3. Securing

ELK is an open system. There's no authentication or authorization at any step. This means you usually need to use a zone-based approach to securing the system. However, you generally want to allow end-users to consume a dashboard. You can do this by using nginx as a proxy to elasticsearch and applying some access rules. It also lets you serve it all up on one port - useful for proxy-based security systems like WebSEAL.


Here's the basic proxy setup - without security yet - that continues to serve up pages from the root.

vim /etc/nginx/conf.d/new.conf
 
upstream elasticsearch {
    server 127.0.0.1:9200;
    keepalive 15;
  }

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        proxy_http_version 1.1;
        proxy_set_header Connection "Keep-Alive";
        proxy_set_header Proxy-Connection "Keep-Alive";
    }
    location ~ ^/_aliases$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/.*/_aliases$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/_nodes$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/.*/_search$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/.*/_mapping {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/kibana-int/dashboard/.*$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }
    location ~ ^/kibana-int/temp.*$ {
      proxy_pass http://127.0.0.1:9200;
      proxy_read_timeout 90;
    }

...
...
...


We're using WebSEAL and so ACLs are applied there. Suffice to say you can create a normal group for read access, and a modified group with the 'm' permission so it can save dashboards.

Add additional ACLS and naming conventions for indexes to limit view access.

See the below links for nginx specific security.

http://serverfault.com/questions/633609/configure-nginx-kibana-elasticsearch
http://www.elasticsearch.org/blog/playing-http-tricks-nginx/




Comments