Xpack configuration in ELK stack

 

What is Xpack?

Elastic Stack, often known as ELK (Elasticsearch, Logstash, and Kibana), is a collection of extensions known as X-Pack. The Elastic Stack’s functionality is improved by X-Pack’s new features and capabilities, increasing its adaptability to a wider range of use scenarios

How to enable minimal security in ELK using xpack

Stop elasticsearch and kibana

systemctl stop elasticsearch
systemctl stop kibana

stop services

Edit elasticsearch.yml in /etc/elasticsearch and add,
xpack.security.enabled: true as shown below

nano /etc/elasticserach/elasticsearch.yml

xpack.security.enabled: true

Start elasticsearch and check status using,

systemctl start elasticsearch
systemctl status elasticsearch

Starting elasticsearch

Try to connect to elasticsearch from the browser using http://<IP>:9200, as note that a login page will be prompted.

accessing elasticsearch

Now change the directory to /usr/share/elasticsearch/bin

cd /usr/share/elasticsearch/bin

To generate random passwords for all usernames, we can use auto or else if we want to set own passwords we can use interactive command.
For the current scenario let’s use auto for generating random password, using

./elasticsearch-setup-passwords auto

generating passwords

Save the generated passwords with the usernames in a text file.

Now let’s change the directory to /etc/kibana and add elasticsearch.username and elasticsearch.password in kibana.yml file.

nano /etc/kibana/kibana.yml

Don’t change the username let it be the default one, copy and paste the password of the username.

kibana configuration

Now start and check the status kibana service.

systemctl start kibana
systemctl status kibana

starting kibana

Now go to the browser and access the kibana dashboard using,
http://<IP>:5601 there will be a login page displayed once Kibana server is ready.

kibana dashboard

Supply the username as “elastic” and password as the generated password.

With this we complete our xpack minimal security configuration.

You can find the step-by-step video:

Subscribe to our YouTube channel. https://www.youtube.com/@CyberToolGuardian/featured

Follow us on Instagram.
https://instagram.com/cybertoolguardian

Comments

Post a Comment

Popular posts from this blog

Zeek Installation in Ubuntu

Image
What is Zeek? An open-source protocol analyzer and network security monitoring tool, Zeek was once known as Bro. It is intended to assist enterprises with real-time network traffic monitoring and analysis, offering information on network activity, potential security risks, and performance concerns. Due to its effectiveness in swiftly capturing and processing network data, Zeek is especially well-liked among cybersecurity experts and network managers. How to install Zeek in Ubuntu? Update and upgrade the Ubuntu using apt. sudo apt-get update sudo apt-get upgrade Download the Zeek source code from the official website ( https://zeek.org/get-zeek/ ). Zeek offical download page Install dependencies using the below command. sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3-dev swig zlib1g-dev Dependencies installation Once all the dependencies are installed change the directory to the path where the Zeek source code file is downloaded and unzip the file. cd D...
Read more

What is ELK and Installing ELK stack (elasticsearch, logstash, kibana) in Ubuntu

Image
   What is ELK Stack The ELK stack is a collection of three open-source tools — Elasticsearch, Logstash, and Kibana — that work together to collect, store, and analyze data. Here is how each tool works: Elasticsearch : Elasticsearch is a search and analytics engine that provides a distributed, real-time search and analytics platform. It stores data in a distributed index, which allows for fast, real-time search and analysis of data. Elasticsearch is highly scalable, and it can handle a large volume of data with ease. Logstash : Logstash is a data pipeline that collects, filters, and transforms data from different sources before sending it to Elasticsearch. It can collect data from different sources such as log files, databases, and message queues. Logstash can also perform data transformation and filtering to ensure that only the relevant data is sent to Elasticsearch. Kibana : Kibana is a data visualization tool that allows users to create dashboards, visualizations, and repo...
Read more

Sending Zeek logs to ELK using Filebeats

Image
Before sending logs we must modify local.zeek file and add the below line at the end of the file. @load policy/tuning/json-logs.zeek Use the find command to find local.zeek file. find / -name local.zeek local.zeek path Now copy the path and edit the file using nano and add the line. local.zeek Save and exit from editor, now check the configuration of zeekctl sudo zeekctl check zeekctl check Once the you get zeek scripts are ok, deploy zeekctl sudo zeekctl deploy zeekctl deploy Go to the zeek logs path directory which is /usr/local/zeek/logs/current. Check if logs are generated properly. logs Go to Kibana dashboard head over to integration section and search for zeek, in the integration page on bottom right go to “Also available in Beats”. You will be redirected to Filebeats Zeek integration page. Copy the commands from the Step1 and open new terminal window and run the commands. Which will download and extract the filebeats. Now edit the filebeat.yml file, change the paths to the zeek ...
Read more