ProHoster > Pūnaewele > Nā Administration > Elastic ma lalo o ka laka a me ke kī: hiki i ka Elasticsearch cluster ke koho palekana no ke komo ʻana mai loko a me waho
Elastic ma lalo o ka laka a me ke kī: hiki i ka Elasticsearch cluster ke koho palekana no ke komo ʻana mai loko a me waho
ʻO Elastic Stack kahi mea hana kaulana i ka mākeke ʻōnaehana SIEM (ʻoiaʻiʻo, ʻaʻole lākou wale nō). Hiki iā ia ke hōʻiliʻili i ka nui o nā ʻikepili like ʻole, ʻoluʻolu a ʻaʻole paʻakikī loa. ʻAʻole pololei loa inā ʻaʻole pale ʻia ke komo ʻana i nā mea Elastic Stack iā lākou iho. ʻO ka mea paʻamau, holo nā mea Elastic out-of-the-box (Elasticsearch, Logstash, Kibana, a me Beats collectors) ma nā protocol open. A ma Kibana ponoʻī, pio ka hōʻoia. Hiki ke hoʻopaʻa ʻia kēia mau pilina a ma kēia ʻatikala e haʻi mākou iā ʻoe pehea e hana ai. No ka maʻalahi, ua hoʻokaʻawale mākou i ka moʻolelo i 3 mau poloka semantic:
Ke kumu hoʻohālike e pili ana i ke kuleana
Palekana ʻikepili i loko o kahi pūʻulu Elasticsearch
Mālama i ka ʻikepili ma waho o kahi pūʻulu Elasticsearch
Nā kikoʻī ma lalo o ka ʻoki.
Ke kumu hoʻohālike e pili ana i ke kuleana
Inā ʻoe e hoʻokomo iā Elasticsearch a ʻaʻole hoʻokani iā ia ma kekahi ʻano, e wehe ʻia ke komo ʻana i nā papa kuhikuhi āpau i nā mea āpau. ʻAe, a i ʻole nā mea hiki ke hoʻohana i ka curl. No ka pale ʻana i kēia, loaʻa iā Elasticsearch kahi kumu hoʻohālike e loaʻa ana e hoʻomaka me kahi palapala inoa Basic (ʻo ia ka manuahi). Schematically ʻano like kēia:
He aha ka mea i loko o ke kiʻi
ʻO nā mea hoʻohana ka poʻe a pau e hiki ke komo i ka hoʻohana ʻana i kā lākou ʻike.
ʻO nā kumu waiwai nā papa kuhikuhi, nā palapala, nā kahua, nā mea hoʻohana, a me nā mea mālama ʻē aʻe (ʻo ke kumu hoʻohālike no kekahi mau kumuwaiwai aia wale nō me nā kau inoa uku).
Ma ka maʻamau, loaʻa iā Elasticsearch mea hoʻohana pahu, i pili ia lakou nā kuleana pahu. Ke hoʻā ʻoe i nā hoʻonohonoho palekana, hiki iā ʻoe ke hoʻomaka e hoʻohana koke iā lākou.
I mea e hiki ai i ka palekana i nā hoʻonohonoho Elasticsearch, pono ʻoe e hoʻohui iā ia i ka faila hoʻonohonoho (ma ka maʻamau elasticsearch/config/elasticsearch.yml) laina hou:
xpack.security.enabled: true
Ma hope o ka hoʻololi ʻana i ka faila hoʻonohonoho, hoʻomaka a hoʻomaka hou i ka Elasticsearch no ka hoʻololi ʻana i ka hopena. ʻO ka hana aʻe e hāʻawi i nā ʻōlelo huna i nā mea hoʻohana pahu. E hana mākou i kēia me ka hoʻohana ʻana i ke kauoha ma lalo nei:
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
E nānā mākou:
[elastic@node1 ~]$ curl -u elastic 'node1:9200/_cat/nodes?pretty'
Enter host password for user 'elastic':
192.168.0.2 23 46 14 0.28 0.32 0.18 dim * node1
Hiki iā ʻoe ke paʻi iā ʻoe iho ma ke kua - ua pau nā hoʻonohonoho ma ka ʻaoʻao Elasticsearch. ʻO ka manawa kēia e hoʻonohonoho iā Kibana. Inā ʻoe e holo i kēia manawa, e ʻike ʻia nā hewa, no laila he mea nui e hana i kahi hale kūʻai kī. Hana ʻia kēia i ʻelua kauoha (user kibana a ua hoʻokomo ʻia ka ʻōlelo huna i ka hana ʻōlelo huna ma Elasticsearch):
Inā pololei nā mea a pau, e hoʻomaka ʻo Kibana e noi i kahi inoa inoa a me ka ʻōlelo huna. Loaʻa i ka inoa Basic kahi kumu hoʻohālike e pili ana i nā mea hoʻohana kūloko. E hoʻomaka ana me ke gula, hiki iā ʻoe ke hoʻohui i nā ʻōnaehana hōʻoia waho - LDAP, PKI, Active Directory a me Single sign-on system.
Hiki ke kaupalena ʻia nā kuleana komo i nā mea i loko o Elasticsearch. Eia nō naʻe, no ka hana like no nā palapala a i ʻole nā māla, pono ʻoe i kahi kau inoa uku (e hoʻomaka ana kēia waiwai me ka pae Platinum). Loaʻa kēia mau hoʻonohonoho ma ke kikowaena Kibana a i ʻole ma o API no ka palekana. Hiki iā ʻoe ke nānā ma o ka papa kuhikuhi Dev Tools maʻamau:
Palekana ʻikepili i loko o kahi pūʻulu Elasticsearch
Ke holo ʻo Elasticsearch i kahi pūʻulu (ʻo ia ka mea maʻamau), lilo nā hoʻonohonoho palekana i loko o ka puʻupuʻu i mea nui. No ke kamaʻilio paʻa ʻana ma waena o nā node, hoʻohana ʻo Elasticsearch i ka protocol TLS. No ka hoʻonohonoho ʻana i ka pilina paʻa ma waena o lākou, pono ʻoe i kahi palapala hōʻoia. Hoʻokumu mākou i kahi palapala hōʻoia a me ke kī pilikino ma ke ʻano PEM:
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-certutil ca --pem
Ma hope o ka hoʻokō ʻana i ke kauoha ma luna, i ka papa kuhikuhi /../elasticsearch e ʻike ʻia ka waihona elastic-stack-ca.zip. Ma loko e loaʻa iā ʻoe kahi palapala hōʻoia a me kahi kī pilikino me nā hoʻonui crt и kī pakahi. Manaʻo ʻia e kau iā lākou ma kahi punawai kaʻana like, pono e ʻike ʻia mai nā nodes a pau o ka hui.
Pono kēlā me kēia node i kāna mau palapala ponoʻī a me nā kī pilikino e pili ana i nā mea i loko o ka papa kuhikuhi. I ka hoʻokō ʻana i ke kauoha, e noi ʻia ʻoe e hoʻonohonoho i kahi ʻōlelo huna. Hiki iā ʻoe ke hoʻohui i nā koho hou -ip a me -dns no ka hōʻoia piha ʻana o nā nodes pili.
Ma muli o ka hoʻokō ʻana i ke kauoha, e loaʻa iā mākou kahi palapala hōʻoia a me kahi kī pilikino ma ke ʻano PKCS#12, i pale ʻia e ka ʻōlelo huna. ʻO ka mea i koe e hoʻoneʻe i ka faila i hana ʻia p12 i ka papa kuhikuhi hoʻonohonoho:
Aia kekahi koho palekana - ka kānana IP address (loaʻa i nā kau inoa mai ka pae gula). Hāʻawi iā ʻoe e hana i nā papa inoa keʻokeʻo o nā helu IP kahi i ʻae ʻia ai ʻoe e komo i nā nodes.
Mālama i ka ʻikepili ma waho o kahi pūʻulu Elasticsearch
Ma waho o ka pūʻulu ʻo ia ka hoʻopili ʻana i nā mea hana waho: Kibana, Logstash, Beats a i ʻole nā mea kūʻai aku o waho.
E hoʻonohonoho i ke kākoʻo no https (ma kahi o http), e hoʻohui i nā laina hou i elasticsearch.yml:
Ma hope o ka hoʻohui ʻana i nā kī, ua mākaukau nā node Elasticsearch e hoʻopili ma o https. I kēia manawa hiki iā lākou ke hoʻokuʻu.
ʻO ka hana aʻe e hana i kahi kī e hoʻopili iā Kibana a hoʻohui iā ia i ka hoʻonohonoho. Ma muli o ka palapala hōʻoia i loaʻa i ka papa kuhikuhi kaʻana like, e hana mākou i palapala hōʻoia ma ke ʻano PEM (PKCS#12 Kibana, Logstash a me Beats ʻaʻole i kākoʻo):
Aia nā kī, no laila ʻo ka mea i koe e hoʻololi i ka hoʻonohonoho Kibana i hoʻomaka ai e hoʻohana iā lākou. Ma ka waihona hoʻonohonoho kibana.yml, hoʻololi i ka http i https a hoʻohui i nā laina me nā hoʻonohonoho pili SSL. Hoʻonohonoho nā laina hope ʻekolu i ke kamaʻilio paʻa ma waena o ka polokalamu kele pūnaewele a me Kibana.
No laila, ua hoʻopau ʻia nā hoʻonohonoho a hoʻopili ʻia ke komo ʻana i ka ʻikepili i ka hui Elasticsearch.
Inā he mau nīnau kāu e pili ana i ka hiki o Elastic Stack ma nā kau inoa manuahi a uku ʻia, nānā i nā hana a i ʻole ka hana ʻana i kahi ʻōnaehana SIEM, waiho i kahi noi i palapala manaʻo ma kā mākou pūnaewele.
ʻO nā mea hou aʻe o kā mākou ʻatikala e pili ana i ka Elastic Stack ma Habré: