download search-guard-suite-plugin-7.9.1-45.1.0.zip
/usr/share/elasticsearch/bin/elasticsearch-plugin install -b file:/home/elastic/upgrades/search-guard-suite-plugin-7.9.1-45.1.0.zip
/home/elastic/upgrades/tlstool/unzip search-guard-tlstool-1.8\ \(1\).zip - a tool to create internal cluster certificates
./sgtlstool.sh -c tls-prd-config.yml -ca -crt - use tlsconfig.yml to generate internal certificates
put relevant certificates in /etc/elasticsearch/certs/
run /usr/share/elasticsearch/plugins/search-guard-7/tools/install_demo_configuration.sh
edit /etc/elasticserach/elasticsearch.yml install relevant internal & external certificates and passwords accordingly
edit /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml - configure JWT , LDAPS
after install SG and loading the configurations made into ES we can restart the system and login to kibana
sgadmin script usage :
-------------
load sg_config.yml changes INTO es
-----------------------------------------
/usr/share/elasticsearch/plugins/search-guard-7/tools/sgadmin.sh -cacert /home/elastic/upgrades/tlstool/tools/out/root-ca.pem -cert /home/elastic/upgrades/tlstool/tools/out/admin.pem -key /home/elastic/upgrades/tlstool/tools/out/admin.key -keypass <password-from-client-readme-file> -nhnv -icl -f /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/sg_config.yml
load ALL config folder changes INTO es
-----------------------------------------
/usr/share/elasticsearch/plugins/search-guard-7/tools/sgadmin.sh -cacert /home/elastic/upgrades/tlstool/tools/out/root-ca.pem -cert /home/elastic/upgrades/tlstool/tools/out/admin.pem -key /home/elastic/upgrades/tlstool/tools/out/admin.key -keypass <password-from-client-readme-file> -nhnv -icl -ca /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/
backup sg config FROM es
----------------------------
/usr/share/elasticsearch/plugins/search-guard-7/tools/sgadmin.sh -cacert /home/elastic/upgrades/tlstool/tools/out/root-ca.pem -cert /home/elastic/upgrades/tlstool/tools/out/admin.pem -key /home/elastic/upgrades/tlstool/tools/out/admin.key -keypass <password-from-client-readme-file> -nhnv -icl -backup ./
Restart ES
systemctl restart elasticsearch.service
go into https://kibana:9200 login with admin user
check monitor https://kibana.host.com:5601/app/monitoring#/ - to get cluster overview
goto sg admin tab - add roles & role mappings as needed
take notice to add LDAP roles accordingly
checks:
--------
check JWT
------------
curl -i -k --insecure https://elastic:9200/ -H "Authorization: Bearer <jwt.io cypher according to JWT private and public keys served by supplier>"
check LDAPS connection and get user LDAP conf via SG
--------------------------------------------------------
curl -k 'https://localhost:9200/_searchguard/authinfo?pretty' -u <username>