Generating passwords for default users

Elastic Stack security comes with default users and a built-in credential helper to set up security with ease and have things up and running quickly. Open up another Terminal and navigate to ES_HOME. Let's generate the passwords for the reserved/default users—elastic, kibana, apm_systemremote_monitoring_user, beats_system, and logstash_systemby executing the following command:

$ ES_HOME>bin/elasticsearch-setup-passwords interactive

You should get the following logs/prompts to enter the password for the reserved/default users:

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:elastic
Reenter password for [elastic]:elastic
Enter password for [apm_system]:apm_system
Reenter password for [apm_system]:apm_system
Enter password for [kibana]:kibana
Reenter password for [kibana]:kibana
Enter password for [logstash_system]:logstash_system
Reenter password for [logstash_system]:logstash_system
Enter password for [beats_system]:beats_system
Reenter password for [beats_system]:beats_system
Enter password for [remote_monitoring_user]:remote_monitoring_user
Reenter password for [remote_monitoring_user]:remote_monitoring_user
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
Please make a note of the passwords that have been set for the reserved/default users. You can choose any password of your liking. We have chosen the passwords as elastic, kibana, logstash_system, beats_system, apm_system, and remote_monitoring_user for elastic, kibana, logstash_system, beats_system, apm_system, and remote_monitoring_user users, respectively, and we will be using them throughout this chapter.
All the security-related information for the built-in users will be stored in a special index called .security and will be managed by Elasticsearch.

To verify X-Pack's installation and enforcement of security, point your web browser to http://localhost:9200/ to open Elasticsearch. You should be prompted to log in to Elasticsearch. To log in, you can use the built-in elastic user and elastic password. Upon logging in, you should see the following response:

{
  "name" : "MADSH01-APM01",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "I2RVLSk2Rr6IRJb6zDf19g",
  "version" : {
    "number" : "7.0.0",
    "build_flavor" : "default",
    "build_type" : "zip",
    "build_hash" : "b7e28a7",
    "build_date" : "2019-04-05T22:55:32.697037Z",
    "build_snapshot" : false,
    "lucene_version" : "8.0.0",
    "minimum_wire_compatibility_version" : "6.7.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Before we can go ahead and start Kibana, we need to set the Elasticsearch credentials in kibana.yml so that when we boot up Kibana, it knows what credentials it needs to use for authenticating itself/communicating with Elasticsearch.

Add the following credentials in the kibana.yml file, which can be found under $KIBANA_HOME/config, and save it:

elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
If you have chosen a different password for the kibana user during password setup, use that value for the elasticsearch.password property.

Start Kibana:

$KIBANA_HOME>bin/kibana

To verify that the authentication is in place, go to http://localhost:5601/ to open Kibana. You should be prompted to login to Kibana. To log in, you can use the built-in elastic user and the elastic password, as follows:

The built-in kibana user will be used to connect and communicate with Elasticsearch. Each built-in user has a specific role which provides certain authorization and restrictions for specific activities. It is recommended to use the kibana user for this. We will be covering roles in more detail in the upcoming sections. 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.222.162