Search Guard Kibana plugin

82 views
Skip to first unread message

rud

unread,
Aug 9, 2018, 1:20:33 PM8/9/18
to Search Guard Community Forum
When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

I am using SearchGuard Enterprise License 6.1.1 version , Will this license include  "Search Guard Kibana plugin" 

or need additional cost?

Jochen Kressin

unread,
Aug 9, 2018, 4:38:28 PM8/9/18
to Search Guard Community Forum
The Kibana Plugin is licensed under Apache2, so you are free to use and modify it without any cost.

rud

unread,
Aug 9, 2018, 5:47:20 PM8/9/18
to search...@googlegroups.com
Thank You , I have kibana  is already installed in my environment.(Please find the screenshot)but there is no searchguard configuration GUI.

Now I am trying to install the download plugin to get the SG UI with below.

  • Stop Kibana
  • cd into your Kibana installation directory.
  • Execute:bin/kibana-plugin install search-guard-kibana-plugin-6.1.1-12.zip

My current configuration is below

 --elasticsearch.yml-----

#: SG - Https for client nodes only
searchguard.ssl.http.enabled: false

searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
---sg_config.yml----

searchguard:
  dynamic:
    kibana:
      multitenancy_enabled: true
      server_username: "bdm156"
      index: ".kibana"
      do_not_fail_on_forbidden: false
    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
        internalProxies: "192\\.168\\.0\\.10|192\\.168\\.0\\.11"
        remoteIpHeader: "X-Forwarded-For"
        proxiesHeader: "X-Forwarded-By"
authc:
      ldap:
        enabled: true
        order: 1
        http_authenticator:
          type: "basic"
          challenge: true
        authentication_backend:
          type: "ldap"
clientcert_auth_domain:
        enabled: true
        order: 0
        http_authenticator:
          type: "clientcert"
          challenge: false
          config:
            username_attribute: "cn"
        authentication_backend:
          type: "noop"
authz:
      roles_from_myldap:
        enabled: true
        authorization_backend:
          type: "ldap"
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: false

----kibana.yml---

searchguard.basicauth.enabled:  true
#: https must be enabled for below
searchguard.cookie.secure:  true
# Multitenancy
#
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true



elasticsearch.requestHeadersWhitelist: [ "sg_tenant", "X-Authenticated-User", "Authorization", "X-Forwarded-For", "X-Forwarded-Server", "X-Forwarded-By 
, "X-Proxy-User", "X-Proxy-Roles", "X-Client-Cert" ]
  • 1)will it automatically update the kibana (for searchguard gui)as soon as i install with out cluster restart?
  • 2)Do i need to add any other configurations before installing the plugin?

3)which access i need to install? anything to do with below.
If you have restricted certain endpoints for the currently logged in user, the plugin will automatically disable these features.
For everything to work, the logged in user should have:
  • Access to the ACTIONGROUPS endpoint with GET method
  • Otherwise, autocompletion of action groups will not work
  • the permission indices:admin/validate/query on all indices
  • Otherwise, the syntax check for DLS queries will not work

kibana.ui.PNG

Jochen Kressin

unread,
Aug 10, 2018, 5:02:19 AM8/10/18
to Search Guard Community Forum
you need to configure the roles that should have access to the GUI in elasticsearch:

searchguard.restapi.roles_enabled: ["sg_all_access", ...]
(https://docs.search-guard.com/latest/configuration-gui)

Also, in sg_config.yml you configured:

server_username: "bdm156"

What is this user? Have you configured it in kibana.yml?

sujatha rudra

unread,
Aug 10, 2018, 6:25:24 PM8/10/18
to search...@googlegroups.com
bdm156  is Kibana Server User (for authenticating to ES) in sg_cpnfig.yml but It's not in kibana.yml.


--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/g3SDu6-bID4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/3e5a67aa-83f2-4f36-8a6d-91ed82d484d6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages