you know who's doing what to your * <<maintaining-audit-trail, Maintaining an audit trail>> so you know who's doing what to your
data. data.
[float] [float]
[[preventing-unauthortized-access]] [[preventing-unauthorized-access]]
==== Preventing Unauthorized Access ==== Preventing Unauthorized Access
To prevent unauthorized access to your Elasticsearch cluster, you must have a way to _authenticate_ users. This simply means that you need a way to validate that a user is who they claim to be. For example, you have to make sure only the person named _Kelsey Andorra_ can sign in as the user `kandorra`. Shield provides a standalone authentication mechanism that enables you to quickly <<enable-basic-auth, password-protect your cluster>>. If you're already using <<ldap, LDAP>>, <<active-directory, Active Directory>>, or <<pki, PKI>>, Shield easily integrates with those systems to perform user authentication. To prevent unauthorized access to your Elasticsearch cluster, you must have a way to _authenticate_ users. This simply means that you need a way to validate that a user is who they claim to be. For example, you have to make sure only the person named _Kelsey Andorra_ can sign in as the user `kandorra`. Shield provides a standalone authentication mechanism that enables you to quickly <<enable-basic-auth, password-protect your cluster>>. If you're already using <<ldap, LDAP>>, <<active-directory, Active Directory>>, or <<pki, PKI>>, Shield easily integrates with those systems to perform user authentication.
In many cases, simply authenticating users isn't enough. You also need a way to control what data users have access to and what tasks they can perform. Shield enables you to _authorize_ users by In many cases, simply authenticating users isn't enough. You also need a way to control what data users have access to and what tasks they can perform. Shield enables you to _authorize_ users by
assigning access _privileges_ to a _role_, and assigning those roles to users. For example, this <<configuring-rbac,role-based access control>> mechanism enables you to specify that the user `kandorra`can only perform read operations on the `events` index and can't do anything at all with other indices. assigning access _privileges_ to a _role_, and assigning those roles to users. For example, this <<configuring-rbac,role-based access control>> mechanism enables you to specify that the user `kandorra`can only perform read operations on the `events` index and can't do anything at all with other indices.
Shield also supports <<ip-filtering, IP-based authorization>>. You can whitelist and blacklist specific IP addresses or subnets to control network-level access to a server. Shield also supports <<ip-filtering, IP-based authorization>>. You can whitelist and blacklist specific IP addresses or subnets to control network-level access to a server.
@ -44,7 +44,7 @@ Keeping a system secure takes vigilance. By using Shield to maintain an audit tr
* <<getting-started, Getting Started>> steps through how to install and start using Shield for basic authentication. * <<getting-started, Getting Started>> steps through how to install and start using Shield for basic authentication.
* <<how-shield-works, How Shield Works>> provides more information about how Shield supports user authentication, authorization, and encryption. * <<how-shield-works, How Shield Works>> provides more information about how Shield supports user authentication, authorization, and encryption.
* <<configuring-clients-integrations, Configuring Clients and Integrations>> shows you how to * <<configuring-clients-integrations, Configuring Clients and Integrations>> shows you how to
interact with an Elasticsearch cluster protected by Shield. interact with an Elasticsearch cluster protected by Shield.
* <<reference,Reference>> provides detailed information about the access privileges you can grant to users, the settings you can configure for Shield in `elasticsearch.yml`, and the files where Shield configuration information is stored. * <<reference,Reference>> provides detailed information about the access privileges you can grant to users, the settings you can configure for Shield in `elasticsearch.yml`, and the files where Shield configuration information is stored.