elasticsearch相关

                    如何修改elasticsearch密码

 

 

    一 前言

        客户环境上面的ES在渗透扫描的时候发现了elasticsearch对其访问未作任何相关的安全策略,需要指定策略

 

    二 查看配置文件elasticsearch.yml部分内容如下所示

# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

#xpack.security.enabled: true
#xpack.license.self_generated.type: basic
#xpack.security.transport.ssl.enabled: true

   

   三 已经注视掉了认证相关,需要将如上红色的部分注释

# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

  并且重启ES

systemctl restart elasticsearch

 

   四 之后找到ES的安装位置

[root@ECP-HK-1 elasticsearch]# systemctl cat elasticsearch
# /usr/lib/systemd/system/elasticsearch.service
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
........
ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet

 

   五 执行修改密码命令(当存在密码的时候可能会报错,这个后面告诉你怎么处理)

[root@ECP-HK-1 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [/opt/daho/oraclejdk/jdk1.8.0_91/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

 

  六 之后分别尝试使用有密码和无密码的方式进行登陆

[root@ECP-HK-1 elasticsearch]# curl localhost:9200
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@ECP-HK-1 elasticsearch]#

[root@ECP-HK-1 elasticsearch]# curl localhost:9200 -u elastic:{xxxxxx}
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}[root@ECP-HK-1 elasticsearch]# curl localhost:9200 -u elastic:Zenlayer+1
{
  "name" : "node-x",
  "cluster_name" : "xxxxxxxx",
  "cluster_uuid" : "xxxxxxxx",
  "version" : {
    "number" : "7.9.0",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667",
    "build_date" : "2020-08-11T21:36:48.204330Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

 

  七  如果你记得之前密码的话还可以通过这种方式来修改密码

curl -XPOST -u elastic "localhost:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d'{"password" : "xxxxxxxx"}'

 

  八 如果你记不住密码了或者在第五步骤卡住了,那么接下来的操作就会帮助你成功的修改ES的密码

 

    8.1  执行下面命令之后重复第一步到第五步

[root@ECP-HK-1 elasticsearch]# curl -XGET "localhost:9200/_cat/indices" -H 'Content-Type: application/json'
green  open .security-7 vmk9A-hrQYWsfn5fW9agiQ 1 0  7 0  25.4kb  25.4kb
yellow open audit       E2IXUx_PRtyw3J0vPXHfWQ 5 1 51 0 295.4kb 295.4kb

[root@ECP-HK-1 elasticsearch]# curl -XDELETE http://localhost:9200/.security-7
{"acknowledged":true}

 

posted @ 2021-03-24 15:11  伊铭(netease)  阅读(879)  评论(0编辑  收藏  举报