So I disabled all the network and http blocks.
Now i can’t authenticate, i wonder what i missed.
I changed the ::ADMIN:: block to below:
- name: “::ADMIN::“
auth_key: admin:elastic
kibana_access: admin
groups: [“admin”]
actions: [“cluster:monitor/", "cluster:admin/”, “indecies:admin/", "indecies:monitor/”, “indecies:data/", "internal:indices/”]
indices: [”*”]
And here is the elasticsearch log:
elasticsearch_1 | [2018-05-30T20:30:18,071][INFO ][t.b.r.a.b.r.i.AuthKeySyncRule] Attempting Login as: admin rc: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Authoriz
ation=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS: }
elasticsearch_1 | [2018-05-30T20:30:18,072][INFO ][t.b.r.a.b.r.i.AuthKeySha256SyncRule] Attempting Login as: admin rc: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin, BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Autho
rization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS: }
elasticsearch_1 | [2018-05-30T20:30:18,072][DEBUG][t.b.r.a.b.Block ] [::ADMIN::] the request matches no rules in this block: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin, BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip,
deflate, Authorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]] }
elasticsearch_1 | [2018-05-30T20:30:18,072][INFO ][t.b.r.a.b.r.i.AuthKeySyncRule] Attempting Login as: admin rc: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Authoriz
ation=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]] }
elasticsearch_1 | [2018-05-30T20:30:18,072][DEBUG][t.b.r.a.b.Block ] [::LOGSTASH::] the request matches no rules in this block: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding
=gzip, deflate, Authorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]] }
elasticsearch_1 | [2018-05-30T20:30:18,072][INFO ][t.b.r.a.b.r.i.AuthKeySha256SyncRule] Attempting Login as: admin rc: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Au
thorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]] }
elasticsearch_1 | [2018-05-30T20:30:18,073][DEBUG][t.b.r.a.b.Block ] [::KIBANA-SRV::] the request matches no rules in this block: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encodi
ng=gzip, deflate, Authorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key_sha256->false]] }
elasticsearch_1 | [2018-05-30T20:30:18,073][INFO ][t.b.r.a.b.r.i.AuthKeySha256SyncRule] Attempting Login as: admin rc: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Au
thorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key_sha256->false]] }
elasticsearch_1 | [2018-05-30T20:30:18,073][DEBUG][t.b.r.a.b.Block ] [::CEREBRO-SRV::] the request matches no rules in this block: { ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encod
ing=gzip, deflate, Authorization=Basic YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key_sha256->false]], [::
CEREBRO-SRV::->[auth_key_sha256->false]] }
elasticsearch_1 | [2018-05-30T20:30:18,074][DEBUG][r.suppressed ] path: /_search, params: {}
elasticsearch_1 | tech.beshu.ror.es.IndexLevelActionFilter$1$1: Forbidden by ReadonlyREST ES plugin
elasticsearch_1 | at tech.beshu.ror.es.IndexLevelActionFilter$1.onForbidden(IndexLevelActionFilter.java:175) ~[?:?]
elasticsearch_1 | at tech.beshu.ror.acl.ACL.lambda$check$3(ACL.java:194) ~[?:?]
elasticsearch_1 | at java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602) ~[?:1.8.0_161]
elasticsearch_1 | at java.util.concurrent.CompletableFuture.uniApplyStage(CompletableFuture.java:614) ~[?:1.8.0_161]
elasticsearch_1 | at java.util.concurrent.CompletableFuture.thenApply(CompletableFuture.java:1983) ~[?:1.8.0_161]
elasticsearch_1 | at tech.beshu.ror.acl.ACL.check(ACL.java:189) ~[?:?]
elasticsearch_1 | at tech.beshu.ror.es.IndexLevelActionFilter.handleRequest(IndexLevelActionFilter.java:170) ~[?:?]
elasticsearch_1 | at tech.beshu.ror.es.IndexLevelActionFilter.lambda$apply$2(IndexLevelActionFilter.java:142) ~[?:?]
elasticsearch_1 | at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_161]
elasticsearch_1 | at tech.beshu.ror.es.IndexLevelActionFilter.apply(IndexLevelActionFilter.java:138) ~[?:?]
elasticsearch_1 | at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.client.support.AbstractClient.search(AbstractClient.java:535) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.rest.action.search.RestSearchAction.lambda$prepareRequest$1(RestSearchAction.java:78) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:80) ~[elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at tech.beshu.ror.es.ReadonlyRestPlugin.lambda$null$3(ReadonlyRestPlugin.java:146) ~[?:?]
elasticsearch_1 | at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:262) [elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:200) [elasticsearch-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.http.netty4.Netty4HttpServerTransport.dispatchRequest(Netty4HttpServerTransport.java:505) [transport-netty4-client-5.6.9.jar:5.6.9]
elasticsearch_1 | at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:80) [transport-netty4-client-5.6.9.jar:5.6.9]
elasticsearch_1 | at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at org.elasticsearch.http.netty4.pipelining.HttpPipeliningHandler.channelRead(HttpPipeliningHandler.java:68) [transport-netty4-client-5.6.9.jar:5.6.9]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:284) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1273) [netty-handler-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1084) [netty-handler-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) [netty-codec-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.13.Final.jar:4.1.13.Final]
elasticsearch_1 | at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
elasticsearch_1 | [2018-05-30T20:30:18,090][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:1893997326–1636441645#136, TYP:SearchRequest, CGR:N/A, USR:admin(?), BRS:true, KDX:null, ACT:indices:data/read/search, OA:172.18.0.1, DA:172.18.0.2, IDX:, MET:GET, PTH:/_search, CNT:<N/A>, HDR:{Accept=/, accept-encoding=gzip, deflate, Authorization=Basi
c YWRtaW46ZWxhc3RpYw==, cache-control=no-cache, Connection=keep-alive, content-length=0, Host=localhost:9200, Postman-Token=0f712738-80ee-49c0-88fb-94c235ec1f66, User-Agent=PostmanRuntime/7.1.5}, HIS:[::ADMIN::->[groups->false, auth_key->true]], [::LOGSTASH::->[auth_key->false]], [::KIBANA-SRV::->[auth_key_sha256->false]], [::CEREBRO-SRV::->[auth_key_sha256->fals
e]] }