Opendistro for elasticsearch

219 views
Skip to first unread message

Prachi Katakwar

unread,
Jul 8, 2021, 2:29:43 PM7/8/21
to Wazuh mailing list

HI Team,

 

A very basic question, out of curiosity

 

Does opendistro for Elasticsearch listen only at https?

 

After installing opendistroforelasticsearch , I did the below command

 

curl -XGET http://10.64.97.44:9200/_cat/nodes?v

curl: (52) Empty reply from server

 

And when I run with https:

 

curl -XGET https://10.64.97.44:9200/_cat/nodes?v

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

 

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

 

BR

//Prachi

victor....@wazuh.com

unread,
Jul 9, 2021, 9:34:12 AM7/9/21
to Wazuh mailing list
Hello,

It is not recommended, but you can disable SSL in Opendistro Elasticsearch. To do that, you need to add this line to your elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml):

opendistro_security.disabled: true

After restarting the service, If you perform a curl command on your elasticsearch server, you will obtain the following:

[root@centos2 vagrant]# curl -XGET http://172.16.1.12:9200//
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Obt9plpzQbSDZhDAe13WwA",
  "version" : {
    "number" : "7.10.2",
    "build_flavor" : "oss",
    "build_type" : "rpm",
    "build_hash" : "747e1cc71def077253878a59143c1f785afa92b9",
    "build_date" : "2021-01-13T00:42:12.435326Z",
    "build_snapshot" : false,
    "lucene_version" : "8.7.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

You can get more information on this documentation page: https://opendistro.github.io/for-elasticsearch-docs/old/0.9.0/docs/security/disable/.
Take in mind you need to set up Kibana properly to not use SSL authentication if you want to use it.

In order to access your elasticsearch server thought curl with SSL, you need to use your elasticsearch user and password:

curl  https://<ip-address>/ -k -u <user>:<password>

If you have any doubt don't hesitate to ask.

Prachi Katakwar

unread,
Jul 12, 2021, 1:44:50 AM7/12/21
to victor....@wazuh.com, Wazuh mailing list

Thank you Victor for the information.

 

BR

//Prachi

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/1acf1aef-5a6e-42cc-b354-6b177bb5b6b4n%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages