安全运维笔记


elk安装ssl认证

<p>1-1.配置/etc/hosts文件(单机) 如果是集群第二台不需要kibana.local和logstash.local <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/3015201088fe16e9cc608cf0eeb982ae" alt="" /></p> <p>1-2.在node1上创建SSL证书 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/2e70812878a6b5536d6fa449f18d5f65" alt="" /></p> <p>1-3.创建实例yaml(单机) 如果是集群要多添加node <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/43a4e112d67afcb4e028c558abf582d3" alt="" /><img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/7e13f1f0f5d75e9527793a021f6aea3b" alt="" /></p> <p>1-4.生成CA和服务器证书 ./elasticsearch-certutil cert ca —pem —in /tmp/cert_blog/instance.yml —out /tmp/cert_blog/certs.zip 1-5.将 cert 文件复制到 config 文件夹 进入elasticsearch的config目录 mkdir certs cp /tmp/cert_blog/certs/ca/ca.crt /tmp/cert_blog/certs/node1/* cert 配置elasticsearch.yml <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/e25ccf0a634f7e7f99f9685db11402d3" alt="" /> 启动elasticsearch 2-1.node1上为kibana加认证 将1-4生成的证书拷贝到kibana/config/certs中 2-2.配置kibana.yml <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/dafcd9b327a85b500eb643f720f41296" alt="" /></p> <p>3-1.在node1为logstash启用 创建文件夹并复制证书,将ca和.crt,.key文件复制到logstash/config/certs目录下:利用openssl将.key转化为TLSPKCS#8 格式 openssl pkcs8 -in config/certs/logstash.key -topk8 -nocrypt -out config/certs/logstash.pkcs8.key</p> <p>3-2.配置logstash.yml <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/3ed818b29e51bcaa922798b6f7742a8e" alt="" /></p> <p>3-3.创建syslog.conf文件 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/3290a769f6bde1ab6acad72a346580d2" alt="" /></p> <p>3-3.创建syslog.conf文件</p> <p><img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/dc0f6cd91e163eebb2561a1c2565f1e5" alt="" /> 4-1.效果 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/ede3cec17d17fe7f3f04feef51d99263" alt="" /></p> <p>4-2.索引正常 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/39336aa65a837cbe03106e2bae42df1c" alt="" /></p> <p>4-3.es日志正常 <img src="https://www.showdoc.com.cn/server/api/attachment/visitfile/sign/0e96960e4b37d92542c3557118f1fd72" alt="" /> 5-1.参考链接 <a href="https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash">https://www.elastic.co/cn/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash</a></p>

页面列表

ITEM_HTML