Securing "elastic" user with ReadonlyRest

joasilva (João M Da Silva) 2017-11-22 08:34:17 UTC #1

Hi all!

Just a very basic question: is it possible to define a password for the default “elastic” user with ReadonlyRest?

And if yes, how would one have to configure elasticsearch.yml? Would it be something like:

readonlyrest:
    users:

    - username: elastic
    auth:key: elastic:elasticpasswd

Cheers,

João

sscarduzio (Simone Scarduzio) 2017-11-22 16:46:58 UTC #2

You can protect the whole Elasticsearh REST API with a single HTTP Basic Auth login with a single rule, yes.

readonlyrest:    
    # audit_collector: true    
    access_control_rules:
    - name: "Global Access"
      auth_key: "elastic:changeme"
      verbosity: "error"

The verbosity rule is to only log requests with bad credentials.
Optionally, you can enable the audit collector to log malicious requests into an index, so you can make graphs in Kibana.
Remember though that this is a very weak solution, until you also use SSL, which conveniently, ROR supports.

joasilva (João M Da Silva) 2017-11-24 14:30:29 UTC #3

That’s very nice Simone, I’ll try it out