Secure logstash and elasticsearch

apache-2.2 logging elasticsearch logstash
6,864

If you use later versions of Logstash with Kibana:

I deploy Kibana into a virtual host in an Apache at /kibana/ and route the Elasticsearch API through a reverse proxy such that is available at /elasticsearch/:

<Location /elasticsearch/>
    ProxyPass http://elasticsearchhost:9200/
    ProxyPassReverse /
</Location>

You need to adapt Kibanas config.js to

elasticsearch: "/elasticsearch/",

Then the virtual host can be secured via HTTP Basic Authentication, which applies automatically to both Kibana and the Elasticsearch API.

What still worries me is that the users of Kibana could also use the Elasticsearch API to do nasty things like dropping indizes, shutting down Elasticsearch servers and so forth - for instance with the elasticsearch head. But I don't have a good solution to that problem so far. Probably one could generally allow GETs to /elasticsearch/ since in REST GETs cannot change anything, but other HTTP methods to only specific URLs which are important for Kibana.

Share:
6,864

Related videos on Youtube

CoBaLt2760
Author by

CoBaLt2760

Hello World!

Updated on September 18, 2022

Comments

  • CoBaLt2760
    CoBaLt2760 over 1 year

    I'm considering running logstash on my prod server (simple install. http://logstash.net/docs/1.1.13/tutorials/getting-started-simple) and set kibana to access logs.

    My concern is: how to secure my prod logs (especially elasticsearch which is run by logstash), and restrain access with secure zone or to some ips ?

    Thanks for your help on that

    • dawud
      dawud almost 11 years
      You can add some rules to your iptables.
    • CoBaLt2760
      CoBaLt2760 almost 11 years
      What do you mean ? Authorizing only 9200 port (elasticsearch) to be open to the server IP itself (for kibana apache vhost) ?
    • dawud
      dawud almost 11 years
      Can you please add more detail to your question with regards to the actual architecture you have planned? (how many servers involved, where will the typical elements of the logstash/kibana stack be deployed), do you already have SELinux, iptables, any other security measure in place?
  • hookenz
    hookenz over 6 years
    Link out of date.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Grok formatting for a custom timestamp
Logstash not reading file input
How to remove an event from logstash?
Why do people ship logs to Logstash with NXLog and not Logstash itself?
Elasticsearch index much larger than the actual size of the logs it indexed?
Foward slash in kibana 3 query
Which Serilog sink to use for sending to Logstash?
How to remove all fields with NULL value in Logstash filter
LogStash unable to retrieve license information from license. Response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/_xpack'
Can't find logs in Elastic search docker container