ELK 设置/重置密码

原创已于 2024-09-25 11:25:21 修改 · 717 阅读

6 ·

CC 4.0 BY-SA版权

文章标签：

#elk

于 2024-09-25 11:15:09 首次发布

1. 此处以新搭建好的 ES、Kibana、Fluent Bit 为例。此时访问 ES Kibana 均无需认证

2. ES 添加认证

2.1 在停止 Elasticsearch 服务的情况下，对配置文件进行修改，添加以下四行配置

[root@es-kibana ~]# tail -10 /usr/local/elasticsearch-7.3.0/config/elasticsearch.yml 
# 启用跨源资源共享 (CORS) 功能
http.cors.enabled: true
# 允许来自任何来源的请求。'*' 表示所有域名均被允许
http.cors.allow-origin: "*"
# 允许请求头中包含 Authorization 字段，这通常用于携带访问令牌等认证信息
http.cors.allow-headers: Authorization
# 启用 X-Pack 安全性功能，提供用户认证和访问控制等安全机制
xpack.security.enabled: true
# 启用传输层的 SSL (安全套接字层) 加密，用于保护节点之间的数据传输安全
xpack.security.transport.ssl.enabled: true

2.2 配置文件修改成功后重启 ES

[elk@es-kibana ~]$ /usr/local/elasticsearch-7.3.0/bin/elasticsearch
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2024-09-25T10:22:58,431][INFO ][o.e.e.NodeEnvironment    ] [es-kibana] using [1] data paths, mounts [[/ (/dev/sda2)]], net usable_space [72.6gb], net total_space [77.4gb], types [xfs]
[2024-09-25T10:22:58,437][INFO ][o.e.e.NodeEnvironment    ] [es-kibana] heap size [990.7mb], compressed ordinary object pointers [true]
[2024-09-25T10:22:58,470][INFO ][o.e.n.Node               ] [es-kibana] node name [es-kibana], node ID [_NKb2cc4R7WgX9_ZaXfWzA], cluster name [my-application]
[2024-09-25T10:22:58,471][INFO ][o.e.n.Node               ] [es-kibana] version[7.3.0], pid[2007], build[default/tar/de777fa/2019-07-24T18:30:11.767338Z], OS[Linux/3.10.0-1160.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/11.0.20/11.0.20+9-LTS-256]
......

2.3 交互式依次设置 ES 内置用户密码（它会提示你依次设置内置用户如 elastic、kibana、logstash_system 等的密码）

[root@es-kibana ~]# /usr/local/elasticsearch-7.3.0/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Passwords do not match.
Try again.
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

2.4 使用刚刚设置的任意用户即可认证登录 ES

3. Kibana 添加认证

3.1 当 ES 配置完成认证后，会提供一个 kibana_system 账户，Kibana 配置文件添加上此账户的认证信息即可。如没有 kibana_system 账户，可使用 elastic 账户，其他账户可能会遇到权限不足的情况

[root@es-kibana ~]# tail -2 /usr/local/kibana-7.3.0-linux-x86_64/config/kibana.yml 
elasticsearch.username: "elastic" 
elasticsearch.password: "123123"

3.2 重启 Kibana

[root@es-kibana ~]# /usr/local/kibana-7.3.0-linux-x86_64/bin/kibana --allow-root
  log   [01:59:56.674] [info][plugins-system] Setting up [1] plugins: [translations]
  log   [01:59:56.682] [info][plugins][translations] Setting up plugin
  log   [01:59:56.683] [info][plugins-system] Starting [1] plugins: [translations]
......

3.3 测试访问 Kibana

4. 修改账户密码

4.1 修改 elastic 用户密码，在任意可与 ES 通信的服务器上执行以下命令，输入当前密码即可

[root@es-kibana ~]# curl -H "Content-Type:application/json" -XPOST -u elastic 'http://192.168.100.50:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "DciBC#A8FL5m" }'
Enter host password for user 'elastic':
{}[root@es-kibana ~]#