Search-Guard Installatin in elasticsearch docker container

[Andrej Friesen]

Hi,

I want to secure Kibana with search-guard in our kubernetes cluster, so that we can have different users in Kibana for different logs.

I am new to elasticsearch, kibana, search-guard and all of this, so forgive me my lacking knowledge.

My Question:

What would be the recommended approach to install Search-Guard into the efk stack?

As I understand the Search-Guard documentation right, I have to install the search-guard as plugin in elasticsearch and in kibana too kibana.

So I thought of using the official elasticsearch docker image from here: docker.elastic.co/elasticsearch/elasticsearch:6.2.4 from https://www.docker.elastic.co/#

Did anybody accomplish this before and can show me the right direction?

[Jochen Kressin]

Although we do not have official Docker images (yet) you can refer to this project on GitHub:

https://github.com/deviantony/docker-elk/tree/searchguard

It features an ELK stack including Search Guard based on the official ES Docker images.

[Andrej Friesen]

Thanks, this helps a lot.

Have to learn, elasticsearch, kibana, searchguard and a logtool (fluentd or fluentbit) all together.

I want to use fluentbit or fluentd to transfer the logs to elasticsearch. Is this possible with searchguard? Only did see examples with logstash.

[Jochen Kressin]

As long as the tool you use can do HTTP Basic Authentication (or any other authentication schema that is supported by Search Guard) there should not be any problem.

Of course you need to configure a user that has the required permissions to execute the requests issued by this tool. So for example if you use fluentd and it would create an index names fluentd-MMDDYYYY this user needs to have permissions for this index.