Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set authentication in kibana

Tags:

kibana-4

kibana

Is it possible to enable authentication in Kibana in order to restrict access to a dashboard to only be accessible to particular users?

like image 782
Mangoski Avatar asked May 09 '15 10:05

Mangoski

People also ask

How do I set Kibana username and password?

Temporarily log in to Kibana using the built-in elastic superuser so you can create new users and assign roles. If you are running Kibana locally, go to https://localhost:5601 to view the login page. The password for the built-in elastic user is generated as part of the security configuration process on Elasticsearch.

How do I add authentication to Elasticsearch?

There is no built-in access control in elasticsearch. So, you would need to setup a reverse proxy (here is a blog post how to setup nginx), use one of the 3rd party elasticsearch plugins such as https://github.com/Asquera/elasticsearch-http-basic or use the official security plugin Shield.

How do I get my Kibana verification code?

You can connect to a machine where Kibana is running (such as using SSH) and retrieve a verification code that you enter in Kibana. You must run this tool on the same machine where Kibana is running.

2 Answers

Kibana itself doesn't support authentication or restricting access to dashboards.

You can restrict access to Kibana 4 using nginx as a proxy in front of Kibana as described here: https://serverfault.com/a/345244. Just set proxy_pass to port 5601 and disable this port on firewall for others. This will completly enable or disable Kibana.

Elastic also has a tool called Shield which enables you to manage security of elasticsearch. With Shield you can for example allow someone to analyze data in specific indexes with read-only permissions. https://www.elastic.co/products/shield

Edit: Elastic has an issue on github and they recommend to use Shield.

  1. Install Shield (plugin for elasticsearch) following these instructions
  2. Configure roles for Kibana users
  3. Configure Kibana to work with Shield

Remember Shield provides only index-level access control. That means user A will be able to see all dashboards but some of them will be empty (because he doesn't have access to all indices).

like image 192
Luděk Veselý Avatar answered Sep 19 '22 15:09

Luděk Veselý

Check this plugin named elasticsearch-readonlyrest. It allow easy access control, by authentication or ip/network, x-forwarded-for header and allows one to setup read-write or read-only access in kibana and limit indexes access per user. It is simple to setup and should give enough control for most people.

If more control is needed, you can use the search-guard, a free alternative to shield.

like image 30
higuita Avatar answered Sep 18 '22 15:09

higuita
Sign in to Comment

Related questions

How to create value over time line chart in Kibana 4?
Wildcard search doesn't work in Kibana
Build a Kibana Histogram with buckets dynamically created by ElasticSearch terms aggregation
Kibana: pie chart slices based on substring of a field
Representing a Kibana query in a REST, curl form
Can't create two Types to same index elasticsearch & Kibana
Logstash date parsing as timestamp using the date filter
Error: index_not_found_exception
Timestamp not appearing in Kibana
elasticsearch / kibana errors "Data too large, data for [@timestamp] would be larger than limit
Courier Fetch: shards failed
How do I create a stacked graph of HTTP codes in Kibana?
Location of custom Kibana dashboards in ElasticSearch
Kibana on Docker cannot connect to Elasticsearch
How to to log JS errors from a client into kibana?
Where does Elasticsearch store its data?
Kibana returns "Connection Failed"
kibana filter by absent substring
Can't install sense plugin for Kibana
How to add a numeric filter on kibana dashboard?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!