Secure logstash and elasticsearch

apache-2.2 logging elasticsearch logstash

If you use later versions of Logstash with Kibana:

I deploy Kibana into a virtual host in an Apache at /kibana/ and route the Elasticsearch API through a reverse proxy such that is available at /elasticsearch/:

<Location /elasticsearch/>
    ProxyPass http://elasticsearchhost:9200/
    ProxyPassReverse /
</Location>

You need to adapt Kibanas config.js to

elasticsearch: "/elasticsearch/",

Then the virtual host can be secured via HTTP Basic Authentication, which applies automatically to both Kibana and the Elasticsearch API.

What still worries me is that the users of Kibana could also use the Elasticsearch API to do nasty things like dropping indizes, shutting down Elasticsearch servers and so forth - for instance with the elasticsearch head. But I don't have a good solution to that problem so far. Probably one could generally allow GETs to /elasticsearch/ since in REST GETs cannot change anything, but other HTTP methods to only specific URLs which are important for Kibana.

Related

Recipient receives mail not addressed to them
Is there any way to synchronize AD users with Office 365 but still be able to edit them online?
Combining RoboCopy with FtpUse
Hiera lookup based on pattern
Chosing the right CAT6 cable type (STP FTP UTP)
Emulate Stack Overflow's inline code span formatting in Microsoft Outlook
smbpasswd command not found on MacOS High Sierra
How to copy files and create hardlinks instead of copying when files are identical
Change an image in Gimp with a gradient like a shiny button or sticker tab
Windows method to detect ARP Poisoning in my local network (LAN)?
Is there a way to toggle the Windows "compress this drive" command through a command prompt?
Cannot login to Kali Linux