elasticsearch 安装search guard
2016-09-17 17:50
507 查看
search guard用语elk的角色划分
./plugin install -b com.floragunn/search-guard-ssl/2.3.3.11
./plugin install -b com.floragunn/search-guard-2/2.3.5.5
下载源代码 使用工具包
git clone https://github.com/floragunncom/search-guard-ssl.git cd search-guard-ssl/example-pki-scripts
./example.sh
vim elasticsearch.yaml
cp node-1-keystore.jks /etc/elasticsearch/
cp truststore.jks /etc/elasticsearch/
cat elasticsearch.yaml
security.manager.enabled: false
searchguard.authcz.admin_dn:
- "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard.audit.type: internal_elasticsearch
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: true
searchguard.ssl.transport.resolve_hostname: true
searchguard.ssl.transport.enable_openssl_if_available: false
service ealsticsearch restart
./tools/sgadmin.sh -h 127.0.0.1 -cd sgconfig -ks sgconfig/kirk-keystore.jks -kspass changeit -ts sgconfig/truststore.jks
具体信息修改example.sh
./plugin install -b com.floragunn/search-guard-ssl/2.3.3.11
./plugin install -b com.floragunn/search-guard-2/2.3.5.5
下载源代码 使用工具包
git clone https://github.com/floragunncom/search-guard-ssl.git cd search-guard-ssl/example-pki-scripts
./example.sh
vim elasticsearch.yaml
cp node-1-keystore.jks /etc/elasticsearch/
cp truststore.jks /etc/elasticsearch/
cat elasticsearch.yaml
security.manager.enabled: false
searchguard.authcz.admin_dn:
- "CN=kirk,OU=client,O=client,l=tEst, C=De"
searchguard.audit.type: internal_elasticsearch
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_type: JKS
searchguard.ssl.transport.keystore_filepath: node-1-keystore.jks
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: true
searchguard.ssl.transport.resolve_hostname: true
searchguard.ssl.transport.enable_openssl_if_available: false
service ealsticsearch restart
./tools/sgadmin.sh -h 127.0.0.1 -cd sgconfig -ks sgconfig/kirk-keystore.jks -kspass changeit -ts sgconfig/truststore.jks
具体信息修改example.sh
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Effective Java学习笔记 第61条: 抛出与抽象相对应的异常
- Nmap的使用【转载】
- Entity Framework 学习笔记
- 程序思维
- a^b 大数
- 更改单文档下的对话框的显示范围
- Spring Data Jpa开发学习笔记(三)
- CentOS7 基于Hadoop2.7 的Spark2.0集群搭建
- Linux启动流程详解【转载】
- 第三周 建设“顺序表”算法库
- mysql存取二进制数据
- 网站前端_JavaScript-基础入门.0016.JavaScript匿名闭包
- HDU 5878 I Count Two Three (暴力) 2016 ACM/ICPC Asia Regional Qingdao Online
- java(1)类加载与初始化
- 面试算法--if语句中使用赋值语句
- Vmware创建虚拟机和安装Centos6
- mybatis使用count返回int的方法
- 1039. Course List for Student (25)
- [笔记-unity]菜鸟学unity
- [渗透技巧] 干货分享--渗透测试工具实战技巧合集