ProHoster > Блог > Whakahaerenga > Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

Ko te Elastic Stack he taputapu rongonui i te maakete punaha SIEM (he pono, ehara i a raatau anake). Ka taea e ia te kohikohi i te maha o nga raraunga rereke-rahi, e rua tairongo me te kore tino tairongo. Kaore i te tino tika mena kaore e tiakina te uru ki nga huānga Elastic Stack ake. Ma te taunoa, ka rere nga huānga Elastic-waho-te-pouaka (Elasticsearch, Logstash, Kibana, me nga kaikohi Beats) i runga i nga tikanga tuwhera. A i Kibana ano, kua monoa te motuhēhēnga. Ka taea e enei taunekeneke katoa te haumaru, a ma tenei tuhinga ka korero matou ki a koe me pehea e mahi ai. Mo te waatea, ka wehewehea e matou te korero ki nga poraka kupu e 3:

  • Te tauira urunga raraunga i runga i te turanga
  • Haumarutanga Raraunga i roto i te roopu Elasticsearch
  • Te whakamaru i nga raraunga kei waho o te roopu Elasticsearch

Nga korero i raro i te tapahi.

Te tauira urunga raraunga i runga i te turanga

Mena ka whakauruhia e koe te Elasticsearch me te kore e aro ki tetahi huarahi, ka tuwhera te uru ki nga tohu tohu katoa ki te katoa. Ana, ko te hunga ranei ka taea te whakamahi i te koiri. Hei karo i tenei, he tauira a Elasticsearch e waatea ana me te ohaurunga Basic (he kore utu). Ko te ahua o te ahua penei:

Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

He aha kei te pikitia

  • Ko nga kaiwhakamahi ko nga tangata katoa ka taea te takiuru ma te whakamahi i o raatau tohu.
  • Ko te mahi he huinga tika.
  • Ko nga tika he huinga mana.
  • Ko nga painga he whakaaetanga ki te tuhi, ki te panui, ki te muku, aha atu. (He rarangi katoa o nga mana)
  • Ko nga rauemi he tohu, tuhinga, mara, kaiwhakamahi, me etahi atu hinonga rokiroki (ko te tauira mo etahi rauemi e waatea ana me nga ohaurunga utu).

Ma te taunoa kei a Elasticsearch nga kaiwhakamahi pouaka, e piri ana nga mahi pouaka. Ina whakahohea e koe nga tautuhinga haumarutanga, ka taea e koe te timata ki te whakamahi tonu.

Kia taea ai te haumarutanga ki nga tautuhinga Elasticsearch, me taapiri koe ki te konae whirihoranga (ma te taunoa ko tenei elasticsearch/config/elasticsearch.yml) raina hou:

xpack.security.enabled: true

Whai muri i te huri i te konae whirihoranga, whakarewahia, ka whakaara ano ranei i te Elasticsearch mo nga huringa kia whai mana. Ko te mahi e whai ake nei ko te tohu kupuhipa ki nga kaiwhakamahi pouaka. Me mahi i tenei mahi ma te whakamahi i te whakahau i raro nei:

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Ka tirohia e matou:

[elastic@node1 ~]$ curl -u elastic 'node1:9200/_cat/nodes?pretty'
Enter host password for user 'elastic':
192.168.0.2 23 46 14 0.28 0.32 0.18 dim * node1

Ka taea e koe te patipati i to tuara - kua oti nga tautuhinga i te taha Elasticsearch. Inaianei kua tae ki te waa ki te whirihora i a Kibana. Mena ka whakahaerehia e koe inaianei, ka puta nga hapa, na he mea nui ki te hanga i tetahi toa matua. Ka mahia tenei i roto i nga whakahau e rua (kaiwhakamahi kibana me te kupuhipa i uru ki te taahiraa hanga kupuhipa i Elasticsearch):

[elastic@node1 ~]$ ./kibana/bin/kibana-keystore add elasticsearch.username
[elastic@node1 ~]$ ./kibana/bin/kibana-keystore add elasticsearch.password

Mena he tika nga mea katoa, ka timata a Kibana ki te tono mo te takiuru me te kupuhipa. Kei roto i te ohaurunga Basic he tauira i runga i nga kaiwhakamahi o roto. Ka timata mai i te Koura, ka taea e koe te hono atu i nga punaha motuhēhēnga o waho - LDAP, PKI, Active Directory me nga punaha hainatanga kotahi.

Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

Ka taea hoki te whakawhäiti i nga motika uru ki nga taonga o roto o Elasticsearch. Heoi, ki te mahi pera mo nga tuhinga, mara ranei, ka hiahia koe ki te ohaurunga utu (ka timata tenei taonga ki te taumata Platinum). Kei te waatea enei tautuhinga i te atanga Kibana, ma te whakamahi ranei API Haumarutanga. Ka taea e koe te tirotiro i roto i te tahua Dev Utauta kua mohiohia:

Te hanga mahi

PUT /_security/role/ruslan_i_ludmila_role
{
  "cluster": [],
  "indices": [
    {
      "names": [ "ruslan_i_ludmila" ],
      "privileges": ["read", "view_index_metadata"]
    }
  ]
}

Te hanga kaiwhakamahi

POST /_security/user/pushkin
{
  "password" : "nataliaonelove",
  "roles" : [ "ruslan_i_ludmila_role", "kibana_user" ],
  "full_name" : "Alexander Pushkin",
  "email" : "[email protected]",
  "metadata" : {
    "hometown" : "Saint-Petersburg"
  }
}

Haumarutanga Raraunga i roto i te roopu Elasticsearch

Ina rere ana a Elasticsearch i roto i te tautau (he mea noa), ka nui nga tautuhinga haumarutanga i roto i te roopu. Mo te whakawhitiwhitinga haumaru i waenga i nga pona, ka whakamahia e Elasticsearch te kawa TLS. Hei whakarite i te taunekeneke haumaru i waenga i a raatau, me whai tiwhikete koe. Ka whakaputahia e matou he tiwhikete me te taviri motuhake ki te whakatakotoranga PEM:

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-certutil ca --pem

I muri i te mahi i te whakahau i runga ake nei, i roto i te whaiaronga /../elasticsearch ka puta te puranga elastic-stack-ca.zip. Kei roto ka kitea e koe he tiwhikete me tetahi kii motuhake me nga taapiri crt и matua ia. He mea tika kia hoatu ki runga i te rauemi tiritahi, me uru mai i nga pona katoa o te roopu.

Inaianei kei te hiahia ia node ki ona ake tiwhikete me ana kii motuhake i runga i era kei roto i te raarangi tiritahi. I te wa e whakahaere ana koe i te whakahau, ka tonohia koe ki te whakatakoto kupuhipa. Ka taea e koe te taapiri i etahi atu whiringa -ip me -dns mo te whakaotinga o nga pona taunekeneke.

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-certutil cert --ca-cert /shared_folder/ca/ca.crt --ca-key /shared_folder/ca/ca.key

Ko te hua o te whakatinana i te whakahau, ka whiwhi matou i te tiwhikete me te kii motuhake i roto i te whakatakotoranga PKCS#12, ka tiakina e te kupuhipa. Ko te mea e toe ana ko te nuku i te konae kua mahia p12 ki te whaiaronga whirihoranga:

[elastic@node1 ~]$ mv elasticsearch/elastic-certificates.p12 elasticsearch/config

Tāpiri kupuhipa ki te tiwhikete i roto i te hōputu p12 i roto i te toa matua me te toa whakawhirinaki ki ia node:

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

Kua mohiotia elasticsearch.yml Ko nga mea e toe ana ko te taapiri i nga raina me nga raraunga tiwhikete:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Ka whakarewahia e matou nga waahanga Elasticsearch katoa ka mahia Tuhinga. Mena i tika nga mahi katoa, ka whakahokia mai he whakautu me etahi pona:

[elastic@node1 ~]$ curl node1:9200/_cat/nodes -u elastic:password                                                                                    
172.18.0.3 43 75 4 0.00 0.05 0.05 dim * node2                                                                                                                     
172.18.0.4 21 75 3 0.00 0.05 0.05 dim - node3                                                                                                                     
172.18.0.2 39 75 4 0.00 0.05 0.05 dim - node1

He kōwhiringa haumarutanga anō - tātari wāhitau IP (e wātea ana i roto i nga ohaurunga mai i te taumata koura). Ka taea e koe te hanga rarangi ma o nga wahitau IP e taea ai e koe te uru ki nga pona.

Te whakamaru i nga raraunga kei waho o te roopu Elasticsearch

Ko waho o te tautau ko te hono i nga taputapu o waho: Kibana, Logstash, Beats, etahi atu kiritaki o waho ranei.

Elasticsearch i raro i te raka me te ki: whakaahei i nga whiringa haumaru kahui Elasticsearch mo te uru mai o roto me waho

Hei whirihora i te tautoko mo https (hei utu mo te http), taapirihia nga rarangi hou ki elasticsearch.yml:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

No te mea Ko te tiwhikete he parenga kupuhipa, taapirihia ki te toa matua me te toa whakawhirinaki ki ia pona:

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password

Whai muri i te taapiri i nga ki, kua reri a Elasticsearch node ki te hono ma te https. Inaianei ka taea te whakarewahia.

Ko te mahi e whai ake nei ko te hanga i tetahi taviri hei hono ki a Kibana me te taapiri atu ki te whirihoranga. I runga i te tiwhikete kei roto i te raarangi tiritahi, ka whakaputahia he tiwhikete ki te whakatakotoranga PEM (PKCS#12 Kibana, Logstash me Beats kaore ano kia tautoko):

[elastic@node1 ~]$ ./elasticsearch/bin/elasticsearch-certutil cert --ca-cert /shared_folder/ca/ca.crt --ca-key /shared_folder/ca/ca.key --pem

Ko nga mea e toe ana ko te wetewete i nga taviri i hangaia ki te kōpaki me te whirihoranga Kibana:

[elastic@node1 ~]$ unzip elasticsearch/certificate-bundle.zip -d kibana/config

Kei reira nga taviri, no reira ko nga mea e toe ana ko te whakarereke i te whirihoranga Kibana kia timata ai te whakamahi. I roto i te kōnae whirihoranga kibana.yml, hurihia te http ki te https me te taapiri i nga raina me nga tautuhinga hononga SSL. Ko nga rarangi whakamutunga e toru ka whirihora i nga korero haumaru i waenga i te kaitirotiro a te kaiwhakamahi me Kibana.

elasticsearch.hosts: ["https://${HOSTNAME}:9200"]
elasticsearch.ssl.certificateAuthorities: /shared_folder/ca/ca.crt
elasticsearch.ssl.verificationMode: certificate
server.ssl.enabled: true
server.ssl.key: /../kibana/config/instance/instance.key
server.ssl.certificate: /../kibana/config/instance/instance.crt

Na, kua oti nga tautuhinga me te uru ki nga raraunga i roto i te roopu Elasticsearch kua whakamunatia.

Mena kei a koe nga patai mo te kaha o Elastic Stack mo nga ohaurunga kore utu, utu utu ranei, mahi tirotiro, hanga punaha SIEM ranei, waiho he tono ki puka urupare i runga i ta maatau paetukutuku.

He maha atu o a maatau tuhinga mo te Elastic Stack on Habré:

Te Maramatanga ki te Ako Miihini i roto i te Elastic Stack (aka Elasticsearch, aka ELK)

Elasticsearch rahinga

Source: will.com

Tāpiri i te kōrero