微慑信息网

[vulsee.com] elasticsearch 8.6.2 +Search Guard 部署

由于很多插件不支持ES8.7.1,重新换回ES8.6.2 下载

1、启动ES,记录密码,启动完毕后修改密码:

超级用户密码修改:

 

2、关闭ssl:

\config\elasticsearch.yml  启动后,将自动在该文件生成配置,修改其中的

xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

 

3、安装插件Search Guard  下载

Search Guard:这是 Elasticsearch 的安全和合规性插件,也可以用于管理和监控 Elasticsearch 集群。它支持 Elastic 8,并提供了一个丰富的用户界面。

elasticsearch-plugin.bat install -b file:l:\search-guard-flx-elasticsearch-plugin-1.1.1-es-8.6.2.zip

 

PS:

卸载插件:

elasticsearch-plugin.bat remove search-guard-flx

4、配置ssl

安装插件后运行报错:

查看elasticsearch.log:

java.lang.IllegalStateException: failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:618) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:493) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:290) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:159) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.plugins.PluginsService.lambda$getPluginsServiceCtor$14(PluginsService.java:645) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:415) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:322) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) ~[elasticsearch-8.6.2.jar:?]
Caused by: java.lang.reflect.InvocationTargetException
	at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:79) ~[?:?]
	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:609) ~[elasticsearch-8.6.2.jar:?]
	... 9 more
Caused by: org.elasticsearch.ElasticsearchException: searchguard.ssl.transport.keystore_filepath or searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initTransportSSLConfig(DefaultSearchGuardKeyStore.java:371) ~[?:?]
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:222) ~[?:?]
	at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:143) ~[?:?]
	at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.<init>(SearchGuardSSLPlugin.java:219) ~[?:?]
	at com.floragunn.searchguard.SearchGuardPlugin.<init>(SearchGuardPlugin.java:256) ~[?:?]
	at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:609) ~[elasticsearch-8.6.2.jar:?]
	... 9 more

提示 :

searchguard.ssl.transport.keystore_filepath or searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is reqested.

(1)下载工具  下载 配置TSL/SSL:

sgtlstool.bat -c ..\config\example.yml  -ca -crt

 

生成证书在/out/目录:

 

(2)根据官网:https://docs.search-guard.com/latest/tls-certificates-installer

直接运行plugins\search-guard-flx\tools\install_demo_configuration.sh:

\config\elasticsearch.yml 内容 如下 :


######## Start Search Guard Demo Configuration ########
# WARNING: revise all the lines below before you go into production
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["SGS_ALL_ACCESS"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
xpack.security.enabled: false
xpack.security.autoconfiguration.enabled: false
######## End Search Guard Demo Configuration ########

但同时需要保证以下配置存在,

xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes


xpack.security.transport.ssl:
  enabled: false
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

否则会报错,(我这里是这样的情况….)

java.lang.IllegalArgumentException: Cannot have additional setting [transport.type] in plugin [x-pack-security], already added in plugin [search-guard-flx]
	at org.elasticsearch.node.Node.mergePluginSettings(Node.java:1697) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:416) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.node.Node.<init>(Node.java:322) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214) ~[elasticsearch-8.6.2.jar:?]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) ~[elasticsearch-8.6.2.jar:?]

安装完毕search guard插件之后,再次访问127.0.0.1:9200,使用ES密码无法登录,可使用admin/admin登录:

对应文件\plugins\search-guard-flx\sgconfig\sg_internal_users.yml:

 

以上操作完毕,es正常启动,在chrome中使用了插件elasticvue、Multi Elasticsearch Head

最后,ES确认耗内存:

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » [vulsee.com] elasticsearch 8.6.2 +Search Guard 部署

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册